1.

Solve : Virus affecting Google?

Answer»

Hello,

So here we have four computers all running on the same network. Today we found that three of the computers are having problems and I believe that they´re infected by a virus.
What happens it that when I go to www.google.com it that it´s a page that is a copy of Google Brazil, but I can´t search anything, my browser says that the page is running Java and it asks me to install an update to Java. Gmail has not been working all day and has been giving a connection rejected error, but right now gmail works. Also, typing in https://www.google.com gives the same connection rejected error.
I´ve run scans but they come up with no malicious programs.
Also, so that you may know, these are not personal nor business computers, but rather office computers of a religous organization. Thanks greatly for any help rendered!

Here are the desired logs:
# AdwCleaner v2.005 - Logfile created 10/20/2012 at 14:44:30
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Enterprise (32 bits)
# User : Asistentes - COMISARIO
# Boot Mode : Normal
# Running from : C:\Users\Asistentes\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Asistentes\AppData\Local\APN

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-3766974311-3583871598-1393546944-1008\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Asistentes\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1089 octets] - [20/10/2012 14:44:30]

########## EOF - C:\AdwCleaner[R1].txt - [1149 octets] ##########














Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.20.05

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Asistentes :: COMISARIO [administrator]

20-10-2012 14:46:12
mbam-log-2012-10-20 (14-46-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207614
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)












DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385
Run by Asistentes at 16:15:06 on 2012-10-20
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.56.1033.18.2942.1665 [GMT -3:00]
.
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
FW: Sophos Client Firewall *Disabled* {5DC05945-DCB7-74B7-ECB2-D2D780BF0EF1}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\Windows\system32\CBA\pds.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Windows\system32\conhost.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\Program Files\Hewlett-Packard\DDMI\9.31\Scanner Scheduler\ScannerScheduler.exe
C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_gui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.lds.org/?lang=eng
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [Google Update] "c:\users\asistentes\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [EDFcsn] c:\program files\hewlett-packard\discovery agent\plugins\usage\discfcsn.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: ForceRunOnStartMenu = dword:1
uPolicies-Explorer: NoStartMenuMyGames = dword:1
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoMSAppLogo5ChannelNotify = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: accesspointe.com
Trusted Zone: dell.com
Trusted Zone: deseretbook.net
Trusted Zone: elementk.com
Trusted Zone: emptoris.com
Trusted Zone: enpointe.com
Trusted Zone: eway.com
Trusted Zone: grainger.com
Trusted Zone: hp.com
Trusted Zone: netdimensions.com
Trusted Zone: officemaxsolutions.com
Trusted Zone: paymentnet.com
Trusted Zone: providentliving.org
Trusted Zone: rosettastone.com
Trusted Zone: safaribooksonline.com
Trusted Zone: skillport.com
Trusted Zone: skillsoft.com
Trusted Zone: vinimaya.com
Trusted Zone: waxie.com
Trusted Zone: xerox.com
Trusted Zone: accesspointe.com
Trusted Zone: dell.com
Trusted Zone: deseretbook.net
Trusted Zone: elementk.com
Trusted Zone: emptoris.com
Trusted Zone: enpointe.com
Trusted Zone: eway.com
Trusted Zone: grainger.com
Trusted Zone: hp.com
Trusted Zone: netdimensions.com
Trusted Zone: officemaxsolutions.com
Trusted Zone: paymentnet.com
Trusted Zone: providentliving.org
Trusted Zone: rosettastone.com
Trusted Zone: safaribooksonline.com
Trusted Zone: skillport.com
Trusted Zone: skillsoft.com
Trusted Zone: vinimaya.com
Trusted Zone: waxie.com
Trusted Zone: xerox.com
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
TCP: NameServer = 200.98.67.135 8.8.8.8
TCP: Interfaces\{A2689B14-969A-40E9-A3BF-1F7238883BB2} : DHCPNameServer = 200.98.67.135 8.8.8.8
SSODL: WebCheck -
.
============= SERVICES / DRIVERS ===============
.
R0 stdflt;DISK Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2012-7-27 17072]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2012-2-13 87312]
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2012-7-27 123680]
R1 scfdriver;SCF Kernel Driver;c:\windows\system32\drivers\scfdriver.sys [2012-7-27 88352]
R1 scfndis;Sophos Client Firewall NDIS packet filter;c:\windows\system32\drivers\scfndis.sys [2012-7-27 45856]
R1 SKMScan;SKMScan;c:\windows\system32\drivers\skmscan.sys [2012-7-27 31736]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2012-2-13 1604880]
R2 CBA8;LANDesk(R) Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2009-11-4 147456]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2012-7-27 60928]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2012-7-27 205312]
R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\landesk\ldclient\tmcsvc.exe [2012-7-27 178688]
R2 ovedScannerScheduler;HP DDMI Scanner Scheduler;c:\program files\hewlett-packard\ddmi\9.31\scanner scheduler\ScannerScheduler.exe [2011-7-21 442936]
R2 prgnUsageAgent;HP DDMI Software Utilization Agent;c:\program files\hewlett-packard\discovery agent\plugins\usage\discusge.exe [2011-10-29 536632]
R2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\landesk\ldclient\softmon.exe [2012-7-27 385024]
R2 TGRAB;Tivoli Endpoint Manager for Remote Control - Text Screen Capture Driver;c:\windows\system32\tgrab.sys [2012-4-26 8288]
R2 TRCTARGET;Tivoli Endpoint Manager for Remote Control - Target;c:\program files\ibm\tivoli\remote control\target\trc_base.exe [2012-4-26 794624]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-7-27 325672]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2012-7-27 5120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-16 22856]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2012-7-27 6144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Servicio (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-30 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-17 676936]
S2 ProcTrigger;LANDesk(R) Process Trigger Service;c:\program files\landesk\ldclient\ProcTriggerSvc.exe [2012-7-27 143360]
S2 tracksvc;LANDesk(R) Power Management Track Service;c:\program files\landesk\ldclient\tracksvc.exe [2012-7-27 66048]
S3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2012-7-27 42672]
S3 gupdatem;Google Update Servicio (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-30 136176]
S3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2012-7-27 14336]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2012-7-27 33696]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-30 1343400]
S4 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2012-7-27 216600]
S4 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2012-7-27 139840]
S4 Sophos Agent;Sophos Agent;c:\program files\sophos\remote management system\ManagementAgentNT.exe [2012-7-27 282624]
S4 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2012-7-27 232472]
S4 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files\sophos\sophos client firewall\SCFManager.exe [2012-7-27 150552]
S4 Sophos Client Firewall;Sophos Client Firewall;c:\program files\sophos\sophos client firewall\SCFService.exe [2012-7-27 89112]
S4 Sophos Message Router;Sophos Message Router;c:\program files\sophos\remote management system\RouterNT.exe [2012-7-27 806912]
S4 Sophos Web Control Service;Sophos Web Control Service;c:\program files\sophos\sophos anti-virus\web control\swc_service.exe [2012-7-27 357400]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2012-7-27 22536]
S4 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2012-7-27 2862656]
S4 swi_update;Sophos Web Intelligence Update;c:\programdata\sophos\web intelligence\swi_update.exe [2012-7-27 1465920]
.
=============== Created Last 30 ================
.
2012-10-20 17:36:10--------d-----w-c:\program files\CCleaner
2012-10-19 08:00:0456200----a-w-c:\programdata\microsoft\windows defender\definition updates\{df1ec337-1449-4a5c-95cf-5de7b5aa4824}\offreg.dll
2012-10-15 13:49:23541184----a-w-c:\windows\system32\kerberos.dll
2012-10-15 13:47:423958128----a-w-c:\windows\system32\ntkrnlpa.exe
2012-10-15 13:47:413902832----a-w-c:\windows\system32\ntoskrnl.exe
2012-10-03 13:07:17--------d-----w-c:\users\asistentes\appdata\local\ElevatedDiagnostics
2012-10-01 16:56:38--------d-----w-c:\programdata\BigFix
.
==================== Find3M ====================
.
2012-09-29 22:54:2622856----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-02 23:21:46294912----a-w-c:\windows\system32\umpnpmgr.dll
2012-08-24 17:10:47981504----a-w-c:\windows\system32\wininet.dll
2012-08-24 17:08:4744544----a-w-c:\windows\system32\licmgr10.dll
2012-08-24 16:01:45386048----a-w-c:\windows\system32\html.iec
2012-08-24 15:27:171638912----a-w-c:\windows\system32\mshtml.tlb
2012-08-04 19:53:40414368----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 22:38:3345856----a-w-c:\windows\system32\drivers\scfndis.sys
2012-07-27 22:35:5488352----a-w-c:\windows\system32\drivers\scfdriver.sys
2012-07-27 22:11:5633696----a-w-c:\windows\system32\drivers\sdcfilter.sys
2012-07-27 22:02:0730744----a-w-c:\windows\system32\SophosBootTasks.exe
2012-07-27 22:02:02123680----a-w-c:\windows\system32\drivers\savonaccess.sys
2012-07-27 21:42:3731736----a-w-c:\windows\system32\drivers\skmscan.sys
2012-07-27 21:36:36131824----a-w-c:\windows\system32\sdccoinstaller.dll
2012-07-27 20:39:4522536----a-w-c:\windows\system32\drivers\SophosBootDriver.sys
2012-07-27 20:12:254608----a-w-c:\windows\system32\W95Inf32.DLL
2012-07-27 20:12:252272----a-w-c:\windows\system32\W95Inf16.DLL
.
============= FINISH: 16:15:22,05 ===============













