Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help To Understand The ComboFix Report


  • Please log in to reply
37 replies to this topic

#1 azarober

azarober

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 21 April 2013 - 07:21 AM

Hi !

Going on with the "How to Use" I post here the Combo Report asking for help to understand it 1

Thanks in advance !

Roberto Azar

 

 

ComboFix 13-04-20.02 - Roberto 04/21/2013   0:13.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1536.865 [GMT 3:00]
Running from: c:\documents and settings\Roberto\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\5BB923A2.TMP
c:\documents and settings\All Users\Application Data\TEMP\5C321E34.TMP
c:\documents and settings\All Users\Application Data\TEMP\A9662AE0.TMP
c:\documents and settings\All Users\Application Data\TEMP\D1B5B4F1.TMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\Auturuns\7za.exe
c:\documents and settings\Auturuns\EULA.txt
c:\documents and settings\Auturuns\procenum.exe
c:\documents and settings\Descargas\ComboFix.exe
c:\documents and settings\Downloads\500.zip
c:\documents and settings\Downloads\c9853w.exe
c:\documents and settings\Downloads\GmailInstaller.exe
c:\documents and settings\Downloads\SUPERAntiSpyware.exe
c:\documents and settings\ICQ Lite\23507368
c:\documents and settings\ICQ Lite\23507368\MIBInstall.exe
c:\documents and settings\Mis archivos recibidos\Sobre la Eficiencia Despu_s de un Tiempo .eml
c:\documents and settings\user\g2mdlhlpx.exe
c:\documents and settings\user\WINDOWS
c:\documents and settings\WebEx\20090728-Uso eficaz de AdSense(571539339)
c:\documents and settings\WebEx\20090728-Uso eficaz de AdSense(571539339)\qna_deleted.txt
c:\documents and settings\WebEx\20091126-Analytics aplicado a AdSense(570859601)
c:\documents and settings\WebEx\20091126-Analytics aplicado a AdSense(570859601)\qna_deleted.txt
C:\Microsoft
c:\windows\system32\SETB07E.tmp
c:\windows\system32\SETB080.tmp
c:\windows\system32\SETB084.tmp
c:\windows\system32\SETB085.tmp
c:\windows\system32\SETB08C.tmp
c:\windows\wininit.ini
D:\AUTORUN.INF
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-20 to 2013-04-20  )))))))))))))))))))))))))))))))
.
.
2013-04-20 20:46 . 2013-04-20 21:04 -------- d-----w- C:\32788R22FWJFW
2013-04-20 20:30 . 2013-04-20 20:30 -------- d-----w- c:\documents and settings\Roberto\Local Settings\Application Data\Max Secure Software
2013-04-20 20:29 . 2013-04-20 20:30 -------- d-----w- c:\documents and settings\Roberto\Application Data\GetRightToGo
2013-04-20 13:18 . 2013-04-20 13:18 -------- d-----w- c:\documents and settings\Roberto\Application Data\CheckPoint
2013-04-20 13:13 . 2013-04-20 13:13 -------- d-----w- c:\program files\Check Point Software Technologies LTD
2013-04-20 13:13 . 2013-04-20 13:13 -------- d-----w- c:\documents and settings\Roberto\Application Data\Check Point Software Technologies LTD
2013-04-20 13:13 . 2013-04-20 21:09 -------- d-----w- c:\program files\CheckPoint
2013-04-20 13:12 . 2013-04-20 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2013-04-20 10:10 . 2013-04-20 10:10 -------- d-----w- c:\documents and settings\Roberto\Local Settings\Application Data\APN
2013-04-20 10:09 . 2013-04-20 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2013-04-20 09:24 . 2013-04-20 10:31 -------- d-----w- c:\documents and settings\Roberto\Local Settings\Application Data\LogMeIn Rescue Applet
2013-04-19 03:07 . 2013-04-19 03:07 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Foxit Software
2013-04-18 21:56 . 2013-04-19 03:07 -------- d-----w- c:\documents and settings\Roberto\Application Data\Foxit Software
2013-04-18 19:29 . 2013-04-18 19:29 -------- d-----w- c:\windows\system32\wbem\Repository
2013-04-16 20:41 . 2013-04-16 20:41 -------- d-----w- c:\documents and settings\Roberto\Application Data\PC Turbo Boost
2013-04-16 20:40 . 2008-01-15 11:57 951104 ----a-w- c:\windows\system32\tssOfficeMenu1d.ocx
2013-04-16 20:40 . 2013-04-18 19:23 -------- d-----w- c:\program files\PC Turbo Boost
2013-04-16 20:40 . 2009-11-11 03:41 32768 ----a-w- c:\windows\system32\tssOfficeMenu1d.oca
2013-04-16 20:40 . 2009-11-11 03:41 22016 ----a-w- c:\windows\system32\MBSplit.oca
