# AdwCleaner v2.005 - Logfile created 10/22/2012 at 16:57:01
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Enterprise (32 bits)
# User : Asistentes - COMISARIO
# Boot Mode : Normal
# Running from : C:\Users\Asistentes\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Asistentes\AppData\Local\APN
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Registry is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Asistentes\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [942 octets] - [22/10/2012 16:57:01]
########## EOF - C:\AdwCleaner[S1].txt - [1001 octets] ##########
OTL logfile created on: 10/22/2012 5:14:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Asistentes\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Chile | Language: ESL | Date Format: dd-MM-yyyy
2.87 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 75.30% Memory free
5.75 Gb Paging File | 5.00 Gb Available in Paging File | 87.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.53 Gb Total Space | 200.41 Gb Free Space | 86.19% Space Free | Partition Type: NTFS
Drive D: | 702.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive Y: | 232.53 Gb Total Space | 78.42 Gb Free Space | 33.72% Space Free | Partition Type: NTFS
Drive Z: | 232.53 Gb Total Space | 78.42 Gb Free Space | 33.72% Space Free | Partition Type: NTFS
Computer Name: COMISARIO | User Name: Asistentes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/10/22 17:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asistentes\Desktop\OTL.exe
PRC - [2012/07/26 18:53:18 | 004,792,768 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2012/07/26 18:53:18 | 001,472,448 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2012/04/26 13:54:06 | 000,937,984 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_gui.exe
PRC - [2012/04/26 13:53:46 | 000,794,624 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.exe
PRC - [2012/02/13 17:02:32 | 001,604,880 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2011/10/29 10:12:28 | 000,536,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
PRC - [2011/10/29 10:12:28 | 000,162,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
PRC - [2011/07/21 09:28:10 | 000,442,936 | ---- | M] () -- C:\Program Files\Hewlett-Packard\DDMI\9.31\Scanner Scheduler\ScannerScheduler.exe
PRC - [2011/07/16 02:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/12/21 07:48:40 | 000,205,312 | ---- | M] (LANDesk Software, Inc. and its affiliates ) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2010/10/21 19:59:56 | 000,385,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\softmon.exe
PRC - [2010/10/08 07:05:34 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2010/10/07 07:11:30 | 000,178,688 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2010/07/15 07:14:30 | 000,495,616 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\collector.exe
PRC - [2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/01/19 19:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/01/19 18:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/01/10 14:01:26 | 000,060,928 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
PRC - [2009/12/17 17:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/11/04 15:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2009/07/13 23:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/07/18 21:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2007/08/31 10:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) -- C:\Windows\System32\cba\pds.exe
========== Modules (No Company Name) ========== MOD - [2011/10/29 10:12:28 | 000,162,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
MOD - [2008/08/27 18:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
========== Services (SafeList) ========== SRV - [2012/09/29 20:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/27 20:50:20 | 000,232,472 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/07/27 20:42:54 | 000,089,112 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe -- (Sophos Client Firewall)
SRV - [2012/07/27 20:42:50 | 000,150,552 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe -- (Sophos Client Firewall Manager)
SRV - [2012/07/27 19:57:46 | 001,465,920 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe -- (swi_update)
SRV - [2012/07/27 19:51:24 | 000,357,400 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012/07/27 19:49:42 | 002,862,656 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012/07/27 19:36:26 | 000,216,600 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012/07/27 19:28:11 | 000,139,840 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012/07/27 18:54:58 | 000,282,624 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2012/07/27 18:52:49 | 000,806,912 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2012/07/26 18:53:18 | 004,792,768 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2012/04/26 13:53:46 | 000,794,624 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.exe -- (TRCTARGET)
SRV - [2012/02/13 17:02:32 | 001,604,880 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2011/10/29 10:12:28 | 000,536,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe -- (prgnUsageAgent)
SRV - [2011/07/21 09:28:10 | 000,442,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\DDMI\9.31\Scanner Scheduler\ScannerScheduler.exe -- (ovedScannerScheduler)
SRV - [2010/12/21 07:48:40 | 000,205,312 | ---- | M] (LANDesk Software, Inc. and its affiliates ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2010/10/21 19:59:56 | 000,385,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon)
