Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware problem - Infostealer.sniful infection [Solved]

Infostealer.snifula

  • This topic is locked This topic is locked

#16
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

New logs! :spoton:


Very good! :thumbsup:

I'm looking over the logs right now, but I need to ask a question: When you ran the Microsoft Fixit to get rid of the Windows Sidebar, did you reboot the machine before running the OTL fix?

Let me know, and I'll post back instructions soon.
  • 0

Advertisements


#17
charrascan

charrascan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

No I didn't.


  • 0

#18
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Ok, I was talking with one of my colleagues about what had happened with the icons and he says that's happened before when there is no reboot. We'll reboot the machine after the Windows FixIt, and that should ensure we don't have that problem again. :thumbsup:

I'll have instructions shortly. :)
  • 0

#19
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello, we have some work to do, so let's get started. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Windows Sidebar and Program Uninstall


Please uninstall the following program from your computer as it is a malware related program: Browser Protect


Windows Sidebar

You have Windows Sidebar running on your machine and it is known to have some security problems. Microsoft Corporation has an article about these issues, and you can read it by clicking here . Please disable it by using Fix It.

You can download Fix It by clicking here.

Once completed, reboot the machine before executing the rest of the steps. :thumbsup:


Step 2: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg


:Commands
[createrestorepoint]

:OTL
SRV - [2013/03/22 02:33:34 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BrowserProtect\srvBrowserProtect.exe -- (srvBrowserProtect)
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://en.eazel.com/...q={searchTerms}
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-1510572874-1796251914-533295934-1000..\Run: [EPSON TX120 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGGL.EXE /FU "C:\windows\TEMP\E_SAE87.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O33 - MountPoints2\{569aa998-97fe-11e2-a82c-3859f9f80e57}\Shell - "" = AutoRun
O33 - MountPoints2\{569aa998-97fe-11e2-a82c-3859f9f80e57}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{569aa9b3-97fe-11e2-a82c-3859f9f80e57}\Shell - "" = AutoRun
O33 - MountPoints2\{569aa9b3-97fe-11e2-a82c-3859f9f80e57}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

:Files
C:\Program Files (x86)\BrowserProtect
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c


:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 3: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 5: Fresh OTL Scan
  • Start OTL and this time click the Quick Scan button
  • OTL will scan your system and produce one log when finished.
  • Please post that log in your next reply.
Things I need to see in your next post:

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

Fresh OTL Scan Log

  • 0

#20
charrascan

charrascan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hi,

 

1) OTL Fix Log

 

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named srvBrowserProtect was found to stop!
Service\Driver key srvBrowserProtect not found.
C:\Program Files (x86)\BrowserProtect\srvBrowserProtect.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-1510572874-1796251914-533295934-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1510572874-1796251914-533295934-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON TX120 Series deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{569aa998-97fe-11e2-a82c-3859f9f80e57}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{569aa998-97fe-11e2-a82c-3859f9f80e57}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{569aa998-97fe-11e2-a82c-3859f9f80e57}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{569aa998-97fe-11e2-a82c-3859f9f80e57}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{569aa9b3-97fe-11e2-a82c-3859f9f80e57}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{569aa9b3-97fe-11e2-a82c-3859f9f80e57}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{569aa9b3-97fe-11e2-a82c-3859f9f80e57}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{569aa9b3-97fe-11e2-a82c-3859f9f80e57}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LaunchU3.exe -a not found.
========== FILES ==========
C:\Program Files (x86)\BrowserProtect folder moved successfully.
< netsh advfirewall reset /c >
Aceptar
C:\Users\PILAR\Desktop\cmd.bat deleted successfully.
C:\Users\PILAR\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Aceptar
C:\Users\PILAR\Desktop\cmd.bat deleted successfully.
C:\Users\PILAR\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: PILAR
->Temp folder emptied: 177129136 bytes
->Temporary Internet Files folder emptied: 235393765 bytes
->Google Chrome cache emptied: 403227075 bytes
->Apple Safari cache emptied: 96966656 bytes
->Flash cache emptied: 2165 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8281266 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50667 bytes
RecycleBin emptied: 8018543 bytes
 
Total Files Cleaned = 886,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 05302014_201914
 
Files\Folders moved on Reboot...
C:\Users\PILAR\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 

2) AdwCleaner Log

 

 

# AdwCleaner v3.211 - Reporte Creado 30/05/2014 en 20:33:45
# Actualizado 26/05/2014 por Xplode
# Sistema Operativo : Windows 7 Home Basic Service Pack 1 (64 bits)
# Nombre de usuario : PILAR - PILAR-PC
# Ejecutado desde : C:\Users\PILAR\Desktop\AdwCleaner.exe
# Opción : Limpiar
 