2013-04-16 20:40 . 2008-01-15 11:57 65536 ----a-w- c:\windows\system32\MBSplit.ocx
2013-04-16 20:39 . 2013-04-16 20:39 41 ----a-w- C:\user.js
2013-04-16 14:07 . 2013-04-16 14:16 -------- d-----w- c:\documents and settings\Roberto\Application Data\Glarysoft
2013-04-16 14:07 . 2013-04-16 14:07 -------- d-----w- c:\program files\Glary Utilities
2013-04-16 13:58 . 2013-04-16 13:58 -------- d-----w- c:\program files\Glary Utilities Portable
2013-04-15 10:53 . 2013-04-16 14:14 -------- d-----w- c:\program files\TuneUp Utilities 2013
2013-04-15 10:53 . 2013-04-15 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2013-04-15 10:52 . 2013-04-15 14:09 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-04-15 10:52 . 2013-04-15 10:52 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-04-12 13:47 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-12 13:47 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-12 13:47 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-12 13:45 . 2013-04-12 13:45 -------- d-----w- c:\program files\AVAST Software
2013-04-09 21:31 . 2013-04-09 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-04-08 12:05 . 2013-04-08 12:05 -------- d-----w- c:\documents and settings\Roberto\Local Settings\Application Data\Sun
2013-04-08 08:55 . 2013-04-08 08:55 -------- d-----w- c:\program files\Common Files\Java
2013-04-08 08:50 . 2013-04-08 08:49 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-08 08:50 . 2013-04-08 08:49 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-08 08:49 . 2013-04-08 08:49 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-07 19:08 . 2012-12-21 14:20 2468520 ----a-w- c:\windows\system32\BootMan.exe
2013-04-07 19:08 . 2011-07-29 10:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2013-04-07 19:08 . 2012-12-21 10:54 13896 ----a-w- c:\windows\system32\epmntdrv.sys
2013-04-07 19:08 . 2012-12-21 10:53 9160 ----a-w- c:\windows\system32\EuGdiDrv.sys
2013-04-07 19:08 . 2012-12-21 10:53 87112 ----a-w- c:\windows\system32\setupempdrv03.exe
2013-04-07 07:48 . 2013-04-07 07:48 -------- d-----w- c:\documents and settings\Roberto\Application Data\RealNetworks
2013-04-07 07:46 . 2013-04-07 07:46 -------- d-----w- c:\program files\RealNetworks
2013-04-07 07:46 . 2013-04-07 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\RealNetworks
2013-04-07 07:45 . 2013-04-07 07:45 -------- d-----w- c:\program files\Common Files\xing shared
2013-04-06 12:36 . 2012-12-11 12:47 260096 ----a-w- c:\windows\system32\WPShellExt32.dll
2013-04-06 12:33 . 2013-04-06 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Wondershare AllMyTube
2013-04-06 12:33 . 2013-04-06 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Wondershare Application Common Data
2013-04-04 14:47 . 2013-04-04 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-03-29 21:43 . 2013-03-30 19:41 -------- d-----w- c:\documents and settings\Roberto\Application Data\IObit Apps
2013-03-29 21:19 . 2013-03-29 21:19 -------- d-----w- c:\program files\Common Files\Skype
2013-03-29 20:00 . 2013-04-19 06:44 -------- d-----w- c:\documents and settings\Roberto\dwhelper
2013-03-29 16:32 . 2013-03-29 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-03-29 16:32 . 2013-03-29 16:32 -------- d-----w- c:\documents and settings\Roberto\AppData
2013-03-29 16:32 . 2013-03-29 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-03-29 16:27 . 2013-03-29 16:27 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2013-03-29 16:27 . 2013-04-20 18:19 -------- d-----w- c:\program files\IObit Apps Toolbar
2013-03-29 16:01 . 2013-03-30 10:17 -------- d-----w- c:\documents and settings\Roberto\Application Data\KompoZer
2013-03-28 21:26 . 2013-03-28 21:26 -------- d-----w- C:\Signatures
2013-03-28 21:25 . 2013-03-28 21:25 -------- d-----r- C:\My Pictures
2013-03-28 21:25 . 2013-03-28 21:25 -------- d-----w- C:\recovered_mails
2013-03-28 18:40 . 2013-03-28 18:40 -------- d-----w- c:\program files\YourWare Solutions
2013-03-28 18:40 . 2012-08-11 18:43 8191438 ----a-w- c:\program files\EasyDriveDataRecovery-3.0-Setup-RegNow-trial-build3.exe
2013-03-28 17:47 . 2013-03-28 18:33 -------- d-----w- C:\ProgramData
2013-03-28 13:26 . 2013-03-28 13:26 -------- d-----w- C:\PerfLogs