SRV - [2010/10/08 07:05:34 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2010/10/07 07:11:30 | 000,178,688 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (LANDesk Targeted Multicast)
SRV - [2010/09/15 07:13:48 | 000,143,360 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\ProcTriggerSvc.exe -- (ProcTrigger)
SRV - [2010/09/15 07:13:14 | 000,066,048 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\tracksvc.exe -- (tracksvc)
SRV - [2010/06/30 19:16:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/19 19:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010/01/19 18:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/01/10 14:01:26 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/12/17 17:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/11/04 15:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe -- (CBA8)
SRV - [2009/07/13 23:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/31 10:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\Windows\System32\cba\pds.exe -- (Intel PDS)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ASISTE~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/09/29 20:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/27 20:38:33 | 000,045,856 | ---- | M] (Sophos Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfndis.sys -- (scfndis)
DRV - [2012/07/27 20:35:54 | 000,088,352 | ---- | M] (Sophos Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfdriver.sys -- (scfdriver)
DRV - [2012/07/27 20:11:56 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012/07/27 20:02:02 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012/07/27 19:42:37 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012/07/27 18:39:45 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2012/04/26 13:30:50 | 000,008,288 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\tgrab.sys -- (TGRAB)
DRV - [2012/02/13 17:02:02 | 000,087,312 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd)
DRV - [2010/07/09 20:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/30 19:18:11 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/06/30 19:16:31 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/06/30 19:16:31 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/06/30 19:16:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/01/18 09:56:26 | 000,042,672 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/01/18 09:56:26 | 000,017,072 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdfltn.sys -- (stdflt)
DRV - [2009/12/17 17:18:52 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/11/23 17:01:12 | 000,014,336 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ldblank.sys -- (ldblank)
DRV - [2009/11/23 17:01:12 | 000,006,144 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2009/11/23 17:01:12 | 000,005,120 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2009/07/13 23:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 23:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 23:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 21:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 21:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.lds.org/?lang=engIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-cl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 70 BF 8C 48 6C CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{237DA15A-68F2-42DD-9291-49BF529875B4}: "URL" =
http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}IE - HKCU\..\SearchScopes\{7B73D3DC-EDB8-48B1-B26C-B6246E954AC9}: "URL" =
http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}IE - HKCU\..\SearchScopes\{B10BB75F-F160-4540-AD00-B6D2017A12EE}: "URL" =
http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBoxIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Asistentes\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Asistentes\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Asistentes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Asistentes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
[2012/07/30 20:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asistentes\AppData\Roaming\Mozilla\Extensions
========== Chrome ========== O1 HOSTS File: ([2012/10/22 16:58:40 | 000,001,707 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 216.239.32.20
www.google.ae # bck9
O1 - Hosts: 216.239.32.20
www.google.at # bck9
O1 - Hosts: 216.239.32.20
www.google.be # bck9
O1 - Hosts: 216.239.32.20
www.google.ca # bck9
O1 - Hosts: 216.239.32.20
www.google.ch # bck9
O1 - Hosts: 216.239.32.20
www.google.cl # bck9
O1 - Hosts: 216.239.32.20
www.google.co.il # bck9
O1 - Hosts: 216.239.32.20
www.google.co.in # bck9
O1 - Hosts: 216.239.32.20
www.google.co.jp # bck9
O1 - Hosts: 216.239.32.20
www.google.co.kr # bck9
O1 - Hosts: 216.239.32.20
www.google.co.nz # bck9
O1 - Hosts: 216.239.32.20
www.google.co.uk # bck9
O1 - Hosts: 216.239.32.20
www.google.co.ve # bck9
O1 - Hosts: 216.239.32.20
www.google.co.za # bck9
O1 - Hosts: 216.239.32.20
www.google.com # bck9
O1 - Hosts: 216.239.32.20
www.google.com.ar # bck9
O1 - Hosts: 216.239.32.20
www.google.com.au # bck9
O1 - Hosts: 216.239.32.20
www.google.com.br # bck9
O1 - Hosts: 216.239.32.20
www.google.com.co # bck9
O1 - Hosts: 216.239.32.20
www.google.com.gr # bck9
O1 - Hosts: 216.239.32.20
www.google.com.hk # bck9
O1 - Hosts: 216.239.32.20
www.google.com.mx # bck9
O1 - Hosts: 216.239.32.20
www.google.com.my # bck9
O1 - Hosts: 216.239.32.20
www.google.com.pe # bck9
O1 - Hosts: 39 more lines...