***** [ Servicios ] *****
 
 
***** [ Archivos / Carpetas ] *****
 
Carpeta Borrar : C:\ProgramData\Partner
Carpeta Borrar : C:\Users\PILAR\AppData\Roaming\Systweak
 
***** [ Accesos directos ] *****
 
Acceso directo Desinfectado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
 
***** [ Registro ] *****
 
Clave Borrar : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Clave Borrar : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Clave Borrar : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EBD839AE-B08C-4FB7-859B-F54AF16C159F}
Clave Borrar : HKCU\Software\AppDataLow\Software
Clave Borrar : HKLM\Software\Vittalia
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Google Chrome v34.0.1847.131
 
[ Archivo : C:\Users\PILAR\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1563 octets] - [30/05/2014 20:32:46]
AdwCleaner[S0].txt - [1266 octets] - [30/05/2014 20:33:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1326 octets] ##########
 

3) Junkware Removal Tool Log

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Basic x64
Ran by PILAR on 30/05/2014 at 20:47:41.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{023B0803-6F19-418A-ADC1-F61398745284}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{04EAE75A-3FE3-4B98-B84B-82DED4A46A0D}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{09C0B575-2364-4C18-AB7D-313265BA3ECD}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{0C9DC36E-AEED-4057-9573-24548D52F556}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{0E023123-4F89-4027-9F29-63893FE5561D}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{0E1F0FB0-89A1-4C69-A0ED-2E82E93B7137}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{0FF001CB-FDB0-4285-A37B-8FA52C740E33}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{11462C58-4007-4B43-B2BF-D24A97AF282F}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{12451440-208F-4883-856E-50A45435A56E}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{12F107A2-C1DB-4A0D-86A5-F327634C4135}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{130101BB-ADBF-4261-BCCE-9E43F18EC091}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{16867508-9C5E-4041-B19B-2A6D34537B1B}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{1C060B80-D5A5-4A37-B880-CDFA1EC40CBA}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{256FC179-F2EB-4DAF-8339-4C7F04978279}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{262B54DE-C74A-4FCE-9DB3-7C1DC9827ADC}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{2EACCFD2-F304-4F33-9DB1-177BDA5C5900}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{35D64B96-65C6-438B-B039-5157A96AB85B}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{361128A7-59A0-4DD0-BFF4-D2DD173C0B21}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{3BE99ACE-2AB2-4F95-B67A-3807DE3AFAD4}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{3CB83C87-55EE-4792-8AD1-0AA6B5A7D56C}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{3F24A859-5F17-43B7-A91A-675E06E12572}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{4218C175-9254-4282-A586-95BAB7F7C9F7}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{45DACC88-71FD-4739-985A-05417CDE3E05}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{46DD524F-32F3-425A-8D00-B6A58BC9AD01}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{46EB0FEA-D505-41E9-A668-AF381F1A45F2}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{4D6583F8-8B43-41E0-AFDE-4CE94FD52CFE}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{500A3755-3832-4620-9A0E-20C5BD6E7435}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{560925AD-83CE-4B4F-AE51-D9DC5D58599D}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{5C5C76C2-F0AB-4253-8466-1CF262A9B0FF}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{5D4B9060-667C-4C33-A1C7-1F0DC945A8E3}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{609A76B2-50AF-4887-95E7-665F2A7D749A}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{67E98594-7D81-47AB-907A-FE37C934216F}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{6A59F009-B73E-49AA-AD07-57874269B892}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{6C2372CD-A104-4C44-AB3B-460C6D27471B}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{6F076D24-4DD8-44B4-8189-A85D38D8E18B}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{741C655F-E0C9-4BB0-834C-82B7471592AC}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{75806073-9