2013-03-28 13:25 . 2013-03-28 13:25 -------- d-----w- C:\output
2013-03-28 13:10 . 2013-04-05 19:05 -------- d-----w- C:\My Documents
2013-03-28 12:54 . 2013-03-28 12:54 -------- d-----r- C:\MSOCache
2013-03-28 12:54 . 2013-03-28 12:54 -------- d-----w- C:\MGADiagToolOutput
2013-03-28 12:54 . 2013-03-28 12:54 -------- d-----w- C:\Log
2013-03-28 08:38 . 2013-03-28 08:38 -------- d-----w- C:\Conexant
2013-03-28 08:38 . 2013-03-28 08:38 -------- d-----w- C:\CallingID
2013-03-28 08:34 . 2013-03-28 08:36 -------- d-----w- C:\96b122dcdde458493800cce89b39df
2013-03-27 18:55 . 2011-01-28 12:45 82 ----a-w- c:\documents and settings\cc_20110128_144533.reg
2013-03-27 18:54 . 2005-05-12 13:49 307712 ----a-w- c:\documents and settings\AGENTCLN.exe
2013-03-27 18:54 . 2009-02-03 14:58 1228304 ----a-w- c:\documents and settings\ADBEDRWVCS4_LS4.exe
2013-03-27 18:47 . 2013-03-27 18:47 -------- d-----w-queda(579513962) c:\docume~1\WebEx\200907~2
2013-03-27 18:47 . 2013-04-20 21:33 -------- d-----w- c:\documents and settings\WebEx
2013-03-27 18:47 . 2013-03-27 18:47 -------- d-----w- 2(571910149) c:\docume~1\WebEx\200909~1
2013-03-27 18:45 . 2013-03-27 18:45 -------- d-----w- c:\documents and settings\Updater
2013-03-27 18:45 . 2013-03-27 18:45 -------- d-----w- c:\documents and settings\Themes
2013-03-27 18:45 . 2013-03-27 18:45 -------- d-----w- c:\documents and settings\RegistryExpert
2013-03-27 18:44 . 2013-03-27 18:45 -------- d-----w- c:\documents and settings\phplist-2.10.11
2013-03-27 18:44 . 2013-03-27 18:44 -------- d-s---w- c:\documents and settings\My Web Sites
2013-03-27 18:44 . 2013-03-27 18:44 -------- d-----w- c:\documents and settings\My Surfulater
2013-03-27 18:43 . 2013-03-27 18:43 -------- d-s---r- c:\documents and settings\My Stationery
2013-03-27 18:43 . 2013-03-27 18:43 -------- d-----w- c:\documents and settings\My Received Files
2013-03-27 18:43 . 2013-03-27 18:43 -------- d-----w- c:\documents and settings\My Google Gadgets
2013-03-27 18:43 . 2013-03-27 18:43 -------- d-----w- c:\documents and settings\My Downloads
2013-03-27 18:43 . 2013-03-27 18:43 -------- d-----w- c:\documents and settings\My Completed Downloads
2013-03-27 18:30 . 2013-04-20 21:32 -------- d-----w- c:\documents and settings\Mis archivos recibidos
2013-03-27 18:30 . 2013-04-20 21:33 -------- d-----w- c:\documents and settings\ICQ Lite
2013-03-27 18:29 . 2013-03-27 18:30 -------- d-----w- c:\documents and settings\ezvid
2013-03-27 18:21 . 2013-04-20 21:32 -------- d-----w- c:\documents and settings\Downloads
2013-03-27 18:21 . 2013-03-27 18:21 -------- d-----w- c:\documents and settings\Discussions Docs
2013-03-27 18:21 . 2013-04-20 21:32 -------- d-----w- c:\documents and settings\Auturuns
2013-03-27 18:20 . 2013-04-20 21:32 -------- d-----w- c:\documents and settings\Descargas
2013-03-27 18:20 . 2013-03-27 18:20 -------- d-----w- c:\documents and settings\AdobeStockPhotos
2013-03-27 18:20 . 2013-03-27 18:20 -------- d-----w- c:\documents and settings\1Password
2013-03-27 18:19 . 2012-06-21 15:22 60304 ----a-w- C:\g2mdlhlpx.exe
2013-03-27 18:18 . 2013-03-27 18:18 -------- d-----w- C:\UserData
2013-03-27 18:18 . 2013-03-27 18:18 -------- d-----w- C:\Tracing
2013-03-27 18:18 . 2013-03-27 18:18 -------- d-----w- C:\SyncFolder
2013-03-27 18:18 . 2013-03-27 18:18 -------- d-----r- C:\Searches
2013-03-27 18:18 . 2013-03-27 18:18 -------- d-----r- C:\Saved Games
2013-03-27 18:15 . 2013-03-27 18:15 -------- d-----r- C:\Videos
2013-03-27 18:15 . 2013-03-27 18:15 -------- d-----r- C:\Pictures
2013-03-27 18:15 . 2013-03-27 18:15 -------- d-----r- C:\Music
2013-03-27 18:14 . 2013-03-27 18:14 -------- d-----r- C:\Links
2013-03-27 18:13 . 2013-03-27 18:14 -------- d-----r- C:\Favorites
2013-03-27 18:04 . 2013-03-27 18:05 -------- d-----w- C:\dwhelper
2013-03-27 17:41 . 2013-04-05 19:04 -------- d-----r- C:\Documents
2013-03-27 17:39 . 2013-04-19 01:48 -------- d-----r- C:\Desktop
2013-03-27 17:39 . 2013-03-27 17:39 -------- d-----r- C:\Contacts
2013-03-27 15:53 . 2013-03-27 16:31 -------- d-----w- C:\AppData
2013-03-26 20:04 . 1999-12-31 20:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-03-26 20:04 . 2013-04-03 08:35 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-03-26 16:25 . 2013-03-26 16:25 0 ----a-w- c:\program files\GUM6F.tmp