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EDFcsn] C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRunOnStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\WAU: Disabled = 1
O15 - HKLM\..Trusted Domains: accesspointe.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: deseretbook.net ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: elementk.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: emptoris.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: enpointe.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: eway.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: grainger.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: hp.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: lds.org ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ldsces.org ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ldschurch.org ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet)
O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites)
O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites)
O15 - HKLM\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet)
O15 - HKLM\..Trusted Domains: ldsglobal.net ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet)
O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet)
O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet)
O15 - HKLM\..Trusted Domains: netdimensions.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: paymentnet.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: providentliving.org ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: rosettastone.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: skillsoft.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: vinimaya.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites)
O15 - HKLM\..Trusted Domains: waxie.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: xerox.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites)
O15 - HKCU\..Trusted Domains: accesspointe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: deseretbook.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: elementk.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: emptoris.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: enpointe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: eway.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: grainger.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hp.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: lds.org ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ldsces.org ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ldschurch.org ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet)
O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet)
O15 - HKCU\..Trusted Domains: ldsglobal.net ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet)
O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet)
O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet)
O15 - HKCU\..Trusted Domains: netdimensions.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: paymentnet.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: providentliving.org ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rosettastone.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: skillsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vinimaya.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites)
O15 - HKCU\..Trusted Domains: waxie.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: xerox.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.98.67.135 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2689B14-969A-40E9-A3BF-1F7238883BB2}: DhcpNameServer = 200.98.67.135 8.8.8.8
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/09/14 13:01:44 | 000,000,030 | ---- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2012/09/19 17:02:36 | 000,000,000 | ---D | M] - Y:\Autos -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
MsConfig - StartUpReg:
Sophos AutoUpdate Monitor - hkey= - key= - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SAVService - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Adobe Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{0BA1C83B-DC26-4959-BF5B-DE5499288868} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/10/22 17:12:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Asistentes\Desktop\OTL.exe
[2012/10/22 11:23:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/10/22 11:21:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/22 11:21:33 | 000,000,000 | ---D | C] -- C:\Users\Asistentes\AppData\Local\temp
[2012/10/22 11:13:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/22 11:13:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/22 11:13:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/22 11:13:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/22 11:13:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/22 11:11:36 | 004,986,495 | R--- | C] (Swearware) -- C:\Users\Asistentes\Desktop\ComboFix.exe
[2012/10/20 17:14:42 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Asistentes\Desktop\dds.scr
[2012/10/20 15:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/15 11:47:42 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/15 11:47:41 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/09 09:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/10/03 11:07:17 | 000,000,000 | ---D | C] -- C:\Users\Asistentes\AppData\Local\ElevatedDiagnostics
[2012/10/01 14:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\BigFix
[2012/09/27 13:04:41 | 000,000,000 | ---D | C] -- C:\Users\Asistentes\Documents\Remote Assistance Logs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/10/22 17:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asistentes\Desktop\OTL.exe
[2012/10/22 17:10:36 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/22 17:06:04 | 000,663,902 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/22 17:06:04 | 000,126,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/22 17:05:38 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 17:05:38 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 16:58:40 | 000,001,707 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/22 16:58:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/22 16:56:33 | 000,538,941 | ---- | M] () -- C:\Users\Asistentes\Desktop\adwcleaner.exe
[2012/10/22 16:50:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3766974311-3583871598-1393546944-1008UA.job