.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume2
Install Date: 27-07-2012 16:46:09
System Uptime: 19-10-2012 8:30:44 (32 hours ago)
.
Motherboard: Dell INC. | | 0YP696
Processor: AMD Athlon(tm) Dual Core Processor 5000B | Socket M2 | 2600/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 201,92 GiB free.
D: is CDROM ()
Y: is NetworkDisk (NTFS) - 233 GiB total, 77,169 GiB free.
Z: is NetworkDisk (NTFS) - 233 GiB total, 77,169 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: ST Micro Accelerometer
Device ID: ROOT\SYSTEM\0001
Manufacturer: ST Microelectronics
Name: ST Micro Accelerometer
PNP Device ID: ROOT\SYSTEM\0001
Service: Acceler
.
==== System Restore Points ===================
.
RP135: 10-09-2012 9:48:05 - Scheduled Checkpoint
RP136: 17-09-2012 19:09:07 - Scheduled Checkpoint
RP137: 21-09-2012 19:13:56 - Windows Update
RP138: 29-09-2012 0:00:01 - Scheduled Checkpoint
RP139: 07-10-2012 0:00:05 - Scheduled Checkpoint
RP140: 15-10-2012 1:56:20 - Scheduled Checkpoint
RP141: 15-10-2012 10:47:28 - Windows Update
RP142: 15-10-2012 10:49:11 - Windows Update
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 3 (SP3)
AccelerometerP11
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
Adobe Shockwave Player
Adobe Shockwave Player 11.6
Apple Application Support
Blue Coat K9 Web Protection
CCleaner
Cisco AnyConnect VPN Client
Cisco Unified MeetingPlace for Outlook
Citrix Desktop Receiver
Dell Backup and Recovery Manager
Dell Client System Update
Desinstalación de CopyTrans Suite solamente
Dicsoft Video Converter Platinum v3.6.5
DjVuLibre+DjView
eSupport UndeletePlus 3.0.3.521
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
HP DDM Inventory Agent (x86) 9.31.000.2343
HP DDM Inventory Scanner Scheduler (x86) 9.31.000.2343
HP DDMI Type 3
IBM Tivoli Endpoint Manager for Remote Control - Target
Intel PROSet Wireless
LANDesk Advance Agent
LANDesk(R) Common Base Agent 8
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Math Add-in for Word 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
NVIDIA Display Control Panel
NVIDIA Drivers
Power2Go
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Software Intel(R) PROSet/Wireless WiFi
Sophos Anti-Virus
Sophos AutoUpdate
Sophos Client Firewall
Sophos Remote Management System
swMSM
Tivoli Endpoint Manager Client
Windows Live Communications Platform
Windows Live Essentials
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer MESSAGES From Past Week ========
.
20-10-2012 1:02:03, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
18-10-2012 10:09:07, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
13-10-2012 17:06:00, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR13.
.
==== End Of File ===========================
Hi there!

All right, we're working on the first one right now. When you're ready to work on the other ones, after this one is clean, then start a new topic after we're done here. This will prevent confusion ultimately in the end.

ComboFix scan

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.Combofix Log:

ComboFix 12-10-21.02 - Asistentes 22-10-2012 11:14:46.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.56.1033.18.2942.2209 [GMT -2:00]
Running from: c:\users\Asistentes\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
FW: Sophos Client Firewall *Disabled* {5DC05945-DCB7-74B7-ECB2-D2D780BF0EF1}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-22 to 2012-10-22 )))))))))))))))))))))))))))))))
.
.
2012-10-22 05:16 . 2012-10-22 05:1656200----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF1EC337-1449-4A5C-95CF-5DE7B5AA4824}\offreg.dll
2012-10-20 17:36 . 2012-10-20 17:36--------d-----w-c:\program files\CCleaner
2012-10-15 13:49 . 2012-08-10 23:54541184----a-w-c:\windows\system32\kerberos.dll
2012-10-15 13:47 . 2012-08-30 17:183958128----a-w-c:\windows\system32\ntkrnlpa.exe
2012-10-15 13:47 . 2012-08-30 17:183902832----a-w-c:\windows\system32\ntoskrnl.exe
2012-10-04 13:35 . 2012-10-04 13:35--------d-----w-c:\users\DandC89
2012-10-03 13:07 . 2012-10-03 13:07--------d-----w-c:\users\Asistentes\AppData\Local\ElevatedDiagnostics
2012-10-01 16:56 . 2012-10-01 16:56--------d-----w-c:\programdata\BigFix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-29 22:54 . 2012-08-16 21:2522856----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-02 23:21 . 2012-09-02 23:21294912----a-w-c:\windows\system32\umpnpmgr.dll
2012-08-24 17:10 . 2012-09-21 22:14981504----a-w-c:\windows\system32\wininet.dll
2012-08-24 17:08 . 2012-09-21 22:1444544----a-w-c:\windows\system32\licmgr10.dll
2012-08-24 16:01 . 2012-09-21 22:14386048----a-w-c:\windows\system32\html.iec
2012-08-24 15:27 . 2012-09-21 22:141638912----a-w-c:\windows\system32\mshtml.tlb
2012-08-04 19:53 . 2012-08-04 19:53414368----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 22:38 . 2012-07-27 22:3845856----a-w-c:\windows\system32\drivers\scfndis.sys
2012-07-27 22:35 . 2012-07-27 22:5588352----a-w-c:\windows\system32\drivers\scfdriver.sys
2012-07-27 22:11 . 2012-07-27 22:1133696----a-w-c:\windows\system32\drivers\sdcfilter.sys
2012-07-27 22:02 . 2012-07-27 22:5330744----a-w-c:\windows\system32\SophosBootTasks.exe
2012-07-27 22:02 . 2012-07-27 22:01123680----a-w-c:\windows\system32\drivers\savonaccess.sys
2012-07-27 21:42 . 2012-07-27 21:4231736----a-w-c:\windows\system32\drivers\skmscan.sys
2012-07-27 21:36 . 2012-07-27 21:36131824----a-w-c:\windows\system32\sdccoinstaller.dll
2012-07-27 20:39 . 2012-07-27 20:3922536----a-w-c:\windows\system32\drivers\SophosBootDriver.sys
2012-07-27 20:12 . 2012-07-27 20:124608----a-w-c:\windows\system32\W95Inf32.DLL
2012-07-27 20:12 . 2012-07-27 20:122272----a-w-c:\windows\system32\W95Inf16.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"EDFcsn"="c:\program files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe" [2011-10-29 162360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceRunOnStartMenu"= 1 (0x1)
"NoStartMenuMyGames"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sophos AutoUpdate Monitor]
2012-07-27 22:46900120----a-w-c:\program files\Sophos\AutoUpdate\ALMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Servicio (gupdate);c:\program files\Google\Update\GoogleUpdate.exe