B53-4AF9-A006-390C20A43FFC}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{7643C419-6F5D-4BBF-BDFC-10CA6459EEF5}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{7FC9997B-9F8C-4576-BA8D-D2EE6EF077E4}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{83846B97-767A-4FC7-B0BE-92C3F5327B91}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{8715E462-91E8-4BFE-9C94-A6F6FCDB389A}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{87EA54E1-A68B-4191-B4DD-61C409FAD6F6}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{93C29984-9682-4BFC-A0E6-3D2FC136BC31}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{93C4F82E-29BE-4A90-A1B1-8A36FB873BF3}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{9449CA3B-6C6D-42A0-B47A-C2ACA1F8A36A}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{9503646A-75D8-4718-A6AA-D4900BF1C968}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{96F08F04-1EB8-42AD-9BC4-58DD4B1D98A9}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{97B00C90-5382-46A2-8DBA-4EE7969AEFEE}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{9ACD4625-8192-46F5-8196-1F5554B56261}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{9C8AB687-007F-4B5A-A27C-E646BCA80FDB}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{9F82279A-BF56-47D6-BD1E-4CE7830822F8}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{A0BD9A6B-837B-4A61-B2F1-51F7287562AD}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{A1951B81-37C0-4169-931A-4220B2E592D5}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{A5B5D6BC-02B5-4B16-B71D-FDA13EE81948}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{A6DCFD6E-CFF5-43AE-B268-309DCA80EFCC}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{A6E35E3B-B6FF-4F5A-979A-2F91260A0384}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{ABB04979-EA7F-41FB-B1D8-53DD04D54F96}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{B4E85CA1-3204-43C0-A6EF-27F2C234BB37}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{B59B7293-2D6C-46EF-B9CD-E927C068DD95}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{B7974402-34E2-405D-A284-C6B1C8FCCE88}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{B9A2BF1A-B135-4176-8F17-3B1D8A1EF457}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{BA67A4C9-B603-48CC-8DBF-952680F4E117}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{BE309765-6A6C-4722-9D89-1681C3FE0655}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{C0DB6F01-D31C-436B-A014-F4837C2DB9D0}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{C1AC05A6-8705-4B31-82A2-38D0F80DB57B}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{C49D50B9-FE25-430A-87DF-22DB5277C484}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{CB577A16-FF3E-41C3-B4B1-32E394B9F091}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{CBC203DD-CBC9-4C50-9818-92E9506C752B}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{CDE405C7-B184-4C4F-B8CD-7CC568BB46D8}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{CFFDD733-C735-4B57-9C72-B9DB738A36C8}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{D122CA45-6B39-4B7D-B651-BC72F50BCC3E}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{D22D2C25-DA0E-4342-AB73-7060F968CCE6}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{D55A412C-0778-4326-B7A8-B83856EDBB08}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{D85ECE96-2B5F-4614-B4B1-33708328C4F7}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{E2C294DF-6F4A-424D-AE0C-62DAB78498C1}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{E41727CA-1E9E-4BD4-B20C-271A393AEE7C}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{E4490426-8F32-4219-9B82-FBA9B27F0741}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{E4B79B05-036C-44DD-B944-5A71C1BFEF65}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{E7A2D112-3922-416C-8D21-32C586BA4595}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{EEFC777A-0CCF-4D13-90CC-C6F0973A3098}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{EF1A684E-455A-455D-BDA7-E449D505E75F}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{F04EF7ED-CB92-4640-920A-012AEE452BF9}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{F2C9657A-C698-4F17-BF18-560DDFE256C3}
Successfully deleted: [Empty Folder] C:\Users\PILAR\appdata\local\{FFC5B8DB-0D82-49FB-945D-1B329D5FF095}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/05/2014 at 20:54:38.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