[2012/10/22 16:38:21 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/22 15:50:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3766974311-3583871598-1393546944-1008Core.job
[2012/10/22 11:12:15 | 004,986,495 | R--- | M] (Swearware) -- C:\Users\Asistentes\Desktop\ComboFix.exe
[2012/10/20 17:14:48 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Asistentes\Desktop\dds.scr
[2012/10/20 15:36:11 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/20 13:22:46 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/15 19:38:54 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/10/15 14:35:08 | 000,001,113 | ---- | M] () -- C:\Users\Asistentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/10/13 14:44:55 | 000,002,461 | ---- | M] () -- C:\Users\Asistentes\Desktop\The Church of Jesus Christ of Latter-day Saints.lnk
[2012/09/30 21:59:19 | 032,536,766 | ---- | M] () -- C:\Users\Asistentes\Desktop\_lder_Bednar_en_Inglaterra.avi
[2012/09/29 20:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/10/22 16:56:24 | 000,538,941 | ---- | C] () -- C:\Users\Asistentes\Desktop\adwcleaner.exe
[2012/10/22 11:13:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/22 11:13:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/22 11:13:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/22 11:13:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/22 11:13:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/20 15:36:11 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/15 14:07:45 | 000,001,113 | ---- | C] () -- C:\Users\Asistentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/09/30 21:55:34 | 032,536,766 | ---- | C] () -- C:\Users\Asistentes\Desktop\_lder_Bednar_en_Inglaterra.avi
[2012/09/15 23:08:15 | 000,000,005 | ---- | C] () -- C:\Users\Asistentes\AppData\Roaming\mbam.context.scan
[2012/08/16 19:31:33 | 000,000,017 | ---- | C] () -- C:\Users\Asistentes\AppData\Local\resmon.resmoncfg
[2012/08/03 19:11:13 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/07/28 11:15:31 | 000,000,142 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/27 18:14:44 | 000,082,432 | ---- | C] () -- C:\Windows\System32\ldcred.dll
[2012/07/27 17:46:54 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2012/04/26 13:30:50 | 000,008,288 | ---- | C] () -- C:\Windows\System32\tgrab.sys
========== ZeroAccess Check ========== [2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 23:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ========== ========== Drive Information ========== Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: ST325031 8AS SCSI Disk Device
Partitions: 2
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 233.00GB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 300.00MB
Starting Offset: 249674334208
Hidden sectors: 0
[2012/07/27 18:37:30 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/07/14 02:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2009/07/14 05:20:18 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 02:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2009/07/14 05:14:28 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2009/07/14 02:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2009/07/14 05:20:18 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 02:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2012/07/27 18:53:32 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData
[2012/07/30 14:49:17 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2012/07/27 18:54:01 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2012/07/27 18:54:01 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2012/07/30 14:06:04 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Local\Microsoft\Media Player\Art Cache
[2012/09/17 10:55:47 | 000,000,000 | RH-D | M] -- C:\Users\Asistentes\AppData\Local\Microsoft\Windows\Burn\Burn
[2012/07/30 12:52:56 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Roaming\Intel\Wireless\Settings
[2012/08/07 20:47:01 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/07/27 18:53:41 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
[2012/10/20 15:38:27 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Roaming\Microsoft\Windows\IETldCache\Low
[2012/10/20 15:38:27 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[2012/10/04 11:35:14 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData
[2012/10/04 11:35:34 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2012/10/04 11:35:34 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2012/10/04 11:35:38 | 000,000,000 | RH-D | M] -- C:\Users\DandC89\AppData\Local\Microsoft\Windows\Burn\Burn
[2012/10/04 11:35:19 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Roaming\Intel\Wireless\Settings
[2012/10/04 11:35:38 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/10/04 11:35:17 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
[2012/10/04 11:35:17 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Roaming\Microsoft\Windows\IETldCache\Low
[2012/10/04 11:35:17 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[2009/07/14 00:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2012/10/20 15:36:11 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/07/14 00:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2012/07/30 14:10:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2012/07/27 17:58:52 | 000,000,000 | -H-D | M] -- C:\Windows\msdownld.tmp
[2012/07/27 18:33:46 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2009/07/14 02:34:13 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 > < %AppData%\Local\ > < %systemroot%\system32\sysprep > < *.xpi /md5 > < %systemroot%\Downloaded Program Files\ > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]
< hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 15:15:32 | 000,672,872 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/08/24 15:15:32 | 000,672,872 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 15:15:32 | 000,672,872 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/08/24 15:15:32 | 000,672,872 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 >[2012/09/29 20:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/07/27 20:02:02 | 000,123,680 | ---- | M] (Sophos Limited) -- C:\Windows\system32\drivers\savonaccess.sys
[2012/07/27 20:35:54 | 000,088,352 | ---- | M] (Sophos Limited) -- C:\Windows\system32\drivers\scfdriver.sys
[2012/07/27 20:38:33 | 000,045,856 | ---- | M] (Sophos Limited) -- C:\Windows\system32\drivers\scfndis.sys
