1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

No internet access (just through wifi)

Discussion in 'Virus & Other Malware Removal' started by juanlow, Apr 17, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. juanlow

    juanlow Thread Starter

    Joined:
    Apr 17, 2012
    Messages:
    18
    Ok I got to run the dds script!

    Dds file log
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512
    Run by Johnny at 13:44:34 on 2012-04-18
    Microsoft Windows XP Professional 5.1.2600.3.1252.504.3082.18.502.87 [GMT -6:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    c:\Archivos de programa\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Archivos de programa\Microsoft Security Client\msseces.exe
    C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Archivos de programa\Java\jre6\bin\jqs.exe
    C:\Archivos de programa\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Archivos de programa\LogMeIn\x86\RaMaint.exe
    C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
    C:\Archivos de programa\Nitro PDF\Professional\NitroPDFDriverService.exe
    C:\WINDOWS\system32\NLSSRV32.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\TUProgSt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = <local>
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Loader Class: {f880a4a8-c436-4ac4-afd1-aa0bdc9552dd} - c:\documents and settings\johnny\mis documentos\downloads\w7\findexernightly1.1.0.3\FindeXer.dll
    TB: QT Breadcrumbs Address Bar: {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    EB: FindeXer: {377d8121-efaa-4d1c-981b-8bfad9f10de3} - c:\documents and settings\johnny\mis documentos\downloads\w7\findexernightly1.1.0.3\FindeXer.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SoundMAXPnP] c:\archivos de programa\analog devices\core\smax4pnp.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [MSC] "c:\archivos de programa\microsoft security client\msseces.exe" -hide -runkey
    mRun: [BlackBerryAutoUpdate] c:\archivos de programa\archivos comunes\research in motion\auto update\RIMAutoUpdate.exe /background
    mRun: [SunJavaUpdateSched] "c:\archivos de programa\archivos comunes\java\java update\jusched.exe"
    dRun: [DWQueuedReporting] "c:\archiv~1\archiv~1\micros~1\dw\dwtrig20.exe" -t
    IE: Descargar con Mipony - file://c:\archivos de programa\mipony\browser\IEContext.htm
    IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~3\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\archivos de programa\pokerstars.net\PokerStarsUpdate.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1299880509015
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1299880644265
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 205.211.192.35 205.211.192.36
    TCP: Interfaces\{7425E006-995F-4A41-97B7-0F9538012C50} : DhcpNameServer = 205.211.192.35 205.211.192.36
    Notify: igfxcui - igfxdev.dll
    Notify: LMIinit - LMIinit.dll
    AppInit_DLLs: c:\windows\system32\wbem\wbemsyst.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\johnny\datos de programa\mozilla\firefox\profiles\yfzvw9hr.default\
    FF - plugin: c:\archivos de programa\archivos comunes\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\archivos de programa\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\archivos de programa\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\archivos de programa\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\documents and settings\johnny\configuraciã³n local\datos de programa\facebook\video\skype\npFacebookVideoCalling.dll
    FF - plugin: c:\documents and settings\johnny\configuraciã³n local\datos de programa\google\update\1.3.21.99\npGoogleUpdate3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 MpKsle8a346a2;MpKsle8a346a2;c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{77bf8add-f720-4d63-9c63-20172b6b07ae}\MpKsle8a346a2.sys [2012-4-18 29904]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-10-9 21992]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\archivos de programa\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\archivos de programa\logmein\x86\rainfo.sys [2011-9-16 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-1-4 47640]
    R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\archivos de programa\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
    S0 cerc6;cerc6; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Servicio (gupdate);c:\archivos de programa\google\update\GoogleUpdate.exe [2011-5-5 136176]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-11-13 30312]
    S3 gupdatem;Google Update Servicio (gupdatem);c:\archivos de programa\google\update\GoogleUpdate.exe [2011-5-5 136176]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-11-13 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-11-13 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-11-13 136808]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-11-13 114280]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-3-16 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    2012-04-18 18:33:53 29904 ----a-w- c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{77bf8add-f720-4d63-9c63-20172b6b07ae}\MpKsle8a346a2.sys
    2012-04-18 18:00:09 56200 ----a-w- c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{77bf8add-f720-4d63-9c63-20172b6b07ae}\offreg.dll
    2012-04-15 05:58:44 6582328 ----a-w- c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{77bf8add-f720-4d63-9c63-20172b6b07ae}\mpengine.dll
    2012-04-14 22:16:18 -------- d-----w- c:\documents and settings\johnny\configuración local\datos de programa\Mozilla
    2012-04-14 22:16:00 97208 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
    2012-04-14 22:16:00 834712 ----a-w- c:\archivos de programa\mozilla firefox\uninstall\helper.exe
    2012-04-03 05:41:50 98816 ----a-w- c:\windows\sed.exe
    2012-04-03 05:41:50 518144 ----a-w- c:\windows\SWREG.exe
    2012-04-03 05:41:50 256000 ----a-w- c:\windows\PEV.exe
    2012-04-03 05:41:50 208896 ----a-w- c:\windows\MBR.exe
    2012-04-02 17:32:06 -------- d-----w- c:\windows\SxsCaPendDel
    2012-04-02 05:59:17 -------- d-----w- C:\ERDNT2
    2012-03-21 20:30:58 -------- d-sha-r- C:\cmdcons
    2012-03-21 20:17:29 -------- d-----w- C:\Fix
    2012-03-21 08:52:06 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-20 17:29:51 184832 ----a-w- c:\windows\system32\wbem\RacWmiSyst.dll
    2012-03-20 17:29:26 20992 ----a-w- c:\windows\system32\wbem\wbemsyst.dll
    2012-03-20 08:01:55 -------- d-----w- c:\documents and settings\johnny\datos de programa\Ezfy
    .
    ==================== Find3M ====================
    .
    2012-03-21 08:53:04 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-03-03 07:31:52 256 ----a-w- c:\windows\system32\pool.bin
    2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 13:45:24.37 ===============

    Attach.txt also uploaded.
    Thanks for the help:)
     

    Attached Files:

  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Do the following please...