R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

R2 ProcTrigger;LANDesk(R) Process Trigger Service;c:\program files\LANDesk\LDClient\ProcTriggerSvc.exe

R2 tracksvc;LANDesk(R) Power Management Track Service;c:\program files\LANDesk\LDClient\tracksvc.exe

R3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys

R3 gupdatem;Google Update Servicio (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe

R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\DRIVERS\ldblank.sys

R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

R4 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe

R4 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files\Sophos\Sophos Client Firewall\SCFManager.exe

R4 Sophos Client Firewall;Sophos Client Firewall;c:\program files\Sophos\Sophos Client Firewall\SCFService.exe

R4 Sophos Web Control Service;Sophos Web Control Service;c:\program files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe

R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys

R4 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

R4 swi_update;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update.exe

S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys

S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys

S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys

S1 scfdriver;SCF Kernel Driver;c:\windows\system32\Drivers\scfdriver.sys

S1 scfndis;Sophos Client Firewall NDIS packet filter;c:\windows\system32\DRIVERS\scfndis.sys

S1 SKMScan;SKMScan;c:\windows\system32\DRIVERS\skmscan.sys

S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe

S2 CBA8;LANDesk(R) Management Agent;c:\program files\LANDesk\Shared Files\residentagent.exe

S2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe

S2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\LANDesk\LDClient\tmcsvc.exe

S2 ovedScannerScheduler;HP DDMI Scanner Scheduler;c:\program files\Hewlett-Packard\DDMI\9.31\Scanner Scheduler\ScannerScheduler.exe

S2 prgnUsageAgent;HP DDMI Software Utilization Agent;c:\program files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe

S2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\LANDesk\LDClient\softmon.exe

S2 TGRAB;Tivoli Endpoint Manager for Remote Control - Text Screen Capture Driver;c:\windows\system32\tgrab.sys

S2 TRCTARGET;Tivoli Endpoint Manager for Remote Control - Target;c:\program files\IBM\Tivoli\Remote Control\Target\trc_base.exe

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

S3 ldmirror;ldmirror;c:\windows\system32\DRIVERS\ldmirror.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\DRIVERS\mirrorflt.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-30 15:21]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-30 15:21]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3766974311-3583871598-1393546944-1008Core.job
- c:\users\Asistentes\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-30 15:28]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3766974311-3583871598-1393546944-1008UA.job
- c:\users\Asistentes\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-30 15:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lds.org/?lang=eng
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: accesspointe.com
Trusted Zone: dell.com
Trusted Zone: deseretbook.net
Trusted Zone: elementk.com
Trusted Zone: emptoris.com
Trusted Zone: enpointe.com
Trusted Zone: eway.com
Trusted Zone: grainger.com
Trusted Zone: hp.com
Trusted Zone: ldschurch.org\chqpvuw2309
Trusted Zone: ldschurch.org\chqpvuw8469.stg
Trusted Zone: netdimensions.com
Trusted Zone: officemaxsolutions.com
Trusted Zone: paymentnet.com
Trusted Zone: providentliving.org
Trusted Zone: rosettastone.com
Trusted Zone: safaribooksonline.com
Trusted Zone: skillport.com
Trusted Zone: skillsoft.com
Trusted Zone: vinimaya.com
Trusted Zone: vinimaya.com\*.byu
Trusted Zone: waxie.com
Trusted Zone: xerox.com
Trusted Zone: xerox.com\*.portal
Trusted Zone: accesspointe.com
Trusted Zone: dell.com
Trusted Zone: deseretbook.net
Trusted Zone: elementk.com
Trusted Zone: emptoris.com
Trusted Zone: enpointe.com
Trusted Zone: eway.com
Trusted Zone: grainger.com
Trusted Zone: hp.com
Trusted Zone: ldschurch.org\chqpvuw2309
Trusted Zone: ldschurch.org\chqpvuw8469.stg
Trusted Zone: netdimensions.com
Trusted Zone: officemaxsolutions.com
Trusted Zone: paymentnet.com
Trusted Zone: providentliving.org
Trusted Zone: rosettastone.com
Trusted Zone: safaribooksonline.com
Trusted Zone: skillport.com
Trusted Zone: skillsoft.com
Trusted Zone: vinimaya.com
Trusted Zone: vinimaya.com\*.byu
Trusted Zone: waxie.com
Trusted Zone: xerox.com
Trusted Zone: xerox.com\*.portal
TCP: DhcpNameServer = 200.98.67.135 8.8.8.8
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Google Chrome - c:\users\Asistentes\AppData\Local\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LANDesk\LDClient\LocalSch.EXE
c:\progra~1\LANDesk\LDClient\collector.exe
c:\windows\system32\conhost.exe
c:\windows\system32\CBA\pds.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\program files\IBM\Tivoli\Remote Control\Target\trc_gui.exe
c:\windows\system32\conhost.exe
c:\windows\system32\UI0Detect.exe
c:\program files\BigFix Enterprise\BES Client\BESClient.exe
c:\program files\BigFix Enterprise\BES Client\BESClientUI.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-10-22 11:31:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-22 13:30
.
Pre-Run: 215.691.530.240 bytes free
Post-Run: 215.121.952.768 bytes free
.
- - End Of File - - 150A146589F3554EE0F74143971BBCA3
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - N is the order number.
Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Copy the code below in the quotebox, and then under the Custom Scans/Fixes box paste it in:

    Quote
    DRIVES
    SHOWHIDDEN
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
    %AppData%\Local\
    %systemroot%\system32\sysprep
    *.xpi /md5
    %systemroot%\Downloaded Program Files\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.exe /md5
    "%WinDir%\$NtUninstallKB*$." /30
    %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\Installer\ /s
    %systemroot%\system32\Cache\ /s
    %systemroot%\system32\config\systemprofile\Application Data /s
    %PROGRAMFILES%\*.
    %appdata%\*.*
    /md5start
    volsnap.sys
    services.exe
    userinit.exe
    explorer.exe
    /md5stop
  • Click the Run Scan button. The scan will not take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time.
Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr# AdwCleaner v2.005 - Logfile created 10/22/2012 at 16:57:01
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Enterprise (32 bits)
# User : Asistentes - COMISARIO
# Boot Mode : Normal
# Running from : C:\Users\Asistentes\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Asistentes\AppData\Local\APN

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Asistentes\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [942 octets] - [22/10/2012 16:57:01]

########## EOF - C:\AdwCleaner[S1].txt - [1001 octets] ##########












OTL logfile created on: 10/22/2012 5:14:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Asistentes\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Chile | Language: ESL | Date Format: dd-MM-yyyy

2.87 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 75.30% Memory free
5.75 Gb Paging File | 5.00 Gb Available in Paging File | 87.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.53 Gb Total Space | 200.41 Gb Free Space | 86.19% Space Free | Partition Type: NTFS
Drive D: | 702.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive Y: | 232.53 Gb Total Space | 78.42 Gb Free Space | 33.72% Space Free | Partition Type: NTFS
Drive Z: | 232.53 Gb Total Space | 78.42 Gb Free Space | 33.72% Space Free | Partition Type: NTFS