4) Fresh OTL Scan Log

 

 

OTL logfile created on: 30/05/2014 20:59:08 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PILAR\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000c0a | Country: México | Language: ESM | Date Format: dd/MM/yyyy
 
3,95 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 69,58% Memory free
7,89 Gb Paging File | 6,59 Gb Available in Paging File | 83,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 377,23 Gb Free Space | 89,43% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,56 Gb Free Space | 91,59% Space Free | Partition Type: NTFS
 
Computer Name: PILAR-PC | User Name: PILAR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/30 18:14:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PILAR\Desktop\OTL.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2013/12/25 19:26:31 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\PILAR\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/04/25 11:36:36 | 002,388,336 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2012/04/24 21:18:16 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
PRC - [2011/09/15 07:13:18 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011/06/15 06:46:52 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
PRC - [2011/02/18 03:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/18 03:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/28 18:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/12/20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/14 13:04:58 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Archivos de programa\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/02/02 19:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/30 20:06:32 | 011,922,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll
MOD - [2014/05/30 20:06:21 | 000,774,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/03/25 09:46:45 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ad6e1822cef18d4543465d225d4f6cb6\IAStorCommon.ni.dll
MOD - [2014/03/02 11:19:52 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/03/02 11:19:46 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/03/02 11:19:39 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/03/02 11:19:36 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/03/02 11:19:23 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/03/02 11:19:19 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/03/02 11:19:14 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/07/08 07:49:47 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2012/04/24 21:18:24 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
MOD - [2012/04/24 21:18:06 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll
MOD - [2011/09/15 07:13:17 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2010/11/12 18:35:42 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/06 03:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/05/14 17:36:45 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/02/18 03:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/14 13:04:56 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Archivos de programa\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/09/22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/21 09:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/12/09 16:19:23 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/15 07:23:21 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/09/15 07:23:18 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/09/15 07:20:46 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/09/15 07:20:46 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/09/14 22:29:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/14 22:29:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/14 22:51:18 | 000,250,752 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/04/07 20:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/25 05:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/02/18 03:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/13 23:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/28 18:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/12/14 22:13:32 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/12/14 22:13:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/14 22:13:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/14 22:13:08 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/14 22:13:08 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/28 05:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/10/21 01:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/30 03:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/08/20 22:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/08/16 04:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt)
DRV:64bit: - [2009/10/21 18:16:54 | 000,243,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/10/12 16:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/09/10 16:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/21 09:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/05/30 18:05:22 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20140530.017\ex64.sys -- (NAVEX15)
DRV - [2014/05/30 18:05:22 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20140530.017\eng64.sys -- (NAVENG)
DRV - [2014/05/29 15:49:26 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20140529.002_a2d\IDSviA64.sys -- (IDSVia64)
DRV - [2014/05/10 01:12:10 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20140510.001_9a3\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/21 12:07:41 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/21 12:07:40 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFF [2014/05/30 17:52:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2014/05/30 20:35:32 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Primer usuario (Disabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Skype Click to Call = C:\Users\PILAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: Google Wallet = C:\Users\PILAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/05/30 20:21:31 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Spotify] C:\Users\PILAR\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\PILAR\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Enviar a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA103418-4FF2-4544-B889-D406AB2E0BA9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E71BC1E0-8873-4CB5-A126-325E1CD95626}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/30 20:47:39 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/05/30 20:46:42 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\PILAR\Desktop\JRT.exe
[2014/05/30 20:33:01 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/05/30 20:32:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/30 19:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/30 18:14:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\PILAR\Desktop\OTL.exe
[2014/05/30 18:05:15 | 000,000,000 | ---D | C] -- C:\Users\PILAR\AppData\Roaming\Tific
[2014/05/30 18:05:14 | 000,000,000 | ---D | C] -- C:\Users\PILAR\AppData\Local\Symantec
[2014/05/30 17:07:17 | 000,000,000 | ---D | C] -- C:\Users\PILAR\Google Drive
[2014/05/30 13:06:53 | 000,000,000 | ---D | C] -- C:\Users\PILAR\AppData\Local\Programs
[2014/05/30 13:00:17 | 000,000,000 | ---D | C] -- C:\Users\PILAR\AppData\Local\ElevatedDiagnostics
[2014/05/30 10:09:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/29 13:52:33 | 000,000,000 | ---D | C] -- C:\Users\PILAR\Documents\Directorio de intercambio Bluetooth
[2014/05/29 11:46:02 | 000,000,000 | ---D | C] -- C:\Users\PILAR\Documents\TELMEX
[2014/05/20 20:05:49 | 000,000,000 | ---D | C] -- C:\Users\PILAR\Desktop\Facturas-Ingresos-2014
[2014/05/20 20:00:04 | 000,000,000 | ---D | C] -- C:\Users\PILAR\Desktop\Facturas-Egresos-2014
[2014/05/07 07:31:39 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/30 20:46:44 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\PILAR\Desktop\JRT.exe
[2014/05/30 20:43:17 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/30 20:43:17 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/30 20:40:24 | 001,678,390 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/05/30 20:40:24 | 000,748,088 | ---- | M] () -- C:\windows\SysNative\perfh00A.dat
[2014/05/30 20:40:24 | 000,654,582 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/05/30 20:40:24 | 000,159,270 | ---- | M] () -- C:\windows\SysNative\perfc00A.dat
[2014/05/30 20:40:24 | 000,122,196 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/05/30 20:40:00 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/30 20:36:50 | 000,497,863 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2014/05/30 20:36:43 | 000,001,046 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/30 20:36:26 | 000,000,480 | ---- | M] () -- C:\windows\tasks\SDMsgUpdate (Local).job
[2014/05/30 20:36:26 | 000,000,472 | ---- | M] () -- C:\windows\tasks\SDMsgUpdate (TE).job
[2014/05/30 20:36:00 | 000,000,838 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/30 20:35:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/30 20:35:14 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/30 20:31:09 | 001,327,971 | ---- | M] () -- C:\Users\PILAR\Desktop\AdwCleaner.exe
[2014/05/30 20:21:31 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2014/05/30 18:14:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PILAR\Desktop\OTL.exe
[2014/05/03 22:38:53 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Navegador de Internet.lnk
 