    Upload a File to Virustotal
    Please visit
    Virustotal
    • Click the Browse... button
    • Navigate to the file C:\WINDOWS\system32\wbem\wbemsyst.dll or just copy/paste it in.
    • Click the Scan it tab
    • If you get a message saying File has already been analyzed: click Reanalyze file now
    • Copy and paste the results back here please.

    Kevin
     
  3. juanlow

    juanlow Thread Starter

    Joined:
    Apr 17, 2012
    Messages:
    18
    I imagine file to be uploaded is from the desktop pc with the issue. So as explained before in the post I barely have access to internet in that pc :S I tried to access but keep getting same dns error in browser. Could not proceed with analysis. Any other scanner that i can download here in Laptop and move it to pc with issue?

    Thanks Kevin.
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    I`ll give the instructions for Combofix, Save to a USB stick or CD and transfer to the Desktop of the sick PC.

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  5. juanlow

    juanlow Thread Starter

    Joined:
    Apr 17, 2012
    Messages:
    18
    Ok here is the log for combofix

    ComboFix 12-04-19.01 - Johnny 19/04/2012 14:03:08.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.504.3082.18.502.82 [GMT -6:00]
    Running from: c:\documents and settings\Johnny\Escritorio\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\winsys\2DSC00898.JPG
    c:\windows\winsys\condania.JPG
    c:\windows\winsys\condania2.jpg
    c:\windows\winsys\IMG00342-20110914-0151.jpg
    c:\windows\winsys\IMG00343-20110914-0152.jpg
    c:\windows\winsys\IMG00345-20110914-0209.jpg
    c:\windows\winsys\IMG00355-20110917-1629.jpg
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-19 18:13 . 2012-04-19 18:13 56200 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{77BF8ADD-F720-4D63-9C63-20172B6B07AE}\offreg.dll
    2012-04-17 19:46 . 2012-04-17 19:46 -------- d-----w- c:\documents and settings\Administrador\Configuración local\Datos de programa\Mozilla
    2012-04-15 05:58 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{77BF8ADD-F720-4D63-9C63-20172B6B07AE}\mpengine.dll
    2012-04-14 22:16 . 2012-04-14 22:16 -------- d-----w- c:\documents and settings\Johnny\Configuración local\Datos de programa\Mozilla
    2012-04-14 22:16 . 2012-03-13 04:39 97208 ----a-w- c:\archivos de programa\Mozilla Firefox\components\browsercomps.dll
    2012-04-14 22:16 . 2012-03-13 04:39 834712 ----a-w- c:\archivos de programa\Mozilla Firefox\uninstall\helper.exe
    2012-04-05 02:20 . 2012-04-05 02:20 -------- d-----w- c:\documents and settings\NetworkService\Configuración local\Datos de programa\Apple
    2012-03-21 20:17 . 2012-03-21 20:18 -------- d-----w- C:\Fix
    2012-03-21 08:52 . 2012-03-21 08:52 -------- d-----w- C:\TDSSKiller_Quarantine
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-21 08:53 . 2008-04-14 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-03-20 17:29 . 2012-03-20 17:29 184832 ----a-w- c:\windows\system32\wbem\RacWmiSyst.dll
    2012-03-20 17:29 . 2012-03-20 17:29 20992 ----a-w- c:\windows\system32\wbem\wbemsyst.dll
    2012-03-14 02:15 . 2011-07-01 23:33 6582328 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-03-02 22:18 . 2012-03-02 22:17 413696 ----a-r- c:\documents and settings\Johnny\Datos de programa\Microsoft\Installer\{FD1E77D4-327F-4E24-9240-C82902068033}\BlackBerry.exe
    2012-01-31 12:44 . 2011-03-11 22:27 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-03-13 04:39 . 2012-04-14 22:16 97208 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-03_05.57.26 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-19 18:13 . 2012-04-19 18:14 16384 c:\windows\Temp\Perflib_Perfdata_190.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\archivos de programa\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
    "MSC"="c:\archivos de programa\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "BlackBerryAutoUpdate"="c:\archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
    "SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2011-12-08 00:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Synchronizer.lnk]
    path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Synchronizer.lnk
    backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
    2011-11-02 22:51 928656 ----a-w- c:\archivos de programa\Samsung\Kies\KiesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
    2011-11-02 22:52 21392 ----a-w- c:\archivos de programa\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
    2011-11-02 22:51 3508624 ----a-w- c:\archivos de programa\Samsung\Kies\KiesTrayAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
    2011-09-16 20:10 63048 ----a-w- c:\archivos de programa\LogMeIn\x86\LogMeInSystray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-01-26 21:31 2144088 --sha-r- c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]
    2008-11-27 17:31 156416 ----a-w- c:\archivos de programa\TuneUp Utilities 2009\MemOptimizer.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Facebook Update"="c:\documents and settings\Johnny\Configuración local\Datos de programa\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    "Workshelf"=c:\archivos de programa\Winstep\WorkShelf.exe autostart
    "Google Update"="c:\documents and settings\Johnny\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
    "Lyexlirias"="c:\documents and settings\Johnny\Datos de programa\Evxa\siaf.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" -atboottime
    "igfxtray"=c:\windows\system32\igfxtray.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\muzapp.exe"=
    "c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
    "c:\\Documents and Settings\\Johnny\\Configuración local\\Datos de programa\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "36632:TCP"= 36632:TCP:mad:xpsp2res.dll,-22009
    .
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [09/10/2011 02:47 p.m. 21992]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\archivos de programa\LogMeIn\x86\LMIGuardianSvc.exe [07/12/2011 06:21 p.m. 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\archivos de programa\LogMeIn\x86\rainfo.sys [16/09/2011 02:10 p.m. 12856]
    R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\archivos de programa\Nitro PDF\Professional\NitroPDFDriverService.exe [21/03/2011 11:17 a.m. 196928]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [21/03/2011 11:17 a.m. 68928]
    S0 cerc6;cerc6; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 01:16 p.m. 130384]
    S2 gupdate;Google Update Servicio (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [05/05/2011 06:37 p.m. 136176]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [13/11/2011 05:17 p.m. 30312]
    S3 gupdatem;Google Update Servicio (gupdatem);c:\archivos de programa\Google\Update\GoogleUpdate.exe [05/05/2011 06:37 p.m. 136176]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [13/11/2011 05:17 p.m. 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [13/11/2011 05:17 p.m. 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [13/11/2011 05:17 p.m. 136808]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [13/11/2011 05:17 p.m. 114280]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [16/03/2011 03:33 p.m. 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 01:16 p.m. 753504]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    jnvltgds
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
    .
    2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\archivos de programa\Google\Update\GoogleUpdate.exe [2011-05-06 00:37]
    .
    2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\archivos de programa\Google\Update\GoogleUpdate.exe [2011-05-06 00:37]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = <local>
    IE: Descargar con Mipony - file://c:\archivos de programa\MiPony\Browser\IEContext.htm
    IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 205.211.192.35 205.211.192.36
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - ProfilePath - c:\documents and settings\Johnny\Datos de programa\Mozilla\Firefox\Profiles\yfzvw9hr.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-19 14:10
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(440)
    c:\windows\system32\wbem\wbemsyst.dll
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    - - - - - - - > 'lsass.exe'(500)
    c:\windows\system32\wbem\wbemsyst.dll
    .
    Completion time: 2012-04-19 14:13:23
    ComboFix-quarantined-files.txt 2012-04-19 20:13
    ComboFix2.txt 2012-04-03 06:00
    ComboFix3.txt 2012-03-21 20:50
    .
    Pre-Run: 24,404,738,048 bytes libres
    Post-Run: 24,396,562,432 bytes libres
    .
    - - End Of File - - 07EEEA39899828F68704386CAEA894EE

    Got no warning or prompt after it finished
    Thanks
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Do you recognize or know what this is?

    c:\documents and settings\Johnny\Datos de programa\Evxa\siaf.exe
     
  7. juanlow

    juanlow Thread Starter

    Joined:
    Apr 17, 2012
    Messages:
    18
    Yes. That apparently was a virus or something i had some time ago but was supposedly removed. Is it still active?
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Very much so, I see you ran CF 3 times, also other scanners. did you receive help somewhere else before here?

    I`m going over logs, will have fix shortly...
     
  9. juanlow

    juanlow Thread Starter

    Joined:
    Apr 17, 2012
    Messages:
    18
    Yes. I had run combofix before as i read some posts when I had that problem of the virus :s but it was not direct help. And i cant remember where i read the posts.

    Thanks Kevin
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    ClearJavaCache::
    File::
    Folder::
    c:\documents and settings\Johnny\Datos de programa\Evxa
    Driver::
    cerc6
    jnvltgds
    NetSvc::
    jnvltgds
    Registry::
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Lyexlirias"=-
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Let me see that log, tell me what issues remain after that...

    Kevin
     
  11. juanlow

    juanlow Thread Starter

    Joined:
    Apr 17, 2012
    Messages:
    18
    Ok first of all sorry for delayed response. I went to work.
    After my last reply last time I did not have time to test the browsing in the pc or proceed with next step you indicated.
    But now that i came back from work i see pc is working normally and opening every single page on 2 different browsers just to check.
    I believe it was the combofix. But I also did what you told of CFScript and this is the log:
    ComboFix 12-04-19.01 - Johnny 20/04/2012 1:06.4.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.504.3082.18.502.211 [GMT -6:00]
    Running from: c:\documents and settings\Johnny\Escritorio\ComboFix.exe
    Command switches used :: c:\documents and settings\Johnny\Escritorio\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ADS - WINDOWS: deleted 192 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_JNVLTGDS
    -------\Service_cerc6
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-20 07:16 . 2012-04-20 07:16 56200 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{C1A42776-98F5-4A81-BD0D-3725CAECD541}\offreg.dll
    2012-04-20 06:57 . 2012-04-20 06:57 29904 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{C1A42776-98F5-4A81-BD0D-3725CAECD541}\MpKsl7eb2f387.sys
    2012-04-20 06:36 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{C1A42776-98F5-4A81-BD0D-3725CAECD541}\mpengine.dll
    2012-04-17 19:46 . 2012-04-17 19:46 -------- d-----w- c:\documents and settings\Administrador\Configuración local\Datos de programa\Mozilla
    2012-04-14 22:16 . 2012-04-14 22:16 -------- d-----w- c:\documents and settings\Johnny\Configuración local\Datos de programa\Mozilla
    2012-04-14 22:16 . 2012-03-13 04:39 97208 ----a-w- c:\archivos de programa\Mozilla Firefox\components\browsercomps.dll
    2012-04-14 22:16 . 2012-03-13 04:39 834712 ----a-w- c:\archivos de programa\Mozilla Firefox\uninstall\helper.exe
    2012-04-05 02:20 . 2012-04-05 02:20 -------- d-----w- c:\documents and settings\NetworkService\Configuración local\Datos de programa\Apple
    2012-04-02 17:32 . 2012-04-02 17:36 -------- d-----w- c:\windows\SxsCaPendDel
    2012-04-02 05:59 . 2012-04-02 05:59 -------- d-----w- C:\ERDNT2
    2012-03-30 19:29 . 2012-04-02 17:30 -------- d-----w- c:\archivos de programa\Safari
    2012-03-30 19:28 . 2012-03-30 19:28 -------- d-----w- c:\archivos de programa\Apple Software Update
    2012-03-21 20:17 . 2012-03-21 20:18 -------- d-----w- C:\Fix
    2012-03-21 08:52 . 2012-03-21 08:52 -------- d-----w- C:\TDSSKiller_Quarantine
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-21 08:53 . 2008-04-14 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-03-20 17:29 . 2012-03-20 17:29 184832 ----a-w- c:\windows\system32\wbem\RacWmiSyst.dll
    2012-03-20 17:29 . 2012-03-20 17:29 20992 ----a-w- c:\windows\system32\wbem\wbemsyst.dll
    2012-03-14 02:15 . 2011-07-01 23:33 6582328 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-03-02 22:18 . 2012-03-02 22:17 413696 ----a-r- c:\documents and settings\Johnny\Datos de programa\Microsoft\Installer\{FD1E77D4-327F-4E24-9240-C82902068033}\BlackBerry.exe
    2012-01-31 12:44 . 2011-03-11 22:27 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-03-13 04:39 . 2012-04-14 22:16 97208 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-03_05.57.26 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-20 07:15 . 2012-04-20 07:15 16384 c:\windows\temp\Perflib_Perfdata_7ec.dat
    + 2011-03-11 22:19 . 2010-07-05 13:16 18808 c:\windows\system32\spmsg.dll
    + 2011-03-11 21:15 . 2012-01-09 16:20 139784 c:\windows\system32\drivers\rdpwd.sys
    + 2011-03-11 21:15 . 2012-01-09 16:20 139784 c:\windows\system32\dllcache\rdpwd.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\archivos de programa\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
    "MSC"="c:\archivos de programa\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "BlackBerryAutoUpdate"="c:\archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
    "SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2011-12-08 00:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Synchronizer.lnk]
    path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Synchronizer.lnk
    backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
    2011-11-02 22:51 928656 ----a-w- c:\archivos de programa\Samsung\Kies\KiesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
    2011-11-02 22:52 21392 ----a-w- c:\archivos de programa\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
    2011-11-02 22:51 3508624 ----a-w- c:\archivos de programa\Samsung\Kies\KiesTrayAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
    2011-09-16 20:10 63048 ----a-w- c:\archivos de programa\LogMeIn\x86\LogMeInSystray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-01-26 21:31 2144088 --sha-r- c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]
    2008-11-27 17:31 156416 ----a-w- c:\archivos de programa\TuneUp Utilities 2009\MemOptimizer.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Facebook Update"="c:\documents and settings\Johnny\Configuración local\Datos de programa\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    "Workshelf"=c:\archivos de programa\Winstep\WorkShelf.exe autostart
    "Google Update"="c:\documents and settings\Johnny\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
    "Lyexlirias"="c:\documents and settings\Johnny\Datos de programa\Evxa\siaf.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" -atboottime
    "igfxtray"=c:\windows\system32\igfxtray.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\muzapp.exe"=
    "c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
    "c:\\Documents and Settings\\Johnny\\Configuración local\\Datos de programa\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "36632:TCP"= 36632:TCP:mad:xpsp2res.dll,-22009
    .
    R1 MpKsl7eb2f387;MpKsl7eb2f387;c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{C1A42776-98F5-4A81-BD0D-3725CAECD541}\MpKsl7eb2f387.sys [20/04/2012 12:57 a.m. 29904]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [09/10/2011 02:47 p.m. 21992]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\archivos de programa\LogMeIn\x86\LMIGuardianSvc.exe [07/12/2011 06:21 p.m. 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\archivos de programa\LogMeIn\x86\rainfo.sys [16/09/2011 02:10 p.m. 12856]
    R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\archivos de programa\Nitro PDF\Professional\NitroPDFDriverService.exe [21/03/2011 11:17 a.m. 196928]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [21/03/2011 11:17 a.m. 68928]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 01:16 p.m. 130384]
    S2 gupdate;Google Update Servicio (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [05/05/2011 06:37 p.m. 136176]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [13/11/2011 05:17 p.m. 30312]
    S3 gupdatem;Google Update Servicio (gupdatem);c:\archivos de programa\Google\Update\GoogleUpdate.exe [05/05/2011 06:37 p.m. 136176]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [13/11/2011 05:17 p.m. 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [13/11/2011 05:17 p.m. 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [13/11/2011 05:17 p.m. 136808]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [13/11/2011 05:17 p.m. 114280]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [16/03/2011 03:33 p.m. 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 01:16 p.m. 753504]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
    .
    2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\archivos de programa\Google\Update\GoogleUpdate.exe [2011-05-06 00:37]
    .
    2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\archivos de programa\Google\Update\GoogleUpdate.exe [2011-05-06 00:37]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = <local>
    IE: Descargar con Mipony - file://c:\archivos de programa\MiPony\Browser\IEContext.htm
    IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 205.211.192.35 205.211.192.36
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - ProfilePath - c:\documents and settings\Johnny\Datos de programa\Mozilla\Firefox\Profiles\yfzvw9hr.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-20 01:16
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(444)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    - - - - - - - > 'explorer.exe'(3108)
    c:\windows\system32\msi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\archivos de programa\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\archivos de programa\Java\jre6\bin\jqs.exe
    c:\archivos de programa\LogMeIn\x86\RaMaint.exe
    c:\archivos de programa\LogMeIn\x86\LogMeIn.exe
    c:\windows\System32\TUProgSt.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-20 01:24:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-20 07:24
    ComboFix2.txt 2012-04-19 20:13
    ComboFix3.txt 2012-04-03 06:00
    ComboFix4.txt 2012-03-21 20:50
    .
    Pre-Run: 24,007,233,536 bytes libres
    Post-Run: 23,920,242,688 bytes libres
    .
    - - End Of File - - CE50ED841F3C93D00B471553FBA82C67

    Browsing is still running smoothly as before I had the issue!
    I just hope it stays like that. This was a pain for about 2 weeks!
    Wanted to know if there is any risk by keeping system restore active as it seems combofix activates it, and I usually deactivate it.

    Thanks a lot Kevin.
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Reply times are fine, we all have to work. I`ve got to go out myself shortly... OK I see the problem file I asked about is still active. Regarding System Restore, that should be kept active, is a safety feature..

    Run the following please, is purely diagnostic; it will make NO changes...

    Download [​IMG] OTL from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3
    Link 4
    • Double click on the icon [​IMG] to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top, make sure Stadard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in:

      Code:
      netsvcs
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      msconfig
      %SYSTEMDRIVE%\*.exe
      %LOCALAPPDATA%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      /md5stop
      CREATERESTOREPOINT
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      
    • Click the [​IMG] button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

    I` ll be offline until maybe 5 pm UK time...

    Kevin
     
  13. juanlow

    juanlow Thread Starter

    Joined:
    Apr 17, 2012
    Messages:
    18
    Here are the logs for the OTL scan Kevin:

    OTL
    OTL logfile created on: 20/04/2012 01:03:12 p.m. - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Johnny\Escritorio
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 0000480A | Country: Honduras | Language: ESH | Date Format: dd/MM/yyyy

    502.07 Mb Total Physical Memory | 88.45 Mb Available Physical Memory | 17.62% Memory free
    1.93 Gb Paging File | 1.58 Gb Available in Paging File | 81.89% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
    Drive C: | 74.50 Gb Total Space | 22.31 Gb Free Space | 29.95% Space Free | Partition Type: NTFS
    Drive D: | 31.49 Gb Total Space | 0.91 Gb Free Space | 2.88% Space Free | Partition Type: NTFS
    Drive E: | 1.84 Gb Total Space | 0.31 Gb Free Space | 16.70% Space Free | Partition Type: FAT

    Computer Name: JOHNNY-B3EFA694 | User Name: Johnny | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/20 12:22:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johnny\Escritorio\OTL.scr
    PRC - [2011/12/07 18:21:50 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Archivos de programa\LogMeIn\x86\ramaint.exe
    PRC - [2011/12/07 18:21:44 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Archivos de programa\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2011/11/20 20:07:23 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
    PRC - [2011/09/16 14:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
    PRC - [2011/06/09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
    PRC - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
    PRC - [2011/03/21 11:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) -- C:\Archivos de programa\Nitro PDF\Professional\NitroPDFDriverService.exe
    PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Security Client\msseces.exe
    PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Archivos de programa\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2009/07/01 23:12:46 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe
    PRC - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PRC - [2008/04/14 06:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2007/01/17 17:36:38 | 000,129,024 | ---- | M] () -- C:\Archivos de programa\WinRAR\RarExt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/12/07 18:21:50 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Archivos de programa\LogMeIn\x86\ramaint.exe -- (LMIMaint)
    SRV - [2011/12/07 18:21:44 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Archivos de programa\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2011/11/20 20:07:23 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
    SRV - [2011/11/20 20:07:19 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2011/10/05 11:41:49 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2011/09/16 14:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2011/03/21 11:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Archivos de programa\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
    SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Archivos de programa\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2008/11/12 16:44:18 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2011/12/07 18:22:16 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2011/10/26 19:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
    DRV - [2011/10/26 19:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV - [2011/10/26 19:25:40 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
    DRV - [2011/10/26 19:25:40 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
    DRV - [2011/10/26 19:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
    DRV - [2011/09/16 14:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2011/09/16 14:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Archivos de programa\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
    DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2006/07/14 10:45:20 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\..\SearchScopes,DefaultScope = {1F096B29-E9DA-4D64-8D63-936BE7762CC5}
    IE - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b87ae93900000000000000188b1de8b4&tlver=1.4.19.19&ss=1&affID=18025
    IE - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Archivos de programa\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Archivos de programa\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Archivos de programa\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Archivos de programa\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Archivos de programa\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Archivos de programa\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Archivos de programa\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Archivos de programa\Archivos comunes\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Update\1.2.183.7\npGoogleOneClick8.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\Johnny\Configuración local\Datos de programa\RewardsArcade\498\Firefox [2011/11/20 18:58:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2012/04/14 16:16:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins

    [2012/04/14 16:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnny\Datos de programa\Mozilla\Extensions
    [2012/04/14 16:16:00 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
    [2012/03/12 22:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
    [2011/05/15 18:53:24 | 000,002,428 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\babylon.xml
    [2012/03/12 22:38:32 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
    [2012/03/12 22:38:32 | 000,002,040 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Johnny\Configuraci\u00F3n local\Datos de programa\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Johnny\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\17.0.963.79\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Johnny\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Johnny\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\17.0.963.79\pdf.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Archivos de programa\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Archivos de programa\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Archivos de programa\Windows Media Player\npdsplay.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Documents and Settings\Johnny\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Documents and Settings\Johnny\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\plugins\nprpjplug.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Archivos de programa\Archivos comunes\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Archivos de programa\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Archivos de programa\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Johnny\Configuraci\u00F3n local\Datos de programa\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: B\u00FAsqueda de Google = C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: RewardsArcade = C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_6\
    CHR - Extension: Fanatico-Online = C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\ennhhfmdlbpomijdllhgedgjcnbhohen\1.8_1\
    CHR - Extension: Cuevana Stream = C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.1_0\
    CHR - Extension: Cuevana Stream = C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.1_0\.svn\props\.svn-work
    CHR - Extension: Gmail = C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/04/20 01:15:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Loader Class) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\Documents and Settings\Johnny\Mis documentos\Downloads\W7\FindeXerNightly1.1.0.3\FindeXer.dll (A Part of the LessCliX Suite by Alianyn)
    O3 - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [MSC] c:\Archivos de programa\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Archivos de programa\Archivos comunes\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Archivos de programa\Archivos comunes\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Descargar con Mipony - C:\Archivos de programa\MiPony\Browser\IEContext.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Archivos de programa\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1299880509015 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1299880644265 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.211.192.35 205.211.192.36
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7425E006-995F-4A41-97B7-0F9538012C50}: DhcpNameServer = 205.211.192.35 205.211.192.36
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/03/11 15:20:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
    NetSvcs: WmdmPmSp - File not found

    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Synchronizer.lnk - C:\Archivos de programa\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe - ()
    MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Archivos de programa\Samsung\Kies\KiesHelper.exe (Samsung)
    MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Archivos de programa\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Archivos de programa\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    MsConfig - StartUpReg: LogMeIn GUI - hkey= - key= - C:\Archivos de programa\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    MsConfig - StartUpReg: TuneUp MemOptimizer - hkey= - key= - C:\Archivos de programa\TuneUp Utilities 2009\MemOptimizer.exe (TuneUp Software GmbH)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 0

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/20 12:22:21 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Johnny\Escritorio\OTL.scr
    [2012/04/20 01:13:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/04/19 23:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Escritorio\Omoa
    [2012/04/19 13:37:27 | 004,467,868 | R--- | C] (Swearware) -- C:\Documents and Settings\Johnny\Escritorio\ComboFix.exe
    [2012/04/18 12:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Escritorio\from lap
    [2012/04/14 16:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Datos de programa\Mozilla
    [2012/04/14 16:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Mozilla
    [2012/04/06 02:07:59 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Johnny\Escritorio\WinsockxpFix-WinXP.exe
    [2012/04/04 20:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Apple
    [2012/04/02 23:41:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/04/02 23:41:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/04/02 23:41:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/04/02 23:41:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/04/02 23:39:58 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/02 11:32:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
    [2012/04/01 23:59:17 | 000,000,000 | ---D | C] -- C:\ERDNT2
    [2012/04/01 20:41:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Johnny\Recent
    [2012/03/30 13:29:40 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Safari
    [2012/03/30 13:28:58 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Apple Software Update
    [2012/03/21 14:30:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/03/21 14:17:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/03/21 14:17:29 | 000,000,000 | ---D | C] -- C:\Fix
    [2012/03/21 14:16:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Johnny\Menú Inicio\Programas\Herramientas administrativas
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Johnny\Escritorio\*.tmp files -> C:\Documents and Settings\Johnny\Escritorio\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/20 12:53:28 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/20 12:53:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/04/20 12:22:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johnny\Escritorio\OTL.scr
    [2012/04/20 01:35:00 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/20 01:15:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/04/19 13:38:16 | 004,467,868 | R--- | M] (Swearware) -- C:\Documents and Settings\Johnny\Escritorio\ComboFix.exe
    [2012/04/18 17:54:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/04/17 00:24:27 | 000,000,451 | RHS- | M] () -- C:\boot.ini
    [2012/04/14 16:16:06 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Mozilla Firefox.lnk
    [2012/04/12 15:34:05 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
    [2012/04/12 13:44:40 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Johnny\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/11 20:20:03 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/04/03 08:27:27 | 000,085,364 | ---- | M] () -- C:\Documents and Settings\Johnny\Escritorio\Mission.Impossible.Ghost.Protocol.2011.720p.BluRay.x264-SPARKS.srt
    [2012/03/31 01:44:22 | 000,391,399 | ---- | M] () -- C:\Documents and Settings\Johnny\Mis documentos\DesktopCapture - 2012-03-31, 01.44.jpg
    [2012/03/30 13:31:55 | 000,074,412 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2012/03/23 01:47:33 | 000,378,091 | ---- | M] () -- C:\Documents and Settings\Johnny\Mis documentos\DesktopCapture - 2012-03-23, 01.47.jpg
    [2012/03/23 00:33:34 | 000,022,528 | -H-- | M] () -- C:\Documents and Settings\Johnny\Escritorio\photothumb.db
    [2012/03/23 00:33:33 | 000,059,392 | -H-- | M] () -- C:\Documents and Settings\Johnny\Mis documentos\photothumb.db
    [2012/03/22 13:13:45 | 000,013,450 | ---- | M] () -- C:\Documents and Settings\Johnny\Mis documentos\cc_20120322_131341.reg
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Johnny\Escritorio\*.tmp files -> C:\Documents and Settings\Johnny\Escritorio\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/04/18 14:44:40 | 000,204,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
    [2012/04/14 16:16:06 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Mozilla Firefox.lnk
    [2012/04/14 16:16:06 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Mozilla Firefox.lnk
    [2012/04/06 01:40:08 | 000,085,364 | ---- | C] () -- C:\Documents and Settings\Johnny\Escritorio\Mission.Impossible.Ghost.Protocol.2011.720p.BluRay.x264-SPARKS.srt
    [2012/04/02 23:41:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/04/02 23:41:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/04/02 23:41:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/04/02 23:41:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/04/02 23:41:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/03/31 01:44:22 | 000,391,399 | ---- | C] () -- C:\Documents and Settings\Johnny\Mis documentos\DesktopCapture - 2012-03-31, 01.44.jpg
    [2012/03/30 13:31:55 | 000,074,412 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2012/03/30 13:29:01 | 000,000,298 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/03/23 01:47:32 | 000,378,091 | ---- | C] () -- C:\Documents and Settings\Johnny\Mis documentos\DesktopCapture - 2012-03-23, 01.47.jpg
    [2012/03/22 13:13:43 | 000,013,450 | ---- | C] () -- C:\Documents and Settings\Johnny\Mis documentos\cc_20120322_131341.reg
    [2012/03/21 14:31:04 | 000,000,334 | ---- | C] () -- C:\Boot.bak
    [2012/03/21 14:31:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/11/16 00:45:36 | 000,677,626 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\WPFFontCache_v0400-S-1-5-21-507921405-2111687655-1177238915-1003-0.dat
    [2011/11/15 14:36:14 | 000,324,790 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\WPFFontCache_v0400-System.dat
    [2011/10/31 11:22:42 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
    [2011/10/31 11:22:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
    [2011/10/31 11:22:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
    [2011/10/31 11:22:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
    [2011/10/31 11:22:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
    [2011/09/08 20:58:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/07/22 00:47:01 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
    [2011/03/17 20:31:57 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2011/03/17 00:34:06 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2011/03/13 12:50:38 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Johnny\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/03/12 00:27:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/03/11 19:42:25 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Johnny\Configuración local\Datos de programa\fusioncache.dat
    [2011/03/11 15:22:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/03/11 15:16:34 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/03/11 08:04:58 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/03/11 08:03:35 | 000,351,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== LOP Check ==========

    [2012/03/23 01:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Autodesk
    [2012/04/20 01:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\LogMeIn
    [2011/09/06 15:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Messenger Plus!
    [2011/09/28 12:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Nitro PDF
    [2012/03/12 00:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\PageTech
    [2011/03/17 20:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Research In Motion
    [2011/11/13 17:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Samsung
    [2011/11/20 20:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TuneUp Software
    [2011/03/23 21:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [2011/11/20 20:05:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Datos de programa\{55A29068-F2CE-456C-9148-C869879E2357}
    [2012/03/23 01:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Autodesk
    [2011/09/28 12:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Downloaded Installations
    [2012/03/21 21:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Ezfy
    [2011/11/20 21:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\FindeXer
    [2012/04/14 16:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Mipony
    [2012/03/22 15:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Nitro PDF
    [2011/03/17 20:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Research In Motion
    [2011/11/06 15:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\rinsebyreal
    [2011/09/16 12:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Rovio
    [2011/11/13 17:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Samsung
    [2011/11/20 20:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\Styler
    [2011/11/20 20:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\TuneUp Software
    [2011/11/20 23:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\ViGlance
    [2011/11/20 23:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Datos de programa\ViStart

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %SYSTEMDRIVE%\*.exe >
    Invalid Environment Variable: LOCALAPPDATA

    < MD5 for: EXPLORER.EXE >
    [2008/04/14 06:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\ERDNT\cache\explorer.exe
    [2008/04/14 06:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\explorer.exe
    [2008/04/14 06:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\system32\dllcache\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2008/04/14 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\ERDNT\cache\svchost.exe
    [2008/04/14 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\system32\dllcache\svchost.exe
    [2008/04/14 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\system32\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2008/04/14 06:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\ERDNT\cache\userinit.exe
    [2008/04/14 06:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\dllcache\userinit.exe
    [2008/04/14 06:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2008/04/14 06:00:00 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\ERDNT\cache\winlogon.exe
    [2008/04/14 06:00:00 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\system32\dllcache\winlogon.exe
    [2008/04/14 06:00:00 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\system32\winlogon.exe

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-20 05:57:29

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
    [C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
    [C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

    < End of report >

    Extras

    OTL Extras logfile created on: 20/04/2012 01:03:12 p.m. - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Johnny\Escritorio
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 0000480A | Country: Honduras | Language: ESH | Date Format: dd/MM/yyyy

    502.07 Mb Total Physical Memory | 88.45 Mb Available Physical Memory | 17.62% Memory free
    1.93 Gb Paging File | 1.58 Gb Available in Paging File | 81.89% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
    Drive C: | 74.50 Gb Total Space | 22.31 Gb Free Space | 29.95% Space Free | Partition Type: NTFS
    Drive D: | 31.49 Gb Total Space | 0.91 Gb Free Space | 2.88% Space Free | Partition Type: NTFS
    Drive E: | 1.84 Gb Total Space | 0.31 Gb Free Space | 16.70% Space Free | Partition Type: FAT

    Computer Name: JOHNNY-B3EFA694 | User Name: Johnny | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-507921405-2111687655-1177238915-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .scr [@ = scrfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "36632:TCP" = 36632:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
    "C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Johnny\Configuración local\Datos de programa\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
    "{12E0A949-8861-35F8-B7ED-5658788A7BFE}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ESN
    "{1719FAD6-2F6A-4F5E-BF2B-1F6F6F1E3806_PasswordRemover}_is1" = Wondershare PDF Password Remover (Build 1.3.0)
    "{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}" = Angry Birds
    "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
    "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
    "{288D7000-786B-11D6-9D00-00B0D0E6A72E}" = RISA-2D Educational
    "{298B7460-A43A-3083-B295-75547FC68392}" = Microsoft .NET Framework 3.5 Language Pack - esn
    "{2B83A043-BA8C-4164-98AA-29529D0BE756}" = Windows Live Essentials
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
    "{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
    "{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5CDF6674-78CA-4B1F-A3CA-BA7EAC6E4E0B}" = Nitro PDF Professional
    "{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
    "{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client ES-ES Language Pack
    "{8924FD04-AFF1-4387-B08B-6A979485F2BD}" = Windows Live Call
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{90120000-0010-0C0A-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Spanish) 12
    "{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
    "{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
    "{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
    "{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
    "{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
    "{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
    "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
    "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
    "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
    "{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
    "{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
    "{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype&#8482; 5.5
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
    "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BB0DCC5E-7477-3350-B5F5-7CE64E1E83B6}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ESN
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C0CF1841-ABED-41F4-B818-A9E60B607DD9}" = DWGgateway
    "{C4156B59-DD7E-40DF-AF08-E568A27A6409}" = Windows Live Messenger
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D5FB2C06-3B89-41C5-9787-E51782AEA5B7}" = Microsoft Antimalware Service ES-ES Language Pack
    "{E2B4FE1C-2CFA-47EE-A88C-A14D0FF1F0B0}" = BBSAK
    "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
    "{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
    "{FD1E77D4-327F-4E24-9240-C82902068033}" = BlackBerry Device Software v6.0.0 para el smartphone BlackBerry 9780
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AMP WinOFF" = AMP WinOFF 5.0.1
    "AutoCAD 2009 - English" = AutoCAD 2009 - English
    "Autodesk Design Review 2009" = Autodesk Design Review 2009
    "BlackBerry_{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
    "CCleaner" = CCleaner
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
    "DWG TrueView 2010" = DWG TrueView 2010
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Gadwin PrintScreen" = Gadwin PrintScreen
    "Gadwin Web Snapshot" = Gadwin Web Snapshot
    "GOM Player" = GOM Player
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Basic)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 Language Pack - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 - esn
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "MiPony" = MiPony 1.2.3
    "Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
    "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PhotoScape" = PhotoScape
    "PokerStars.net" = PokerStars.net
    "RealAlt_is1" = Real Alternative 1.8.0
    "ResourceHacker_is1" = Resource Hacker Version 3.6.0
    "ShockwaveFlash" = Macromedia Flash Player 8
    "ViGlance" = ViGlance
    "ViStart" = ViStart
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Reproductor de Windows Media 11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = Compresor WinRAR
    "Winstep Xtreme_is1" = Winstep Xtreme 8.11
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-507921405-2111687655-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "CarbonPoker" = CarbonPoker
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 02/04/2012 01:48:07 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 3.0.8107.0,
    P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 05/04/2012 02:30:37 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 3.0.8107.0,
    P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 06/04/2012 03:42:10 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 3.0.8107.0,
    P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 08/04/2012 01:20:16 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = Application Hang | ID = 1002
    Description = Aplicación que no responde: chrome.exe, versión 17.0.963.79, módulo
    que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

    Error - 09/04/2012 01:20:29 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8107.0,
    P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 11/04/2012 09:02:04 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
    download, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials
    (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

    Error - 16/04/2012 01:52:02 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 3.0.8107.0,
    P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 17/04/2012 03:55:35 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
    3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 18/04/2012 04:57:53 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
    3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 20/04/2012 03:11:05 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = crypt32 | ID = 131080
    Description = Error en la recuperación de actualización automática del número de
    secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    con el error: No se ha podido resolver el nombre de servidor o su dirección

    [ OSession Events ]
    Error - 07/05/2011 05:57:25 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 20/04/2012 03:06:08 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7034
    Description = El servicio Servicio de puerta de enlace de capa de aplicación se
    terminó de manera inesperada. Esto ha sucedido 1 veces.

    Error - 20/04/2012 03:06:08 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7034
    Description = El servicio NLS Service se terminó de manera inesperada. Esto ha sucedido
    1 veces.

    Error - 20/04/2012 03:06:08 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7034
    Description = El servicio TuneUp Program Statistics Service se terminó de manera
    inesperada. Esto ha sucedido 1 veces.

    Error - 20/04/2012 03:06:08 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7034
    Description = El servicio LogMeIn Maintenance Service se terminó de manera inesperada.
    Esto ha sucedido 1 veces.

    Error - 20/04/2012 03:06:08 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7034
    Description = El servicio LogMeIn se terminó de manera inesperada. Esto ha sucedido
    1 veces.

    Error - 20/04/2012 03:06:08 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7034
    Description = El servicio LMIGuardianSvc se terminó de manera inesperada. Esto ha
    sucedido 1 veces.

    Error - 20/04/2012 03:06:08 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7034
    Description = El servicio Java Quick Starter se terminó de manera inesperada. Esto
    ha sucedido 1 veces.

    Error - 20/04/2012 03:06:08 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7031
    Description = El servicio Apple Mobile Device terminó inesperadamente. Lo ha hecho
    1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar
    el servicio.

    Error - 20/04/2012 03:06:09 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7034
    Description = El servicio Cola de impresión se terminó de manera inesperada. Esto
    ha sucedido 1 veces.

    Error - 20/04/2012 03:06:11 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = Service Control Manager | ID = 7031
    Description = El servicio Microsoft Antimalware Service terminó inesperadamente.
    Lo ha hecho 1 veces. Se realizará la siguiente acción correctora en 15000 milisegundos:
    Reiniciar el servicio.

    [ TuneUp Events ]
    Error - 11/03/2012 03:51:47 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = TuneUp Program Statistics | ID = 131840
    Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
    ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-11 13:51:47', '\device\harddiskvolume1\archivos
    de programa\malwarebytes' anti-malware\mbam.exe','3640',0)

    Error - 20/03/2012 03:15:35 p.m. | Computer Name = JOHNNY-B3EFA694 | Source = TuneUp Program Statistics | ID = 131840
    Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
    ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-20 13:15:30', '\device\harddiskvolume1\archivos
    de programa\malwarebytes' anti-malware\mbam.exe','2144',0)

    Error - 03/04/2012 02:27:22 a.m. | Computer Name = JOHNNY-B3EFA694 | Source = TuneUp Program Statistics | ID = 131840
    Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
    ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-04-03 00:27:22', '\device\harddiskvolume1\archivos
    de programa\malwarebytes' anti-malware\mbam.exe','4196',0)


    < End of report >

    About the siaf file I follow the route and it does not show even with hidden files showing option.
    And internet is still running correctly.
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Ok that log does not show any malware, do the following.

    Step 1

    Re-Run [​IMG] by double left click, Vista and Widows 7 users right click and select Run as Administrator.
    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      [2011/05/15 18:53:24 | 000,002,428 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\babylon.xml
      O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKU\S-1-5-21-507921405-2111687655-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
      
      :Files
      ipconfig /flushdns /c
      :Commands
      [emptytemp]
      [Reboot]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log it produces in your next reply.

    Step 2

    • Click Start, click Run, type or copy/paste control appwiz.cpl in the Open box, and then press ENTER.
    • Click to select Java(TM) 6 Update 6 from the application list, and then click Remove. Only re-boot if prompted

    Next,

    You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
    For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
    The most current version of Sun Java is: Java Runtime Environment Version 6 Update 31.

    • Go to Sun Java
    • Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
    • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
    • Reboot your computer

    Let me see the log from OTL Fix, also tell me if any issues remain....

    Kevin
     
  15. juanlow

    juanlow Thread Starter

    Joined:
    Apr 17, 2012
    Messages:
    18
    Ok here is the log for OTL in Step1:

    All processes killed
    ========== OTL ==========
    C:\Archivos de programa\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_USERS\S-1-5-21-507921405-2111687655-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Configuración IP de Windows
    Se vació con éxito la caché de resolución de DNS.
    C:\Documents and Settings\Johnny\Escritorio\cmd.bat deleted successfully.
    C:\Documents and Settings\Johnny\Escritorio\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrador
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 12228245 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56475 bytes

    User: Johnny
    ->Temp folder emptied: 710 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 82241536 bytes
    ->Google Chrome cache emptied: 61830138 bytes
    ->Apple Safari cache emptied: 198656 bytes
    ->Flash cache emptied: 106629 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: LogMeInRemoteUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56475 bytes

    User: NetworkService
    ->Temp folder emptied: 3618 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2352086 bytes
    %systemroot%\System32 .tmp files removed: 2909 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2456 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 152.00 mb


    OTL by OldTimer - Version 3.2.39.2 log created on 04202012_160355

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    I deleted the Update6 and installed Update31 of java.
    I also saw i had an Update29 in the programs list when removing 6.
    Should i do anything with that?
    Browsing and internet still normal and loading every page.

    Thanks Kevin
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1049652