Computer Name: COMISARIO | User Name: Asistentes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/22 17:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asistentes\Desktop\OTL.exe
PRC - [2012/07/26 18:53:18 | 004,792,768 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2012/07/26 18:53:18 | 001,472,448 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2012/04/26 13:54:06 | 000,937,984 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_gui.exe
PRC - [2012/04/26 13:53:46 | 000,794,624 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.exe
PRC - [2012/02/13 17:02:32 | 001,604,880 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2011/10/29 10:12:28 | 000,536,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
PRC - [2011/10/29 10:12:28 | 000,162,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
PRC - [2011/07/21 09:28:10 | 000,442,936 | ---- | M] () -- C:\Program Files\Hewlett-Packard\DDMI\9.31\Scanner Scheduler\ScannerScheduler.exe
PRC - [2011/07/16 02:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/12/21 07:48:40 | 000,205,312 | ---- | M] (LANDesk Software, Inc. and its affiliates ) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2010/10/21 19:59:56 | 000,385,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\softmon.exe
PRC - [2010/10/08 07:05:34 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2010/10/07 07:11:30 | 000,178,688 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2010/07/15 07:14:30 | 000,495,616 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\collector.exe
PRC - [2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/01/19 19:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/01/19 18:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/01/10 14:01:26 | 000,060,928 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
PRC - [2009/12/17 17:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/11/04 15:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2009/07/13 23:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/07/18 21:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2007/08/31 10:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) -- C:\Windows\System32\cba\pds.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/29 10:12:28 | 000,162,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
MOD - [2008/08/27 18:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV - [2012/09/29 20:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/27 20:50:20 | 000,232,472 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/07/27 20:42:54 | 000,089,112 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe -- (Sophos Client Firewall)
SRV - [2012/07/27 20:42:50 | 000,150,552 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe -- (Sophos Client Firewall Manager)
SRV - [2012/07/27 19:57:46 | 001,465,920 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe -- (swi_update)
SRV - [2012/07/27 19:51:24 | 000,357,400 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012/07/27 19:49:42 | 002,862,656 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012/07/27 19:36:26 | 000,216,600 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012/07/27 19:28:11 | 000,139,840 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012/07/27 18:54:58 | 000,282,624 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2012/07/27 18:52:49 | 000,806,912 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2012/07/26 18:53:18 | 004,792,768 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2012/04/26 13:53:46 | 000,794,624 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.exe -- (TRCTARGET)
SRV - [2012/02/13 17:02:32 | 001,604,880 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2011/10/29 10:12:28 | 000,536,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe -- (prgnUsageAgent)
SRV - [2011/07/21 09:28:10 | 000,442,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\DDMI\9.31\Scanner Scheduler\ScannerScheduler.exe -- (ovedScannerScheduler)
SRV - [2010/12/21 07:48:40 | 000,205,312 | ---- | M] (LANDesk Software, Inc. and its affiliates ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2010/10/21 19:59:56 | 000,385,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon)
SRV - [2010/10/08 07:05:34 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2010/10/07 07:11:30 | 000,178,688 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (LANDesk Targeted Multicast)
SRV - [2010/09/15 07:13:48 | 000,143,360 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\ProcTriggerSvc.exe -- (ProcTrigger)
SRV - [2010/09/15 07:13:14 | 000,066,048 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\tracksvc.exe -- (tracksvc)
SRV - [2010/06/30 19:16:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/19 19:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010/01/19 18:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/01/10 14:01:26 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/12/17 17:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/11/04 15:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe -- (CBA8)
SRV - [2009/07/13 23:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/31 10:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\Windows\System32\cba\pds.exe -- (Intel PDS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ASISTE~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/09/29 20:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/27 20:38:33 | 000,045,856 | ---- | M] (Sophos Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfndis.sys -- (scfndis)
DRV - [2012/07/27 20:35:54 | 000,088,352 | ---- | M] (Sophos Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfdriver.sys -- (scfdriver)
DRV - [2012/07/27 20:11:56 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012/07/27 20:02:02 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012/07/27 19:42:37 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012/07/27 18:39:45 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2012/04/26 13:30:50 | 000,008,288 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\tgrab.sys -- (TGRAB)
DRV - [2012/02/13 17:02:02 | 000,087,312 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd)
DRV - [2010/07/09 20:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/30 19:18:11 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/06/30 19:16:31 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/06/30 19:16:31 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/06/30 19:16:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/01/18 09:56:26 | 000,042,672 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/01/18 09:56:26 | 000,017,072 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdfltn.sys -- (stdflt)
DRV - [2009/12/17 17:18:52 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/11/23 17:01:12 | 000,014,336 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ldblank.sys -- (ldblank)
DRV - [2009/11/23 17:01:12 | 000,006,144 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2009/11/23 17:01:12 | 000,005,120 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2009/07/13 23:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 23:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 23:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 21:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 21:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lds.org/?lang=eng
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-cl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 70 BF 8C 48 6C CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{237DA15A-68F2-42DD-9291-49BF529875B4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{7B73D3DC-EDB8-48B1-B26C-B6246E954AC9}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKCU\..\SearchScopes\{B10BB75F-F160-4540-AD00-B6D2017A12EE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Asistentes\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Asistentes\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Asistentes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Asistentes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


[2012/07/30 20:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asistentes\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========