========== Files Created - No Company Name ==========
 
[2014/05/30 20:31:03 | 001,327,971 | ---- | C] () -- C:\Users\PILAR\Desktop\AdwCleaner.exe
[2012/09/16 04:33:58 | 001,652,248 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/07/25 06:14:48 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\Lenovo
[2013/06/09 13:13:07 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\SmartDraw
[2014/05/30 17:51:38 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\SoftGrid Client
[2014/05/30 20:37:32 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\Spotify
[2014/05/30 18:05:15 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\Tific
[2012/09/16 04:34:49 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\TP
 
========== Purity Check ==========
 
 
 
< End of report >
 
:)

  • 0

#21
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Excellent, the logs are looking good, so let's run a scan for remnants and check for out of date programs. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#22
charrascan

charrascan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hi,

 

here are the things you asked for :)

 

 

  • ESET Scan Log

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=f2220393545b764aba898549fd55c69e
# engine=18495
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-31 10:24:05
# local_time=2014-05-31 05:24:05 (-0600, Hora de verano central (México))
# country="Mexico"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 80 34656460 152151141 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 12103023 153118495 0 0
# scanned=129061
# found=1
# cleaned=0
# scan_time=3809
sh=912239F1105C1409F637DB38993DB0409CAFA31E ft=1 fh=8030f1b856ba36fe vn="a variant of Win32/BrowserProtectIU.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\05302014_201914\C_Program Files (x86)\BrowserProtect\srvBrowserProtect.exe"
 
  • MBAM Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 31/05/2014
Scan Time: 03:26:29 p.m.
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.31.09
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: PILAR
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 261427
Time Elapsed: 9 min, 9 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.Vittalia, C:\Users\PILAR\Downloads\installer_driver_epson_stylus_tx120_Spanish.exe, Quarantined, [828d243091ea1521d1e65dad40c105fb], 
PUP.Optional.MindSpark.A, C:\Users\PILAR\Downloads\MapsGalaxy.exe, Quarantined, [9679cd87d6a5a294bd7a7db3679d1ee2], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
  • SecurityCheck Log

 

 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 13.0.0.214  
 Adobe Reader XI  
 Google Chrome 34.0.1847.131  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log`````````````````````` 

  • 0

#23
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Not a thing in sight, as the only things detected are already quarantined. :thumbsup: And with that..



Great news, your logs are CLEAN! :thumbsup: :) I see no signs of infection in the last logs you posted, but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • I have some tips and information to help protect your machine, and protection against a new ransomware program called CryptoLocker.
Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Installation of FileHippo


Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 3: Tips, Information, and Protection against CryptoLocker


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

CryptoPrevent_zps1835f65d.jpg

Are there any further issues I can assist you with?
  • 0

#24
charrascan

charrascan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Nope, that will be all. Thanks a lot for your help!

 

 

# DelFix v10.7 - Logfile created 31/05/2014 at 18:30:53
# Updated 27/04/2014 by Xplode
# Username : PILAR - PILAR-PC
# Operating System : Windows 7 Home Basic Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\Users\PILAR\Desktop\AdwCleaner.exe
Deleted : C:\Users\PILAR\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\PILAR\Desktop\Extras.Txt
Deleted : C:\Users\PILAR\Desktop\JRT.exe
Deleted : C:\Users\PILAR\Desktop\JRT.txt
Deleted : C:\Users\PILAR\Desktop\OTL.Txt
Deleted : C:\Users\PILAR\Desktop\OTL.exe
Deleted : C:\Users\PILAR\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #47 [Windows Update | 04/10/2014 21:30:30]
Deleted : RP #48 [Windows Update | 05/03/2014 11:52:58]
Deleted : RP #49 [Windows Update | 05/07/2014 12:30:44]
Deleted : RP #50 [Windows Update | 05/15/2014 02:51:47]
Deleted : RP #51 [Installed Microsoft Fix it 50906 | 05/30/2014 15:03:11]
Deleted : RP #52 [Operación de restauración | 05/30/2014 22:46:41]
Deleted : RP #53 [Windows Update | 05/30/2014 23:56:21]
Deleted : RP #54 [Installed Microsoft Fix it 50906 | 05/31/2014 01:12:41]
Deleted : RP #55 [OTL Restore Point - 30/05/2014 20:19:25 | 05/31/2014 01:19:28]
 
New restore point created !
 
########## - EOF - ##########

  • 0

#25
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Nope, that will be all. Thanks a lot for your help!


You're quite welcome, don't hesitate to come back if you need us again. :thumbsup:

Pystryker :wave:
  • 0

Advertisements


#26
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: Infostealer.snifula

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP