Solved: No internet access (just through wifi)

juanlow · 18-Apr-2012, 03:53 PM **#16**

Ok I got to run the dds script!

Dds file log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Johnny at 13:44:34 on 2012-04-18
Microsoft Windows XP Professional 5.1.2600.3.1252.504.3082.18.502.87 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Archivos de programa\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Archivos de programa\Microsoft Security Client\msseces.exe
C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\LogMeIn\x86\LMIGuardianSvc.exe
C:\Archivos de programa\LogMeIn\x86\RaMaint.exe
C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
C:\Archivos de programa\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Loader Class: {f880a4a8-c436-4ac4-afd1-aa0bdc9552dd} - c:\documents and settings\johnny\mis documentos\downloads\w7\findexernightly1.1.0.3\FindeXer.dll
TB: QT Breadcrumbs Address Bar: {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: FindeXer: {377d8121-efaa-4d1c-981b-8bfad9f10de3} - c:\documents and settings\johnny\mis documentos\downloads\w7\findexernightly1.1.0.3\FindeXer.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\archivos de programa\analog devices\core\smax4pnp.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\archivos de programa\microsoft security client\msseces.exe" -hide -runkey
mRun: [BlackBerryAutoUpdate] c:\archivos de programa\archivos comunes\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SunJavaUpdateSched] "c:\archivos de programa\archivos comunes\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\archiv~1\archiv~1\micros~1\dw\dwtrig20.exe" -t
IE: Descargar con Mipony - file://c:\archivos de programa\mipony\browser\IEContext.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\archivos de programa\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1299880509015
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1299880644265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 205.211.192.35 205.211.192.36
TCP: Interfaces\{7425E006-995F-4A41-97B7-0F9538012C50} : DhcpNameServer = 205.211.192.35 205.211.192.36
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\windows\system32\wbem\wbemsyst.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\johnny\datos de programa\mozilla\firefox\profiles\yfzvw9hr.default\
FF - plugin: c:\archivos de programa\archivos comunes\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\archivos de programa\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\archivos de programa\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\archivos de programa\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\documents and settings\johnny\configuraciã³n local\datos de programa\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\johnny\configuraciã³n local\datos de programa\google\update\1.3.21.99\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsle8a346a2;MpKsle8a346a2;c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{77bf8add-f720-4d63-9c63-20172b6b07ae}\MpKsle8a346a2.sys [2012-4-18 29904]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-10-9 21992]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\archivos de programa\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\archivos de programa\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-1-4 47640]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\archivos de programa\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Servicio (gupdate);c:\archivos de programa\google\update\GoogleUpdate.exe [2011-5-5 136176]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-11-13 30312]
S3 gupdatem;Google Update Servicio (gupdatem);c:\archivos de programa\google\update\GoogleUpdate.exe [2011-5-5 136176]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-11-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-11-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-11-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-11-13 114280]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-3-16 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-04-18 18:33:53 29904 ----a-w- c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{77bf8add-f720-4d63-9c63-20172b6b07ae}\MpKsle8a346a2.sys
2012-04-18 18:00:09 56200 ----a-w- c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{77bf8add-f720-4d63-9c63-20172b6b07ae}\offreg.dll
2012-04-15 05:58:44 6582328 ----a-w- c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{77bf8add-f720-4d63-9c63-20172b6b07ae}\mpengine.dll
2012-04-14 22:16:18 -------- d-----w- c:\documents and settings\johnny\configuración local\datos de programa\Mozilla
2012-04-14 22:16:00 97208 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
2012-04-14 22:16:00 834712 ----a-w- c:\archivos de programa\mozilla firefox\uninstall\helper.exe
2012-04-03 05:41:50 98816 ----a-w- c:\windows\sed.exe
2012-04-03 05:41:50 518144 ----a-w- c:\windows\SWREG.exe
2012-04-03 05:41:50 256000 ----a-w- c:\windows\PEV.exe
2012-04-03 05:41:50 208896 ----a-w- c:\windows\MBR.exe
2012-04-02 17:32:06 -------- d-----w- c:\windows\SxsCaPendDel
2012-04-02 05:59:17 -------- d-----w- C:\ERDNT2
2012-03-21 20:30:58 -------- d-sha-r- C:\cmdcons
2012-03-21 20:17:29 -------- d-----w- C:\Fix
2012-03-21 08:52:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-20 17:29:51 184832 ----a-w- c:\windows\system32\wbem\RacWmiSyst.dll
2012-03-20 17:29:26 20992 ----a-w- c:\windows\system32\wbem\wbemsyst.dll
2012-03-20 08:01:55 -------- d-----w- c:\documents and settings\johnny\datos de programa\Ezfy
.
==================== Find3M ====================
.
2012-03-21 08:53:04 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-03 07:31:52 256 ----a-w- c:\windows\system32\pool.bin
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:45:24.37 ===============

Attach.txt also uploaded.
Thanks for the help

kevinf80 · 19-Apr-2012, 04:48 AM **#17**

Do the following please...

Upload a File to Virustotal
Please visit
Virustotal

Click the Browse... button
Navigate to the file C:\WINDOWS\system32\wbem\wbemsyst.dll or just copy/paste it in.
Click the Scan it tab
If you get a message saying File has already been analyzed: click Reanalyze file now
Copy and paste the results back here please.

Kevin

juanlow · 19-Apr-2012, 02:17 PM **#18**

I imagine file to be uploaded is from the desktop pc with the issue. So as explained before in the post I barely have access to internet in that pc :S I tried to access but keep getting same dns error in browser. Could not proceed with analysis. Any other scanner that i can download here in Laptop and move it to pc with issue?

Thanks Kevin.

kevinf80 · 19-Apr-2012, 03:06 PM **#19**

I`ll give the instructions for Combofix, Save to a USB stick or CD and transfer to the Desktop of the sick PC.

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

Ensure that Combofix is saved directly to the Desktop <--- Very important
Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
Close any open browsers and any other programs you might have running
Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
Instructions for running Combofix available Here if required.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*

If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

juanlow · 19-Apr-2012, 04:41 PM **#20**

Ok here is the log for combofix

ComboFix 12-04-19.01 - Johnny 19/04/2012 14:03:08.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.504.3082.18.502.82 [GMT -6:00]
Running from: c:\documents and settings\Johnny\Escritorio\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\winsys\2DSC00898.JPG
c:\windows\winsys\condania.JPG
c:\windows\winsys\condania2.jpg
c:\windows\winsys\IMG00342-20110914-0151.jpg
c:\windows\winsys\IMG00343-20110914-0152.jpg
c:\windows\winsys\IMG00345-20110914-0209.jpg
c:\windows\winsys\IMG00355-20110917-1629.jpg
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-19 18:13 . 2012-04-19 18:13 56200 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{77BF8ADD-F720-4D63-9C63-20172B6B07AE}\offreg.dll
2012-04-17 19:46 . 2012-04-17 19:46 -------- d-----w- c:\documents and settings\Administrador\Configuración local\Datos de programa\Mozilla
2012-04-15 05:58 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{77BF8ADD-F720-4D63-9C63-20172B6B07AE}\mpengine.dll
2012-04-14 22:16 . 2012-04-14 22:16 -------- d-----w- c:\documents and settings\Johnny\Configuración local\Datos de programa\Mozilla
2012-04-14 22:16 . 2012-03-13 04:39 97208 ----a-w- c:\archivos de programa\Mozilla Firefox\components\browsercomps.dll
2012-04-14 22:16 . 2012-03-13 04:39 834712 ----a-w- c:\archivos de programa\Mozilla Firefox\uninstall\helper.exe
2012-04-05 02:20 . 2012-04-05 02:20 -------- d-----w- c:\documents and settings\NetworkService\Configuración local\Datos de programa\Apple
2012-03-21 20:17 . 2012-03-21 20:18 -------- d-----w- C:\Fix
2012-03-21 08:52 . 2012-03-21 08:52 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 08:53 . 2008-04-14 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-20 17:29 . 2012-03-20 17:29 184832 ----a-w- c:\windows\system32\wbem\RacWmiSyst.dll
2012-03-20 17:29 . 2012-03-20 17:29 20992 ----a-w- c:\windows\system32\wbem\wbemsyst.dll
2012-03-14 02:15 . 2011-07-01 23:33 6582328 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-02 22:18 . 2012-03-02 22:17 413696 ----a-r- c:\documents and settings\Johnny\Datos de programa\Microsoft\Installer\{FD1E77D4-327F-4E24-9240-C82902068033}\BlackBerry.exe
2012-01-31 12:44 . 2011-03-11 22:27 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-13 04:39 . 2012-04-14 22:16 97208 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-03_05.57.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-19 18:13 . 2012-04-19 18:14 16384 c:\windows\Temp\Perflib_Perfdata_190.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\archivos de programa\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"MSC"="c:\archivos de programa\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"BlackBerryAutoUpdate"="c:\archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-12-08 00:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-11-02 22:51 928656 ----a-w- c:\archivos de programa\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-11-02 22:52 21392 ----a-w- c:\archivos de programa\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-11-02 22:51 3508624 ----a-w- c:\archivos de programa\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2011-09-16 20:10 63048 ----a-w- c:\archivos de programa\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 21:31 2144088 --sha-r- c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]
2008-11-27 17:31 156416 ----a-w- c:\archivos de programa\TuneUp Utilities 2009\MemOptimizer.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Facebook Update"="c:\documents and settings\Johnny\Configuración local\Datos de programa\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"Workshelf"=c:\archivos de programa\Winstep\WorkShelf.exe autostart
"Google Update"="c:\documents and settings\Johnny\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
"Lyexlirias"="c:\documents and settings\Johnny\Datos de programa\Evxa\siaf.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" -atboottime
"igfxtray"=c:\windows\system32\igfxtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Johnny\\Configuración local\\Datos de programa\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"36632:TCP"= 36632:TCP:@xpsp2res.dll,-22009
.
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [09/10/2011 02:47 p.m. 21992]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\archivos de programa\LogMeIn\x86\LMIGuardianSvc.exe [07/12/2011 06:21 p.m. 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\archivos de programa\LogMeIn\x86\rainfo.sys [16/09/2011 02:10 p.m. 12856]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\archivos de programa\Nitro PDF\Professional\NitroPDFDriverService.exe [21/03/2011 11:17 a.m. 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [21/03/2011 11:17 a.m. 68928]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 01:16 p.m. 130384]
S2 gupdate;Google Update Servicio (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [05/05/2011 06:37 p.m. 136176]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [13/11/2011 05:17 p.m. 30312]
S3 gupdatem;Google Update Servicio (gupdatem);c:\archivos de programa\Google\Update\GoogleUpdate.exe [05/05/2011 06:37 p.m. 136176]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [13/11/2011 05:17 p.m. 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [13/11/2011 05:17 p.m. 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [13/11/2011 05:17 p.m. 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [13/11/2011 05:17 p.m. 114280]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [16/03/2011 03:33 p.m. 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v040 0.exe [18/03/2010 01:16 p.m. 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jnvltgds
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2011-05-06 00:37]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2011-05-06 00:37]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: Descargar con Mipony - file://c:\archivos de programa\MiPony\Browser\IEContext.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 205.211.192.35 205.211.192.36
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Johnny\Datos de programa\Mozilla\Firefox\Profiles\yfzvw9hr.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-19 14:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(440)
c:\windows\system32\wbem\wbemsyst.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(500)
c:\windows\system32\wbem\wbemsyst.dll
.
Completion time: 2012-04-19 14:13:23
ComboFix-quarantined-files.txt 2012-04-19 20:13
ComboFix2.txt 2012-04-03 06:00
ComboFix3.txt 2012-03-21 20:50
.
Pre-Run: 24,404,738,048 bytes libres
Post-Run: 24,396,562,432 bytes libres
.
- - End Of File - - 07EEEA39899828F68704386CAEA894EE

Got no warning or prompt after it finished
Thanks

kevinf80 · 19-Apr-2012, 04:52 PM **#21**

Do you recognize or know what this is?

c:\documents and settings\Johnny\Datos de programa\Evxa\siaf.exe

juanlow · 19-Apr-2012, 04:59 PM **#22**

Yes. That apparently was a virus or something i had some time ago but was supposedly removed. Is it still active?

kevinf80 · 19-Apr-2012, 05:02 PM **#23**

Very much so, I see you ran CF 3 times, also other scanners. did you receive help somewhere else before here?

I`m going over logs, will have fix shortly...

juanlow · 19-Apr-2012, 05:06 PM **#24**

Yes. I had run combofix before as i read some posts when I had that problem of the virus :s but it was not direct help. And i cant remember where i read the posts.

Thanks Kevin

kevinf80 · 19-Apr-2012, 05:10 PM **#25**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:

KillAll::
ClearJavaCache::
File::
Folder::
c:\documents and settings\Johnny\Datos de programa\Evxa
Driver::
cerc6
jnvltgds
NetSvc::
jnvltgds
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Lyexlirias"=-

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Let me see that log, tell me what issues remain after that...

Kevin

juanlow · 20-Apr-2012, 03:50 AM **#26**

Ok first of all sorry for delayed response. I went to work.
After my last reply last time I did not have time to test the browsing in the pc or proceed with next step you indicated.
But now that i came back from work i see pc is working normally and opening every single page on 2 different browsers just to check.
I believe it was the combofix. But I also did what you told of CFScript and this is the log:
ComboFix 12-04-19.01 - Johnny 20/04/2012 1:06.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.504.3082.18.502.211 [GMT -6:00]
Running from: c:\documents and settings\Johnny\Escritorio\ComboFix.exe
Command switches used :: c:\documents and settings\Johnny\Escritorio\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ADS - WINDOWS: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_JNVLTGDS
-------\Service_cerc6
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-20 07:16 . 2012-04-20 07:16 56200 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{C1A42776-98F5-4A81-BD0D-3725CAECD541}\offreg.dll
2012-04-20 06:57 . 2012-04-20 06:57 29904 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{C1A42776-98F5-4A81-BD0D-3725CAECD541}\MpKsl7eb2f387.sys
2012-04-20 06:36 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{C1A42776-98F5-4A81-BD0D-3725CAECD541}\mpengine.dll
2012-04-17 19:46 . 2012-04-17 19:46 -------- d-----w- c:\documents and settings\Administrador\Configuración local\Datos de programa\Mozilla
2012-04-14 22:16 . 2012-04-14 22:16 -------- d-----w- c:\documents and settings\Johnny\Configuración local\Datos de programa\Mozilla
2012-04-14 22:16 . 2012-03-13 04:39 97208 ----a-w- c:\archivos de programa\Mozilla Firefox\components\browsercomps.dll
2012-04-14 22:16 . 2012-03-13 04:39 834712 ----a-w- c:\archivos de programa\Mozilla Firefox\uninstall\helper.exe
2012-04-05 02:20 . 2012-04-05 02:20 -------- d-----w- c:\documents and settings\NetworkService\Configuración local\Datos de programa\Apple
2012-04-02 17:32 . 2012-04-02 17:36 -------- d-----w- c:\windows\SxsCaPendDel
2012-04-02 05:59 . 2012-04-02 05:59 -------- d-----w- C:\ERDNT2
2012-03-30 19:29 . 2012-04-02 17:30 -------- d-----w- c:\archivos de programa\Safari
2012-03-30 19:28 . 2012-03-30 19:28 -------- d-----w- c:\archivos de programa\Apple Software Update
2012-03-21 20:17 . 2012-03-21 20:18 -------- d-----w- C:\Fix
2012-03-21 08:52 . 2012-03-21 08:52 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 08:53 . 2008-04-14 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-20 17:29 . 2012-03-20 17:29 184832 ----a-w- c:\windows\system32\wbem\RacWmiSyst.dll
2012-03-20 17:29 . 2012-03-20 17:29 20992 ----a-w- c:\windows\system32\wbem\wbemsyst.dll
2012-03-14 02:15 . 2011-07-01 23:33 6582328 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-02 22:18 . 2012-03-02 22:17 413696 ----a-r- c:\documents and settings\Johnny\Datos de programa\Microsoft\Installer\{FD1E77D4-327F-4E24-9240-C82902068033}\BlackBerry.exe
2012-01-31 12:44 . 2011-03-11 22:27 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-13 04:39 . 2012-04-14 22:16 97208 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-03_05.57.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-20 07:15 . 2012-04-20 07:15 16384 c:\windows\temp\Perflib_Perfdata_7ec.dat
+ 2011-03-11 22:19 . 2010-07-05 13:16 18808 c:\windows\system32\spmsg.dll
+ 2011-03-11 21:15 . 2012-01-09 16:20 139784 c:\windows\system32\drivers\rdpwd.sys
+ 2011-03-11 21:15 . 2012-01-09 16:20 139784 c:\windows\system32\dllcache\rdpwd.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\archivos de programa\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"MSC"="c:\archivos de programa\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"BlackBerryAutoUpdate"="c:\archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-12-08 00:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-11-02 22:51 928656 ----a-w- c:\archivos de programa\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-11-02 22:52 21392 ----a-w- c:\archivos de programa\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-11-02 22:51 3508624 ----a-w- c:\archivos de programa\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2011-09-16 20:10 63048 ----a-w- c:\archivos de programa\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 21:31 2144088 --sha-r- c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]
2008-11-27 17:31 156416 ----a-w- c:\archivos de programa\TuneUp Utilities 2009\MemOptimizer.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Facebook Update"="c:\documents and settings\Johnny\Configuración local\Datos de programa\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"Workshelf"=c:\archivos de programa\Winstep\WorkShelf.exe autostart
"Google Update"="c:\documents and settings\Johnny\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
"Lyexlirias"="c:\documents and settings\Johnny\Datos de programa\Evxa\siaf.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" -atboottime
"igfxtray"=c:\windows\system32\igfxtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Johnny\\Configuración local\\Datos de programa\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"36632:TCP"= 36632:TCP:@xpsp2res.dll,-22009
.
R1 MpKsl7eb2f387;MpKsl7eb2f387;c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{C1A42776-98F5-4A81-BD0D-3725CAECD541}\MpKsl7eb2f387.sys [20/04/2012 12:57 a.m. 29904]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [09/10/2011 02:47 p.m. 21992]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\archivos de programa\LogMeIn\x86\LMIGuardianSvc.exe [07/12/2011 06:21 p.m. 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\archivos de programa\LogMeIn\x86\rainfo.sys [16/09/2011 02:10 p.m. 12856]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\archivos de programa\Nitro PDF\Professional\NitroPDFDriverService.exe [21/03/2011 11:17 a.m. 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [21/03/2011 11:17 a.m. 68928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 01:16 p.m. 130384]
S2 gupdate;Google Update Servicio (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [05/05/2011 06:37 p.m. 136176]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [13/11/2011 05:17 p.m. 30312]
S3 gupdatem;Google Update Servicio (gupdatem);c:\archivos de programa\Google\Update\GoogleUpdate.exe [05/05/2011 06:37 p.m. 136176]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [13/11/2011 05:17 p.m. 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [13/11/2011 05:17 p.m. 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [13/11/2011 05:17 p.m. 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [13/11/2011 05:17 p.m. 114280]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [16/03/2011 03:33 p.m. 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v040 0.exe [18/03/2010 01:16 p.m. 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2011-05-06 00:37]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2011-05-06 00:37]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: Descargar con Mipony - file://c:\archivos de programa\MiPony\Browser\IEContext.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 205.211.192.35 205.211.192.36
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Johnny\Datos de programa\Mozilla\Firefox\Profiles\yfzvw9hr.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-20 01:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(444)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3108)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\LogMeIn\x86\RaMaint.exe
c:\archivos de programa\LogMeIn\x86\LogMeIn.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-04-20 01:24:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-20 07:24
ComboFix2.txt 2012-04-19 20:13
ComboFix3.txt 2012-04-03 06:00
ComboFix4.txt 2012-03-21 20:50
.
Pre-Run: 24,007,233,536 bytes libres
Post-Run: 23,920,242,688 bytes libres
.
- - End Of File - - CE50ED841F3C93D00B471553FBA82C67

Browsing is still running smoothly as before I had the issue!
I just hope it stays like that. This was a pain for about 2 weeks!
Wanted to know if there is any risk by keeping system restore active as it seems combofix activates it, and I usually deactivate it.

Thanks a lot Kevin.

kevinf80 · 20-Apr-2012, 04:16 AM **#27**

Reply times are fine, we all have to work. I`ve got to go out myself shortly... OK I see the problem file I asked about is still active. Regarding System Restore, that should be kept active, is a safety feature..

Run the following please, is purely diagnostic; it will make NO changes...

Download

OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3
Link 4

Double click on the icon to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".

Under the Custom Scan box paste this in:

Code:

netsvcs
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
msconfig
%SYSTEMDRIVE%\*.exe
%LOCALAPPDATA%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

I` ll be offline until maybe 5 pm UK time...

Kevin

juanlow · 20-Apr-2012, 03:37 PM **#28**

Here are the logs for the OTL scan Kevin:

OTL
OTL logfile created on: 20/04/2012 01:03:12 p.m. - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Johnny\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000480A | Country: Honduras | Language: ESH | Date Format: dd/MM/yyyy

502.07 Mb Total Physical Memory | 88.45 Mb Available Physical Memory | 17.62% Memory free
1.93 Gb Paging File | 1.58 Gb Available in Paging File | 81.89% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 74.50 Gb Total Space | 22.31 Gb Free Space | 29.95% Space Free | Partition Type: NTFS
Drive D: | 31.49 Gb Total Space | 0.91 Gb Free Space | 2.88% Space Free | Partition Type: NTFS
Drive E: | 1.84 Gb Total Space | 0.31 Gb Free Space | 16.70% Space Free | Partition Type: FAT

Computer Name: JOHNNY-B3EFA694 | User Name: Johnny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/20 12:22:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johnny\Escritorio\OTL.scr
PRC - [2011/12/07 18:21:50 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Archivos de programa\LogMeIn\x86\ramaint.exe
PRC - [2011/12/07 18:21:44 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Archivos de programa\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/11/20 20:07:23 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2011/09/16 14:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
PRC - [2011/06/09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
PRC - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011/03/21 11:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) -- C:\Archivos de programa\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Archivos de programa\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/07/01 23:12:46 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/14 06:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2007/01/17 17:36:38 | 000,129,024 | ---- | M] () -- C:\Archivos de programa\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/12/07 18:21:50 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Archivos de programa\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011/12/07 18:21:44 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Archivos de programa\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/20 20:07:23 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2011/11/20 20:07:19 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011/10/05 11:41:49 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011/09/16 14:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/03/21 11:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Archivos de programa\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Archivos de programa\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/12 16:44:18 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2011/12/07 18:22:16 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/10/26 19:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/10/26 19:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/10/26 19:25:40 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/10/26 19:25:40 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011/10/26 19:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011/09/16 14:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 14:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Archivos de programa\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/07/14 10:45:20 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\..\SearchScopes,DefaultScope = {1F096B29-E9DA-4D64-8D63-936BE7762CC5}
IE - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b87ae93900000000000000188b1de8b4&tlver =1.4.19.19&ss=1&affID=18025
IE - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Archivos de programa\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Archivos de programa\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Archivos de programa\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Archivos de programa\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Archivos de programa\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Archivos de programa\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Archivos de programa\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Archivos de programa\Archivos comunes\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Update\1.2.183.7\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\crossriderapp498@cr ossrider.com: C:\Documents and Settings\Johnny\Configuración local\Datos de programa\RewardsArcade\498\Firefox [2011/11/20 18:58:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2012/04/14 16:16:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins

[2012/04/14 16:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnny\Datos de programa\Mozilla\Extensions
[2012/04/14 16:16:00 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2012/03/12 22:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2011/05/15 18:53:24 | 000,002,428 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\babylon.xml
[2012/03/12 22:38:32 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2012/03/12 22:38:32 | 000,002,040 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

rigi nalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:ins tantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Johnny\Configuraci\u00F3n local\Datos de programa\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Johnny\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Johnny\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Johnny\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Archivos de programa\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Archivos de programa\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Archivos de programa\Windows Media Player\npdsplay.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Documents and Settings\Johnny\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Documents and Settings\Johnny\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Archivos de programa\Archivos comunes\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Archivos de programa\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Archivos de programa\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Johnny\Configuraci\u00F3n local\Datos de programa\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: B\u00FAsqueda de Google = C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RewardsArcade = C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_6\
CHR - Extension: Fanatico-Online = C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\ennhhfmdlbpomijdllhgedgjcnbhohen\1.8_1\
CHR - Extension: Cuevana Stream = C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.1_0\
CHR - Extension: Cuevana Stream = C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.1_0\.svn\props\. svn-work
CHR - Extension: Gmail = C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/20 01:15:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Loader Class) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\Documents and Settings\Johnny\Mis documentos\Downloads\W7\FindeXerNightly1.1.0.3\FindeXer.dll (A Part of the LessCliX Suite by Alianyn)
O3 - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [MSC] c:\Archivos de programa\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Archivos de programa\Archivos comunes\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Archivos de programa\Archivos comunes\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Descargar con Mipony - C:\Archivos de programa\MiPony\Browser\IEContext.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Archivos de programa\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1299880509015 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1299880644265 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.211.192.35 205.211.192.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7425E006-995F-4A41-97B7-0F9538012C50}: DhcpNameServer = 205.211.192.35 205.211.192.36
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/11 15:20:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Synchronizer.lnk - C:\Archivos de programa\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe - ()
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Archivos de programa\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Archivos de programa\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Archivos de programa\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: LogMeIn GUI - hkey= - key= - C:\Archivos de programa\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
MsConfig - StartUpReg: TuneUp MemOptimizer - hkey= - key= - C:\Archivos de programa\TuneUp Utilities 2009\MemOptimizer.exe (TuneUp Software GmbH)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/20 12:22:21 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Johnny\Escritorio\OTL.scr
[2012/04/20 01:13:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/19 23:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Escritorio\Omoa
[2012/04/19 13:37:27 | 004,467,868 | R--- | C] (Swearware) -- C:\Documents and Settings\Johnny\Escritorio\ComboFix.exe
[2012/04/18 12:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Escritorio\from lap
[2012/04/14 16:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Datos de programa\Mozilla
[2012/04/14 16:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Mozilla
[2012/04/06 02:07:59 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Johnny\Escritorio\WinsockxpFix-WinXP.exe
[2012/04/04 20:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Apple
[2012/04/02 23:41:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/02 23:41:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/02 23:41:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/02 23:41:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/02 23:39:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/02 11:32:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2012/04/01 23:59:17 | 000,000,000 | ---D | C] -- C:\ERDNT2
[2012/04/01 20:41:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Johnny\Recent
[2012/03/30 13:29:40 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Safari
[2012/03/30 13:28:58 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Apple Software Update
[2012/03/21 14:30:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/21 14:17:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/21 14:17:29 | 000,000,000 | ---D | C] -- C:\Fix
[2012/03/21 14:16:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Johnny\Menú Inicio\Programas\Herramientas administrativas
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Johnny\Escritorio\*.tmp files -> C:\Documents and Settings\Johnny\Escritorio\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/20 12:53:28 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/20 12:53:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/20 12:22:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johnny\Escritorio\OTL.scr
[2012/04/20 01:35:00 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/20 01:15:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/19 13:38:16 | 004,467,868 | R--- | M] (Swearware) -- C:\Documents and Settings\Johnny\Escritorio\ComboFix.exe
[2012/04/18 17:54:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/17 00:24:27 | 000,000,451 | RHS- | M] () -- C:\boot.ini
[2012/04/14 16:16:06 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Mozilla Firefox.lnk
[2012/04/12 15:34:05 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2012/04/12 13:44:40 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Johnny\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 20:20:03 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/03 08:27:27 | 000,085,364 | ---- | M] () -- C:\Documents and Settings\Johnny\Escritorio\Mission.Impossible.Ghost.Protocol.2011.720p.BluR ay.x264-SPARKS.srt
[2012/03/31 01:44:22 | 000,391,399 | ---- | M] () -- C:\Documents and Settings\Johnny\Mis documentos\DesktopCapture - 2012-03-31, 01.44.jpg
[2012/03/30 13:31:55 | 000,074,412 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/23 01:47:33 | 000,378,091 | ---- | M] () -- C:\Documents and Settings\Johnny\Mis documentos\DesktopCapture - 2012-03-23, 01.47.jpg
[2012/03/23 00:33:34 | 000,022,528 | -H-- | M] () -- C:\Documents and Settings\Johnny\Escritorio\photothumb.db
[2012/03/23 00:33:33 | 000,059,392 | -H-- | M] () -- C:\Documents and Settings\Johnny\Mis documentos\photothumb.db
[2012/03/22 13:13:45 | 000,013,450 | ---- | M] () -- C:\Documents and Settings\Johnny\Mis documentos\cc_20120322_131341.reg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Johnny\Escritorio\*.tmp files -> C:\Documents and Settings\Johnny\Escritorio\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/18 14:44:40 | 000,204,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
[2012/04/14 16:16:06 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Mozilla Firefox.lnk
[2012/04/14 16:16:06 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Mozilla Firefox.lnk
[2012/04/06 01:40:08 | 000,085,364 | ---- | C] () -- C:\Documents and Settings\Johnny\Escritorio\Mission.Impossible.Ghost.Protocol.2011.720p.BluR ay.x264-SPARKS.srt
[2012/04/02 23:41:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/02 23:41:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/02 23:41:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/02 23:41:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/02 23:41:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/31 01:44:22 | 000,391,399 | ---- | C] () -- C:\Documents and Settings\Johnny\Mis documentos\DesktopCapture - 2012-03-31, 01.44.jpg
[2012/03/30 13:31:55 | 000,074,412 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/30 13:29:01 | 000,000,298 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/23 01:47:32 | 000,378,091 | ---- | C] () -- C:\Documents and Settings\Johnny\Mis documentos\DesktopCapture - 2012-03-23, 01.47.jpg
[2012/03/22 13:13:43 | 000,013,450 | ---- | C] () -- C:\Documents and Settings\Johnny\Mis documentos\cc_20120322_131341.reg
[2012/03/21 14:31:04 | 000,000,334 | ---- | C] () -- C:\Boot.bak
[2012/03/21 14:31:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/16 00:45:36 | 000,677,626 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\WPFFontCache_v0400-S-1-5-21-507921405-2111687655-1177238915-1003-0.dat
[2011/11/15 14:36:14 | 000,324,790 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\WPFFontCache_v0400-System.dat
[2011/10/31 11:22:42 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/10/31 11:22:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/10/31 11:22:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/10/31 11:22:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/10/31 11:22:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/09/08 20:58:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/22 00:47:01 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2011/03/17 20:31:57 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011/03/17 00:34:06 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/03/13 12:50:38 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Johnny\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/12 00:27:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/11 19:42:25 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Johnny\Configuración local\Datos de programa\fusioncache.dat
[2011/03/11 15:22:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/11 15:16:34 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/11 08:04:58 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/11 08:03:35 | 000,351,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/03/23 01:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Autodesk
[2012/04/20 01:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\LogMeIn
[2011/09/06 15:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Messenger Plus!
[2011/09/28 12:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Nitro PDF
[2012/03/12 00:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\PageTech
[2011/03/17 20:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Research In Motion
[2011/11/13 17:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Samsung
[2011/11/20 20:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TuneUp Software
[2011/03/23 21:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/11/20 20:05:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Datos de programa\{55A29068-F2CE-456C-9148-C869879E2357}
[2012/03/23 01:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Autodesk
[2011/09/28 12:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Downloaded Installations
[2012/03/21 21:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Ezfy
[2011/11/20 21:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\FindeXer
[2012/04/14 16:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Mipony
[2012/03/22 15:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Nitro PDF
[2011/03/17 20:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Research In Motion
[2011/11/06 15:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\rinsebyreal
[2011/09/16 12:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Rovio
[2011/11/13 17:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Samsung
[2011/11/20 20:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Styler
[2011/11/20 20:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\TuneUp Software
[2011/11/20 23:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\ViGlance
[2011/11/20 23:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\ViStart

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %SYSTEMDRIVE%\*.exe >
Invalid Environment Variable: LOCALAPPDATA

< MD5 for: EXPLORER.EXE >
[2008/04/14 06:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 06:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\explorer.exe
[2008/04/14 06:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 06:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 06:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 06:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 06:00:00 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 06:00:00 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 06:00:00 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install\\LastSuccessTime: 2012-04-20 05:57:29

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0 .0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

< End of report >

Extras

OTL Extras logfile created on: 20/04/2012 01:03:12 p.m. - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Johnny\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000480A | Country: Honduras | Language: ESH | Date Format: dd/MM/yyyy

502.07 Mb Total Physical Memory | 88.45 Mb Available Physical Memory | 17.62% Memory free
1.93 Gb Paging File | 1.58 Gb Available in Paging File | 81.89% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 74.50 Gb Total Space | 22.31 Gb Free Space | 29.95% Space Free | Partition Type: NTFS
Drive D: | 31.49 Gb Total Space | 0.91 Gb Free Space | 2.88% Space Free | Partition Type: NTFS
Drive E: | 1.84 Gb Total Space | 0.31 Gb Free Space | 16.70% Space Free | Partition Type: FAT

Computer Name: JOHNNY-B3EFA694 | User Name: Johnny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-507921405-2111687655-1177238915-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = scrfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"36632:TCP" = 36632:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{12E0A949-8861-35F8-B7ED-5658788A7BFE}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ESN
"{1719FAD6-2F6A-4F5E-BF2B-1F6F6F1E3806_PasswordRemover}_is1" = Wondershare PDF Password Remover (Build 1.3.0)
"{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}" = Angry Birds
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{288D7000-786B-11D6-9D00-00B0D0E6A72E}" = RISA-2D Educational
"{298B7460-A43A-3083-B295-75547FC68392}" = Microsoft .NET Framework 3.5 Language Pack - esn
"{2B83A043-BA8C-4164-98AA-29529D0BE756}" = Windows Live Essentials
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CDF6674-78CA-4B1F-A3CA-BA7EAC6E4E0B}" = Nitro PDF Professional
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client ES-ES Language Pack
"{8924FD04-AFF1-4387-B08B-6A979485F2BD}" = Windows Live Call
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0010-0C0A-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Spanish) 12
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB0DCC5E-7477-3350-B5F5-7CE64E1E83B6}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ESN
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0CF1841-ABED-41F4-B818-A9E60B607DD9}" = DWGgateway
"{C4156B59-DD7E-40DF-AF08-E568A27A6409}" = Windows Live Messenger
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5FB2C06-3B89-41C5-9787-E51782AEA5B7}" = Microsoft Antimalware Service ES-ES Language Pack
"{E2B4FE1C-2CFA-47EE-A88C-A14D0FF1F0B0}" = BBSAK
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{FD1E77D4-327F-4E24-9240-C82902068033}" = BlackBerry Device Software v6.0.0 para el smartphone BlackBerry 9780
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AMP WinOFF" = AMP WinOFF 5.0.1
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"BlackBerry_{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"DWG TrueView 2010" = DWG TrueView 2010
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gadwin PrintScreen" = Gadwin PrintScreen
"Gadwin Web Snapshot" = Gadwin Web Snapshot
"GOM Player" = GOM Player
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 - esn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MiPony" = MiPony 1.2.3
"Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoScape" = PhotoScape
"PokerStars.net" = PokerStars.net
"RealAlt_is1" = Real Alternative 1.8.0
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"ShockwaveFlash" = Macromedia Flash Player 8
"ViGlance" = ViGlance
"ViStart" = ViStart
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Compresor WinRAR
"Winstep Xtreme_is1" = Winstep Xtreme 8.11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-507921405-2111687655-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"CarbonPoker" = CarbonPoker
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/04/2012 01:48:07 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 05/04/2012 02:30:37 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 06/04/2012 03:42:10 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 08/04/2012 01:20:16 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: chrome.exe, versión 17.0.963.79, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 09/04/2012 01:20:29 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 11/04/2012 09:02:04 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
download, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials
(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

Error - 16/04/2012 01:52:02 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 17/04/2012 03:55:35 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 18/04/2012 04:57:53 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 20/04/2012 03:11:05 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: No se ha podido resolver el nombre de servidor o su dirección

[ OSession Events ]
Error - 07/05/2011 05:57:25 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 20/04/2012 03:06:08 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7034
Description = El servicio Servicio de puerta de enlace de capa de aplicación se
terminó de manera inesperada. Esto ha sucedido 1 veces.

Error - 20/04/2012 03:06:08 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7034
Description = El servicio NLS Service se terminó de manera inesperada. Esto ha sucedido
1 veces.

Error - 20/04/2012 03:06:08 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7034
Description = El servicio TuneUp Program Statistics Service se terminó de manera
inesperada. Esto ha sucedido 1 veces.

Error - 20/04/2012 03:06:08 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7034
Description = El servicio LogMeIn Maintenance Service se terminó de manera inesperada.
Esto ha sucedido 1 veces.

Error - 20/04/2012 03:06:08 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7034
Description = El servicio LogMeIn se terminó de manera inesperada. Esto ha sucedido
1 veces.

Error - 20/04/2012 03:06:08 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7034
Description = El servicio LMIGuardianSvc se terminó de manera inesperada. Esto ha
sucedido 1 veces.

Error - 20/04/2012 03:06:08 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7034
Description = El servicio Java Quick Starter se terminó de manera inesperada. Esto
ha sucedido 1 veces.

Error - 20/04/2012 03:06:08 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7031
Description = El servicio Apple Mobile Device terminó inesperadamente. Lo ha hecho
1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar
el servicio.

Error - 20/04/2012 03:06:09 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7034
Description = El servicio Cola de impresión se terminó de manera inesperada. Esto
ha sucedido 1 veces.

Error - 20/04/2012 03:06:11 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7031
Description = El servicio Microsoft Antimalware Service terminó inesperadamente.
Lo ha hecho 1 veces. Se realizará la siguiente acción correctora en 15000 milisegundos:
Reiniciar el servicio.

[ TuneUp Events ]
Error - 11/03/2012 03:51:47 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-11 13:51:47', '\device\harddiskvolume1\archivos
de programa\malwarebytes' anti-malware\mbam.exe','3640',0)

Error - 20/03/2012 03:15:35 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-20 13:15:30', '\device\harddiskvolume1\archivos
de programa\malwarebytes' anti-malware\mbam.exe','2144',0)

Error - 03/04/2012 02:27:22 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-04-03 00:27:22', '\device\harddiskvolume1\archivos
de programa\malwarebytes' anti-malware\mbam.exe','4196',0)

< End of report >

About the siaf file I follow the route and it does not show even with hidden files showing option.
And internet is still running correctly.

kevinf80 · 20-Apr-2012, 04:50 PM **#29**

Ok that log does not show any malware, do the following.

Step 1

Re-Run

by double left click, Vista and Widows 7 users right click and select Run as Administrator.

Under the

box at the bottom, paste in the following

Code:

:OTL
[2011/05/15 18:53:24 | 000,002,428 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

:Files
ipconfig /flushdns /c
:Commands
[emptytemp]
[Reboot]

Then click button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log it produces in your next reply.

Step 2

Click Start, click Run, type or copy/paste control appwiz.cpl in the Open box, and then press ENTER.
Click to select Java(TM) 6 Update 6 from the application list, and then click Remove. Only re-boot if prompted

Next,

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
The most current version of Sun Java is: Java Runtime Environment Version 6 Update 31.

Go to Sun Java
Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
Reboot your computer

Let me see the log from OTL Fix, also tell me if any issues remain....

Kevin

juanlow · 21-Apr-2012, 02:56 AM **#30**

Ok here is the log for OTL in Step1:

All processes killed
========== OTL ==========
C:\Archivos de programa\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-2111687655-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Configuración IP de Windows
Se vació con éxito la caché de resolución de DNS.
C:\Documents and Settings\Johnny\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\Johnny\Escritorio\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 12228245 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Johnny
->Temp folder emptied: 710 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 82241536 bytes
->Google Chrome cache emptied: 61830138 bytes
->Apple Safari cache emptied: 198656 bytes
->Flash cache emptied: 106629 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: NetworkService
->Temp folder emptied: 3618 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352086 bytes
%systemroot%\System32 .tmp files removed: 2909 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2456 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 152.00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 04202012_160355

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

I deleted the Update6 and installed Update31 of java.
I also saw i had an Update29 in the programs list when removing 6.
Should i do anything with that?
Browsing and internet still normal and loading every page.

Thanks Kevin

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Solved: No internet access (just through wifi)

Find the solution to your computer problem!

Find the solution to your
computer problem!