O1 HOSTS File: ([2012/10/22 16:58:40 | 000,001,707 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 216.239.32.20 www.google.ae # bck9
O1 - Hosts: 216.239.32.20 www.google.at # bck9
O1 - Hosts: 216.239.32.20 www.google.be # bck9
O1 - Hosts: 216.239.32.20 www.google.ca # bck9
O1 - Hosts: 216.239.32.20 www.google.ch # bck9
O1 - Hosts: 216.239.32.20 www.google.cl # bck9
O1 - Hosts: 216.239.32.20 www.google.co.il # bck9
O1 - Hosts: 216.239.32.20 www.google.co.in # bck9
O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9
O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9
O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9
O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9
O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9
O1 - Hosts: 216.239.32.20 www.google.co.za # bck9
O1 - Hosts: 216.239.32.20 www.google.com # bck9
O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9
O1 - Hosts: 216.239.32.20 www.google.com.au # bck9
O1 - Hosts: 216.239.32.20 www.google.com.br # bck9
O1 - Hosts: 216.239.32.20 www.google.com.co # bck9
O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9
O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9
O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9
O1 - Hosts: 216.239.32.20 www.google.com.my # bck9
O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9
O1 - Hosts: 39 more lines...
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EDFcsn] C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRunOnStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\WAU: Disabled = 1
O15 - HKLM\..Trusted Domains: accesspointe.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: deseretbook.net ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: elementk.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: emptoris.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: enpointe.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: eway.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: grainger.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: hp.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: lds.org ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ldsces.org ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ldschurch.org ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet)
O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites)
O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites)
O15 - HKLM\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet)
O15 - HKLM\..Trusted Domains: ldsglobal.net ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet)
O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet)
O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet)
O15 - HKLM\..Trusted Domains: netdimensions.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: paymentnet.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: providentliving.org ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: rosettastone.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: skillsoft.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: vinimaya.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites)
O15 - HKLM\..Trusted Domains: waxie.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: xerox.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites)
O15 - HKCU\..Trusted Domains: accesspointe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: deseretbook.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: elementk.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: emptoris.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: enpointe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: eway.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: grainger.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hp.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: lds.org ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ldsces.org ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ldschurch.org ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet)
O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet)
O15 - HKCU\..Trusted Domains: ldsglobal.net ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet)
O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet)
O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet)
O15 - HKCU\..Trusted Domains: netdimensions.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: paymentnet.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: providentliving.org ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rosettastone.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: skillsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vinimaya.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites)
O15 - HKCU\..Trusted Domains: waxie.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: xerox.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.98.67.135 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2689B14-969A-40E9-A3BF-1F7238883BB2}: DhcpNameServer = 200.98.67.135 8.8.8.8
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/09/14 13:01:44 | 000,000,030 | ---- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2012/09/19 17:02:36 | 000,000,000 | ---D | M] - Y:\Autos -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig - StartUpReg: Sophos AutoUpdate Monitor - hkey= - key= - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SAVService - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Adobe Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{0BA1C83B-DC26-4959-BF5B-DE5499288868} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/22 17:12:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Asistentes\Desktop\OTL.exe
[2012/10/22 11:23:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/10/22 11:21:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/22 11:21:33 | 000,000,000 | ---D | C] -- C:\Users\Asistentes\AppData\Local\temp
[2012/10/22 11:13:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/22 11:13:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/22 11:13:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/22 11:13:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/22 11:13:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/22 11:11:36 | 004,986,495 | R--- | C] (Swearware) -- C:\Users\Asistentes\Desktop\ComboFix.exe
[2012/10/20 17:14:42 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Asistentes\Desktop\dds.scr
[2012/10/20 15:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/15 11:47:42 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/15 11:47:41 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/09 09:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/10/03 11:07:17 | 000,000,000 | ---D | C] -- C:\Users\Asistentes\AppData\Local\ElevatedDiagnostics
[2012/10/01 14:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\BigFix
[2012/09/27 13:04:41 | 000,000,000 | ---D | C] -- C:\Users\Asistentes\Documents\Remote Assistance Logs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/22 17:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asistentes\Desktop\OTL.exe
[2012/10/22 17:10:36 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/22 17:06:04 | 000,663,902 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/22 17:06:04 | 000,126,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/22 17:05:38 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 17:05:38 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 16:58:40 | 000,001,707 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/22 16:58:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/22 16:56:33 | 000,538,941 | ---- | M] () -- C:\Users\Asistentes\Desktop\adwcleaner.exe
[2012/10/22 16:50:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3766974311-3583871598-1393546944-1008UA.job
[2012/10/22 16:38:21 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/22 15:50:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3766974311-3583871598-1393546944-1008Core.job
[2012/10/22 11:12:15 | 004,986,495 | R--- | M] (Swearware) -- C:\Users\Asistentes\Desktop\ComboFix.exe
[2012/10/20 17:14:48 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Asistentes\Desktop\dds.scr
[2012/10/20 15:36:11 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/20 13:22:46 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/15 19:38:54 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/10/15 14:35:08 | 000,001,113 | ---- | M] () -- C:\Users\Asistentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/10/13 14:44:55 | 000,002,461 | ---- | M] () -- C:\Users\Asistentes\Desktop\The Church of Jesus Christ of Latter-day Saints.lnk
[2012/09/30 21:59:19 | 032,536,766 | ---- | M] () -- C:\Users\Asistentes\Desktop\_lder_Bednar_en_Inglaterra.avi
[2012/09/29 20:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/22 16:56:24 | 000,538,941 | ---- | C] () -- C:\Users\Asistentes\Desktop\adwcleaner.exe
[2012/10/22 11:13:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/22 11:13:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/22 11:13:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/22 11:13:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/22 11:13:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/20 15:36:11 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/15 14:07:45 | 000,001,113 | ---- | C] () -- C:\Users\Asistentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/09/30 21:55:34 | 032,536,766 | ---- | C] () -- C:\Users\Asistentes\Desktop\_lder_Bednar_en_Inglaterra.avi
[2012/09/15 23:08:15 | 000,000,005 | ---- | C] () -- C:\Users\Asistentes\AppData\Roaming\mbam.context.scan
[2012/08/16 19:31:33 | 000,000,017 | ---- | C] () -- C:\Users\Asistentes\AppData\Local\resmon.resmoncfg
[2012/08/03 19:11:13 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/07/28 11:15:31 | 000,000,142 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/27 18:14:44 | 000,082,432 | ---- | C] () -- C:\Windows\System32\ldcred.dll
[2012/07/27 17:46:54 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2012/04/26 13:30:50 | 000,008,288 | ---- | C] () -- C:\Windows\System32\tgrab.sys

========== ZeroAccess Check ==========

[2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 23:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: ST325031 8AS SCSI Disk Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 233.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 300.00MB
Starting Offset: 249674334208
Hidden sectors: 0

[2012/07/27 18:37:30 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/07/14 02:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2009/07/14 05:20:18 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 02:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2009/07/14 05:14:28 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2009/07/14 02:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2009/07/14 05:20:18 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 02:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2012/07/27 18:53:32 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData
[2012/07/30 14:49:17 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2012/07/27 18:54:01 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2012/07/27 18:54:01 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2012/07/30 14:06:04 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Local\Microsoft\Media Player\Art Cache
[2012/09/17 10:55:47 | 000,000,000 | RH-D | M] -- C:\Users\Asistentes\AppData\Local\Microsoft\Windows\Burn\Burn
[2012/07/30 12:52:56 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Roaming\Intel\Wireless\Settings
[2012/08/07 20:47:01 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/07/27 18:53:41 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
[2012/10/20 15:38:27 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Roaming\Microsoft\Windows\IETldCache\Low
[2012/10/20 15:38:27 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[2012/10/04 11:35:14 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData
[2012/10/04 11:35:34 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2012/10/04 11:35:34 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2012/10/04 11:35:38 | 000,000,000 | RH-D | M] -- C:\Users\DandC89\AppData\Local\Microsoft\Windows\Burn\Burn
[2012/10/04 11:35:19 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Roaming\Intel\Wireless\Settings
[2012/10/04 11:35:38 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/10/04 11:35:17 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
[2012/10/04 11:35:17 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Roaming\Microsoft\Windows\IETldCache\Low
[2012/10/04 11:35:17 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[2009/07/14 00:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2012/10/20 15:36:11 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/07/14 00:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2012/07/30 14:10:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2012/07/27 17:58:52 | 000,000,000 | -H-D | M] -- C:\Windows\msdownld.tmp
[2012/07/27 18:33:46 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2009/07/14 02:34:13 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 15:15:32 | 000,672,872 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/08/24 15:15:32 | 000,672,872 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 15:15:32 | 000,672,872 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/08/24 15:15:32 | 000,672,872 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/09/29 20:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/07/27 20:02:02 | 000,123,680 | ---- | M] (Sophos Limited) -- C:\Windows\system32\drivers\savonaccess.sys
[2012/07/27 20:35:54 | 000,088,352 | ---- | M] (Sophos Limited) -- C:\Windows\system32\drivers\scfdriver.sys
[2012/07/27 20:38:33 | 000,045,856 | ---- | M] (Sophos Limited) -- C:\Windows\system32\drivers\scfndis.sys
[2012/07/27 20:11:56 | 000,033,696 | ---- | M] (Sophos Limited) -- C:\Windows\system32\drivers\sdcfilter.sys
[2012/07/27 19:42:37 | 000,031,736 | ---- | M] (Sophos Plc) -- C:\Windows\system32\drivers\skmscan.sys
[2012/07/27 18:39:45 | 000,022,536 | ---- | M] (Sophos Plc) -- C:\Windows\system32\drivers\SophosBootDriver.sys

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2012/09/02 21:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/07/30 13:09:31 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix Enterprise
[2012/08/31 18:59:49 | 000,000,000 | ---D | M] -- C:\Program Files\Blue Coat K9 Web Protection
[2012/10/20 15:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2012/07/27 18:04:53 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2012/07/27 17:56:01 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2012/10/22 11:17:17 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/07/27 18:03:31 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2012/07/27 18:37:06 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2012/08/11 17:50:16 | 000,000,000 | ---D | M] -- C:\Program Files\Dicsoft
[2012/08/04 17:13:30 | 000,000,000 | ---D | M] -- C:\Program Files\DjVuZone
[2009/07/14 05:20:43 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2012/07/30 15:06:42 | 000,000,000 | ---D | M] -- C:\Program Files\eSupport.com
[2012/10/09 09:34:21 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012/07/30 13:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2012/09/10 13:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\IBM
[2012/07/27 18:37:30 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2012/07/27 17:57:18 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/10/01 20:50:22 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/07/27 18:15:00 | 000,000,000 | ---D | M] -- C:\Program Files\LANDesk
[2012/10/20 13:22:46 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/27 18:01:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2012/07/27 18:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Math Add-in for Word 2007
[2012/07/27 18:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/07/30 12:54:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Communicator
[2012/07/30 21:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2012/07/27 18:00:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/07/27 18:08:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2012/07/27 18:06:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2012/07/27 18:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2012/07/27 18:07:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/07/27 18:08:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012/07/27 20:55:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2012/08/04 17:55:53 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2012/07/27 20:32:23 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2012/09/02 21:18:35 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/14 02:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/07/27 20:54:41 | 000,000,000 | ---D | M] -- C:\Program Files\Sophos
[2012/07/27 18:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\STMicroelectronics
[2012/07/27 18:39:03 | 000,000,000 | ---D | M] -- C:\Program Files\SUPPORT
[2009/07/14 02:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/07/14 02:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/07/30 23:22:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2012/07/27 18:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2012/07/27 18:01:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2012/07/30 20:16:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2012/07/30 20:16:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 02:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/14 02:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 02:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/14 02:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/06/30 19:16:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Virtual PC

< %appdata%\*.* >
[2012/09/15 23:08:15 | 000,000,005 | ---- | M] () -- C:\Users\Asistentes\AppData\Roaming\mbam.context.scan

< MD5 for: EXPLORER.EXE >
[2009/07/13 23:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=22F7FA1FD0223AE08AE4070534B96CF9 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20570_none_521a6a60f42a067d\explorer.exe
[2010/06/30 19:18:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/06/30 19:17:17 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/06/30 19:17:17 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010/06/30 19:18:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\erdnt\cache\explorer.exe
[2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\explorer.exe
[2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16457_none_51ad6f73daf5e032\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 23:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 23:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 23:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 23:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache\userinit.exe
[2009/07/13 23:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 23:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/07/13 23:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/13 23:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys
[2009/07/13 23:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys

< End of report >





















OTL Extras logfile created on: 10/22/2012 5:14:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Asistentes\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Chile | Language: ESL | Date Format: dd-MM-yyyy

2.87 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 75.30% Memory free
5.75 Gb Paging File | 5.00 Gb Available in Paging File | 87.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.53 Gb Total Space | 200.41 Gb Free Space | 86.19% Space Free | Partition Type: NTFS
Drive D: | 702.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | ParPlease run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    Quote
    :OTL
    O1 - Hosts: 216.239.32.20 www.google.ae # bck9
    O1 - Hosts: 216.239.32.20 www.google.at # bck9
    O1 - Hosts: 216.239.32.20 www.google.be # bck9
    O1 - Hosts: 216.239.32.20 www.google.ca # bck9
    O1 - Hosts: 216.239.32.20 www.google.ch # bck9
    O1 - Hosts: 216.239.32.20 www.google.cl # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.il # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.in # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.za # bck9
    O1 - Hosts: 216.239.32.20 www.google.com # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.au # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.br # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.co # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.my # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9
    O1 - Hosts: 39 more lines...
    O15 - HKLM\..Trusted Domains: accesspointe.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: dell.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: deseretbook.net ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: elementk.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: emptoris.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: enpointe.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: eway.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: grainger.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: hp.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: lds.org ([]* in Local intranet)
    O15 - HKLM\..Trusted Domains: ldsces.org ([]* in Local intranet)
    O15 - HKLM\..Trusted Domains: ldschurch.org ([]* in Local intranet)
    O15 - HKLM\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet)
    O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites)
    O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites)
    O15 - HKLM\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet)
    O15 - HKLM\..Trusted Domains: ldsglobal.net ([]* in Local intranet)
    O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet)
    O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet)
    O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet)
    O15 - HKLM\..Trusted Domains: netdimensions.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: paymentnet.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: providentliving.org ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: rosettastone.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: skillport.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: skillsoft.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: vinimaya.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites)
    O15 - HKLM\..Trusted Domains: waxie.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: xerox.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: accesspointe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: deseretbook.net ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: elementk.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: emptoris.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: enpointe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: eway.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: grainger.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: hp.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: lds.org ([]* in Local intranet)
    O15 - HKCU\..Trusted Domains: ldsces.org ([]* in Local intranet)
    O15 - HKCU\..Trusted Domains: ldschurch.org ([]* in Local intranet)
    O15 - HKCU\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet)
    O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet)
    O15 - HKCU\..Trusted Domains: ldsglobal.net ([]* in Local intranet)
    O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet)
    O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet)
    O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet)
    O15 - HKCU\..Trusted Domains: netdimensions.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: paymentnet.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: providentliving.org ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: rosettastone.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: skillport.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: skillsoft.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: vinimaya.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: waxie.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: xerox.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites)

    :commands
    [emptytemp]
    [reboot]

  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
OTL logfile created on: 10/22/2012 5:24:32 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Asistentes\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Chile | Language: ESL | Date Format: dd-MM-yyyy

2.87 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.44% Memory free
5.75 Gb Paging File | 4.82 Gb Available in Paging File | 83.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.53 Gb Total Space | 199.68 Gb Free Space | 85.87% Space Free | Partition Type: NTFS
Drive D: | 702.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive Y: | 232.53 Gb Total Space | 78.42 Gb Free Space | 33.72% Space Free | Partition Type: NTFS
Drive Z: | 232.53 Gb Total Space | 78.42 Gb Free Space | 33.72% Space Free | Partition Type: NTFS

Computer Name: COMISARIO | User Name: Asistentes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/22 17:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asistentes\Desktop\OTL.exe
PRC - [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/07/26 18:53:18 | 004,792,768 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2012/07/26 18:53:18 | 001,472,448 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2012/04/26 13:54:06 | 000,937,984 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_gui.exe
PRC - [2012/04/26 13:53:46 | 000,794,624 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.exe
PRC - [2012/02/13 17:02:32 | 001,604,880 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2011/10/29 10:12:28 | 000,536,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
PRC - [2011/10/29 10:12:28 | 000,162,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
PRC - [2011/07/21 09:28:10 | 000,442,936 | ---- | M] () -- C:\Program Files\Hewlett-Packard\DDMI\9.31\Scanner Scheduler\ScannerScheduler.exe
PRC - [2011/07/16 02:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/12/21 07:48:40 | 000,205,312 | ---- | M] (LANDesk Software, Inc. and its affiliates ) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2010/10/21 19:59:56 | 000,385,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\softmon.exe
PRC - [2010/10/08 07:05:34 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2010/10/07 07:11:30 | 000,178,688 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2010/07/15 07:14:30 | 000,495,616 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\collector.exe
PRC - [2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/01/19 19:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/01/19 18:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/01/10 14:01:26 | 000,060,928 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
PRC - [2009/12/17 17:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/11/04 15:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2009/07/13 23:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/07/18 21:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2007/08/31 10:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) -- C:\Windows\System32\cba\pds.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/10 08:06:15 | 000,460,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 08:06:12 | 004,005,912 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 08:04:57 | 000,578,072 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 08:04:55 | 000,123,928 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 08:04:44 | 000,156,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 08:04:43 | 000,275,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 08:04:42 | 002,168,360 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2011/10/29 10:12:28 | 000,162,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
MOD - [2008/08/27 18:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV - [2012/09/29 20:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/27 20:50:20 | 000,232,472 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/07/27 20:42:54 | 000,089,112 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe -- (Sophos Client Firewall)
SRV - [2012/07/27 20:42:50 | 000,150,552 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe -- (Sophos Client Firewall Manager)
SRV - [2012/07/27 19:57:46 | 001,465,920 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe -- (swi_update)
SRV - [2012/07/27 19:51:24 | 000,357,400 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012/07/27 19:49:42 | 002,862,656 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012/07/27 19:36:26 | 000,216,600 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012/07/27 19:28:11 | 000,139,840 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012/07/27 18:54:58 | 000,282,624 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2012/07/27 18:52:49 | 000,806,912 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2012/07/26 18:53:18 | 004,792,768 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2012/04/26 13:53:46 | 000,794,624 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.exe -- (TRCTARGET)
SRV - [2012/02/13 17:02:32 | 001,604,880 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2011/10/29 10:12:28 | 000,536,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe -- (prgnUsageAgent)
SRV - [2011/07/21 09:28:10 | 000,442,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\DDMI\9.31\Scanner Scheduler\ScannerScheduler.exe -- (ovedScannerScheduler)
SRV - [2010/12/21 07:48:40 | 000,205,312 | ---- | M] (LANDesk Software, Inc. and its affiliates ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2010/10/21 19:59:56 | 000,385,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon)
SRV - [2010/10/08 07:05:34 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2010/10/07 07:11:30 | 000,178,688 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (LANDesk Targeted Multicast)
SRV - [2010/09/15 07:13:48 | 000,143,360 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\ProcTriggerSvc.exe -- (ProcTrigger)
SRV - [2010/09/15 07:13:14 | 000,066,048 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\tracksvc.exe -- (tracksvc)
SRV - [2010/06/30 19:16:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/19 19:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010/01/19 18:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/01/10 14:01:26 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/12/17 17:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/11/04 15:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe -- (CBA8)
SRV - [2009/07/13 23:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/31 10:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\Windows\System32\cba\pds.exe -- (Intel PDS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ASISTE~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/09/29 20:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/27 20:38:33 | 000,045,856 | ---- | M] (Sophos Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfndis.sys -- (scfndis)
DRV - [2012/07/27 20:35:54 | 000,088,352 | ---- | M] (Sophos Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfdriver.sys -- (scfdriver)
DRV - [2012/07/27 20:11:56 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012/07/27 20:02:02 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012/07/27 19:42:37 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012/07/27 18:39:45 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2012/04/26 13:30:50 | 000,008,288 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\tgrab.sys -- (TGRAB)
DRV - [2012/02/13 17:02:02 | 000,087,312 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd)
DRV - [2010/07/09 20:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/30 19:18:11 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/06/30 19:16:31 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/06/30 19:16:31 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/06/30 19:16:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/01/18 09:56:26 | 000,042,672 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/01/18 09:56:26 | 000,017,072 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdfltn.sys -- (stdflt)
DRV - [2009/12/17 17:18:52 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/11/23 17:01:12 | 000,014,336 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ldblank.sys -- (ldblank)
DRV - [2009/11/23 17:01:12 | 000,006,144 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2009/11/23 17:01:12 | 000,005,120 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2009/07/13 23:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 23:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 23:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 21:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 21:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lds.org/?lang=eng
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-cl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 70 BF 8C 48 6C CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{237DA15A-68F2-42DD-9291-49BF529875B4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{7B73D3DC-EDB8-48B1-B26C-B6246E954AC9}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKCU\..\SearchScopes\{B10BB75F-F160-4540-AD00-B6D2017A12EE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Asistentes\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Asistentes\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Asistentes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Asistentes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


[2012/07/30 20:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asistentes\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========


O1 HOSTS File: ([2012/10/22 16:58:40 | 000,001,707 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 216.239.32.20 www.google.ae # bck9
O1 - Hosts: 216.239.32.20 www.google.at # bck9
O1 - Hosts: 216.239.32.20 www.google.be # bck9
O1 - Hosts: 216.239.32.20 www.google.ca # bck9
O1 - Hosts: 216.239.32.20 www.google.ch # bck9
O1 - Hosts: 216.239.32.20 www.google.cl # bck9
O1 - Hosts: 216.239.32.20 www.google.co.il # bck9
O1 - Hosts: 216.239.32.20 www.google.co.in # bck9
O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9
O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9
O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9
O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9
O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9
O1 - Hosts: 216.239.32.20 www.google.co.za # bck9
O1 - Hosts: 216.239.32.20 www.google.com # bck9
O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9
O1 - Hosts: 216.239.32.20 www.google.com.au # bck9
O1 - Hosts: 216.239.32.20 www.google.com.br # bck9
O1 - Hosts: 216.239.32.20 www.google.com.co # bck9
O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9
O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9
O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9
O1 - Hosts: 216.239.32.20 www.google.com.my # bck9
O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9
O1 - Hosts: 39 more lines...
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\21.0.1180.89\npchrome_frame.dll (Google Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EDFcsn] C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRunOnStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\WAU: Disabled = 1
O15 - HKLM\..Trusted Domains: accesspointe.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: deseretbook.net ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: elementk.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: emptoris.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: enpointe.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: eway.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: grainger.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: hp.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: lds.org ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ldsces.org ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ldschurch.org ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet)
O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites)
O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites)
O15 - HKLM\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet)
O15 - HKLM\..Trusted Domains: ldsglobal.net ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet)
O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet)
O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet)
O15 - HKLM\..Trusted Domains: netdimensions.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: paymentnet.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: providentliving.org ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: rosettastone.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: skillsoft.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: vinimaya.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites)
O15 - HKLM\..Trusted Domains: waxie.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: xerox.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites)
O15 - HKCU\..Trusted Domains: accesspointe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: deseretbook.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: elementk.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: emptoris.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: enpointe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: eway.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: grainger.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hp.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: lds.org ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ldsces.org ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ldschurch.org ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet)
O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet)
O15 - HKCU\..Trusted Domains: ldsglobal.net ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet)
O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet)
O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet)
O15 - HKCU\..Trusted Domains: netdimensions.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: paymentnet.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: providentliving.org ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rosettastone.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: skillsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vinimaya.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites)
O15 - HKCU\..Trusted Domains: waxie.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: xerox.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.98.67.135 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2689B14-969A-40E9-A3BF-1F7238883BB2}: DhcpNameServer = 200.98.67.135 8.8.8.8
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\21.0.1180.89\npchrome_frame.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/09/14 13:01:44 | 000,000,030 | ---- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2012/09/19 17:02:36 | 000,000,000 | ---D | M] - Y:\Autos -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/22 17:12:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Asistentes\Desktop\OTL.exe
[2012/10/22 11:23:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/10/22 11:21:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/22 11:21:33 | 000,000,000 | ---D | C] -- C:\Users\Asistentes\AppData\Local\temp
[2012/10/22 11:13:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/22 11:13:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/22 11:13:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/22 11:13:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/22 11:13:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/22 11:11:36 | 004,986,495 | R--- | C] (Swearware) -- C:\Users\Asistentes\Desktop\ComboFix.exe
[2012/10/20 17:14:42 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Asistentes\Desktop\dds.scr
[2012/10/20 15:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/15 11:47:42 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/15 11:47:41 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/09 09:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/10/03 11:07:17 | 000,000,000 | ---D | C] -- C:\Users\Asistentes\AppData\Local\ElevatedDiagnostics
[2012/10/01 14:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\BigFix
[2012/09/27 13:04:41 | 000,000,000 | ---D | C] -- C:\Users\Asistentes\Documents\Remote Assistance Logs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/22 17:50:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3766974311-3583871598-1393546944-1008UA.job
[2012/10/22 17:38:05 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/22 17:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asistentes\Desktop\OTL.exe
[2012/10/22 17:10:36 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/22 17:06:04 | 000,663,902 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/22 17:06:04 | 000,126,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/22 17:05:38 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 17:05:38 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 16:58:40 | 000,001,707 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/22 16:58:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/22 16:56:33 | 000,538,941 | ---- | M] () -- C:\Users\Asistentes\Desktop\adwcleaner.exe
[2012/10/22 15:50:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3766974311-3583871598-1393546944-1008Core.job
[2012/10/22 11:12:15 | 004,986,495 | R--- | M] (Swearware) -- C:\Users\Asistentes\Desktop\ComboFix.exe
[2012/10/20 17:14:48 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Asistentes\Desktop\dds.scr
[2012/10/20 15:36:11 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/20 13:22:46 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/15 19:38:54 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/10/15 14:35:08 | 000,001,113 | ---- | M] () -- C:\Users\Asistentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/10/13 14:44:55 | 000,002,461 | ---- | M] () -- C:\Users\Asistentes\Desktop\The Church of Jesus Christ of Latter-day Saints.lnk
[2012/09/30 21:59:19 | 032,536,766 | ---- | M] () -- C:\Users\Asistentes\Desktop\_lder_Bednar_en_Inglaterra.avi
[2012/09/29 20:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/22 16:56:24 | 000,538,941 | ---- | C] () -- C:\Users\Asistentes\Desktop\adwcleaner.exe
[2012/10/22 11:13:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/22 11:13:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/22 11:13:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/22 11:13:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/22 11:13:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/20 15:36:11 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/15 14:07:45 | 000,001,113 | ---- | C] () -- C:\Users\Asistentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/09/30 21:55:34 | 032,536,766 | ---- | C] () -- C:\Users\Asistentes\Desktop\_lder_Bednar_en_Inglaterra.avi
[2012/09/15 23:08:15 | 000,000,005 | ---- | C] () -- C:\Users\Asistentes\AppData\Roaming\mbam.context.scan
[2012/08/16 19:31:33 | 000,000,017 | ---- | C] () -- C:\Users\Asistentes\AppData\Local\resmon.resmoncfg
[2012/08/03 19:11:13 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/07/28 11:15:31 | 000,000,142 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/27 18:14:44 | 000,082,432 | ---- | C] () -- C:\Windows\System32\ldcred.dll
[2012/07/27 17:46:54 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2012/04/26 13:30:50 | 000,008,288 | ---- | C] () -- C:\Windows\System32\tgrab.sys

========== ZeroAccess Check ==========

[2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 23:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< :OTL >

< O1 - Hosts: 216.239.32.20 www.google.ae # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.at # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.be # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.ca # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.ch # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.cl # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.co.il # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.co.in # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.co.za # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.com # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.com.au # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.com.br # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.com.co # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.com.my # bck9 >

< O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9 >

< O1 - Hosts: 39 more lines... >

< O15 - HKLM\..Trusted Domains: accesspointe.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: dell.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: deseretbook.net ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: elementk.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: emptoris.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: enpointe.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: eway.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: grainger.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: hp.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: lds.org ([]* in Local intranet) >

< O15 - HKLM\..Trusted Domains: ldsces.org ([]* in Local intranet) >

< O15 - HKLM\..Trusted Domains: ldschurch.org ([]* in Local intranet) >

< O15 - HKLM\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet) >

< O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites) >

< O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites) >

< O15 - HKLM\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet) >

< O15 - HKLM\..Trusted Domains: ldsglobal.net ([]* in Local intranet) >

< O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet) >

< O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet) >

< O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet) >

< O15 - HKLM\..Trusted Domains: netdimensions.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: paymentnet.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: providentliving.org ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: rosettastone.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: skillport.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: skillsoft.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: vinimaya.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites) >

< O15 - HKLM\..Trusted Domains: waxie.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: xerox.com ([]* in Trusted sites) >

< O15 - HKLM\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites) >

< O15 - HKCU\..Trusted Domains: accesspointe.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: deseretbook.net ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: elementk.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: emptoris.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: enpointe.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: eway.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: grainger.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: hp.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: lds.org ([]* in Local intranet) >

< O15 - HKCU\..Trusted Domains: ldsces.org ([]* in Local intranet) >

< O15 - HKCU\..Trusted Domains: ldschurch.org ([]* in Local intranet) >

< O15 - HKCU\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet) >

< O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites) >

< O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites) >

< O15 - HKCU\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet) >

< O15 - HKCU\..Trusted Domains: ldsglobal.net ([]* in Local intranet) >

< O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet) >

< O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet) >

< O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet) >

< O15 - HKCU\..Trusted Domains: netdimensions.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: paymentnet.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: providentliving.org ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: rosettastone.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: skillport.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: skillsoft.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: vinimaya.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites) >

< O15 - HKCU\..Trusted Domains: waxie.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: xerox.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites) >

< >

< :commands >

< [emptytemp] >

< [reboot] >

< End of report >
Hi. I politely asked that you press "Run Fix" not "Run Scan".

Please go through the instructions again, and make sure to press Run Fix this time.

Quote from: DragonMaster Jay on October 22, 2012, 01:53:50 PM
Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
    :OTL
    O1 - Hosts: 216.239.32.20 www.google.ae # bck9
    O1 - Hosts: 216.239.32.20 www.google.at # bck9
    O1 - Hosts: 216.239.32.20 www.google.be # bck9
    O1 - Hosts: 216.239.32.20 www.google.ca # bck9
    O1 - Hosts: 216.239.32.20 www.google.ch # bck9
    O1 - Hosts: 216.239.32.20 www.google.cl # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.il # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.in # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.za # bck9
    O1 - Hosts: 216.239.32.20 www.google.com # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.au # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.br # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.co # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.my # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9
    O1 - Hosts: 39 more lines...
    O15 - HKLM\..Trusted Domains: accesspointe.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: dell.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: deseretbook.net ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: elementk.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: emptoris.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: enpointe.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: eway.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: grainger.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: hp.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: lds.org ([]* in Local intranet)
    O15 - HKLM\..Trusted Domains: ldsces.org ([]* in Local intranet)
    O15 - HKLM\..Trusted Domains: ldschurch.org ([]* in Local intranet)
    O15 - HKLM\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet)
    O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites)
    O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites)
    O15 - HKLM\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet)
    O15 - HKLM\..Trusted Domains: ldsglobal.net ([]* in Local intranet)
    O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet)
    O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet)
    O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet)
    O15 - HKLM\..Trusted Domains: netdimensions.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: paymentnet.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: providentliving.org ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: rosettastone.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: skillport.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: skillsoft.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: vinimaya.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites)
    O15 - HKLM\..Trusted Domains: waxie.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: xerox.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: accesspointe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: deseretbook.net ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: elementk.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: emptoris.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: enpointe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: eway.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: grainger.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: hp.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: lds.org ([]* in Local intranet)
    O15 - HKCU\..Trusted Domains: ldsces.org ([]* in Local intranet)
    O15 - HKCU\..Trusted Domains: ldschurch.org ([]* in Local intranet)
    O15 - HKCU\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet)
    O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet)
    O15 - HKCU\..Trusted Domains: ldsglobal.net ([]* in Local intranet)
    O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet)
    O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet)
    O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet)
    O15 - HKCU\..Trusted Domains: netdimensions.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: paymentnet.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: providentliving.org ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: rosettastone.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: skillport.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: skillsoft.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: vinimaya.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: waxie.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: xerox.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites)

    :commands
    [emptytemp]
    [reboot]
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


Discussion

No Comment Found

Related InterviewSolutions