[2012/07/27 20:11:56 | 000,033,696 | ---- | M] (Sophos Limited) -- C:\Windows\system32\drivers\sdcfilter.sys
[2012/07/27 19:42:37 | 000,031,736 | ---- | M] (Sophos Plc) -- C:\Windows\system32\drivers\skmscan.sys
[2012/07/27 18:39:45 | 000,022,536 | ---- | M] (Sophos Plc) -- C:\Windows\system32\drivers\SophosBootDriver.sys
< %systemroot%\System32\config\*.sav > < %SYSTEMDRIVE%\*.exe /md5 > < "%WinDir%\$NtUninstallKB*$." /30 > < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s > < %systemroot%\*. /mp /s > < %systemroot%\*. /rp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\Installer\ /s > < %systemroot%\system32\Cache\ /s > < %systemroot%\system32\config\systemprofile\Application Data /s > < %PROGRAMFILES%\*. >[2012/09/02 21:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/07/30 13:09:31 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix Enterprise
[2012/08/31 18:59:49 | 000,000,000 | ---D | M] -- C:\Program Files\Blue Coat K9 Web Protection
[2012/10/20 15:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2012/07/27 18:04:53 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2012/07/27 17:56:01 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2012/10/22 11:17:17 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/07/27 18:03:31 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2012/07/27 18:37:06 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2012/08/11 17:50:16 | 000,000,000 | ---D | M] -- C:\Program Files\Dicsoft
[2012/08/04 17:13:30 | 000,000,000 | ---D | M] -- C:\Program Files\DjVuZone
[2009/07/14 05:20:43 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2012/07/30 15:06:42 | 000,000,000 | ---D | M] -- C:\Program Files\eSupport.com
[2012/10/09 09:34:21 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012/07/30 13:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2012/09/10 13:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\IBM
[2012/07/27 18:37:30 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2012/07/27 17:57:18 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/10/01 20:50:22 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/07/27 18:15:00 | 000,000,000 | ---D | M] -- C:\Program Files\LANDesk
[2012/10/20 13:22:46 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/27 18:01:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2012/07/27 18:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Math Add-in for Word 2007
[2012/07/27 18:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/07/30 12:54:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Communicator
[2012/07/30 21:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2012/07/27 18:00:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/07/27 18:08:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2012/07/27 18:06:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2012/07/27 18:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2012/07/27 18:07:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/07/27 18:08:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012/07/27 20:55:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2012/08/04 17:55:53 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2012/07/27 20:32:23 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2012/09/02 21:18:35 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/14 02:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/07/27 20:54:41 | 000,000,000 | ---D | M] -- C:\Program Files\Sophos
[2012/07/27 18:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\STMicroelectronics
[2012/07/27 18:39:03 | 000,000,000 | ---D | M] -- C:\Program Files\SUPPORT
[2009/07/14 02:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/07/14 02:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/07/30 23:22:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2012/07/27 18:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2012/07/27 18:01:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2012/07/30 20:16:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2012/07/30 20:16:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 02:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/14 02:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 02:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/14 02:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/06/30 19:16:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Virtual PC
< %appdata%\*.* >[2012/09/15 23:08:15 | 000,000,005 | ---- | M] () -- C:\Users\Asistentes\AppData\Roaming\mbam.context.scan
< MD5 for: EXPLORER.EXE >[2009/07/13 23:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=22F7FA1FD0223AE08AE4070534B96CF9 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20570_none_521a6a60f42a067d\explorer.exe
[2010/06/30 19:18:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/06/30 19:17:17 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/06/30 19:17:17 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010/06/30 19:18:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\erdnt\cache\explorer.exe
[2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\explorer.exe
[2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16457_none_51ad6f73daf5e032\explorer.exe
< MD5 for: SERVICES.EXE >[2009/07/13 23:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 23:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 23:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: USERINIT.EXE >[2009/07/13 23:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache\userinit.exe
[2009/07/13 23:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 23:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: VOLSNAP.SYS >[2009/07/13 23:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/13 23:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys
[2009/07/13 23:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
< End of report >
OTL Extras logfile created on: 10/22/2012 5:14:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Asistentes\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Chile | Language: ESL | Date Format: dd-MM-yyyy
2.87 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 75.30% Memory free
5.75 Gb Paging File | 5.00 Gb Available in Paging File | 87.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.53 Gb Total Space | 200.41 Gb Free Space | 86.19% Space Free | Partition Type: NTFS
Drive D: | 702.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Par