2013-03-26 16:20 . 2013-03-29 22:32 -------- d-----r- C:\Users
2013-03-26 16:13 . 2013-02-05 20:05 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-03-26 16:13 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-26 16:07 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-03-26 16:07 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-13 09:39 . 2011-05-14 13:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-08 08:49 . 2011-01-20 09:06 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-07 07:43 . 2003-10-17 10:44 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-04-07 07:43 . 2003-10-17 10:44 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-03-08 08:36 . 2008-04-14 02:42 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28 . 2008-04-13 21:57 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2008-04-14 00:01 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 01:25 . 2008-04-13 22:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-02-27 07:56 . 2010-07-28 17:16 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-21 19:06 . 2008-04-14 02:42 667136 ----a-w- c:\windows\system32\wininet.dll
2013-02-21 19:06 . 2008-04-14 02:41 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-02-21 19:06 . 2011-06-13 19:13 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-02-21 00:38 . 2008-04-13 21:07 369664 ----a-w- c:\windows\system32\html.iec
2013-02-12 00:32 . 2008-04-13 21:26 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2008-04-14 02:42 552448 ----a-w- c:\windows\system32\oleaut32.dll
2005-10-24 06:01 . 2010-07-30 14:30 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-07-06 17:01 . 2010-07-30 14:30 2039808 ----a-w- c:\program files\navstudio.msi
2005-06-05 06:14 . 2010-07-30 14:30 552096 ----a-w- c:\program files\GoogleToolbarInstaller.exe
2003-12-28 20:56 . 2010-07-30 14:30 5064526 ----a-w- c:\program files\WebPage.exe
2003-04-27 10:28 . 2010-07-30 14:30 4989952 ----a-w- c:\program files\msxml.msi
2002-09-06 05:08 . 2010-07-30 14:30 464704 ----a-w- c:\program files\SobigVirusStopperSetup.exe
2001-07-07 16:23 . 2010-07-30 14:30 1040017 ----a-w- c:\program files\dap5.exe
2001-04-27 18:29 . 2010-07-30 14:30 117776 ----a-w- c:\program files\advpack.exe
2001-04-14 01:00 . 2010-07-30 14:30 1307140 ----a-w- c:\program files\surf031.exe
2001-04-05 02:07 . 2010-07-30 14:30 378966 ----a-w- c:\program files\upgradeb.exe
2001-04-04 00:58 . 2010-07-30 14:30 260700 ----a-w- c:\program files\ICQMessageArchive.exe
2001-02-19 01:51 . 2010-07-30 14:30 597872 ----a-w- c:\program files\ie5fonts.exe
2000-10-16 02:19 . 2010-07-30 14:30 241576 ----a-w- c:\program files\ICQVoiceMessage.exe
2013-04-12 11:16 . 2013-04-12 11:16 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-24 . 86E0F22A62212447ED3F886B5EC0689E . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll" [2013-02-23 1352512]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
2013-02-23 16:17 1352512 ----a-w- c:\program files\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll" [2013-02-23 1352512]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagciTune3.5.lnk]
backup=c:\windows\pss\MagciTune3.5.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Roberto^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Roberto^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiScreen
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-06-12 21:23 1495040 -c--a-r- c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-08-18 13:58 49152 ----a-w- c:\windows\Domino.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 15:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 16:00 18642024 ----a-r- d:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\INSTALL\\CoreFTP\\coreftp.exe"=
"c:\\Documents and Settings\\Roberto\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [4/12/2013 4:47 PM 49248]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4/12/2013 4:47 PM 66336]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/30/2010 5:44 PM 189736]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [5/14/2011 4:45 PM 10448]
R2 Monitis Smart Agent;Monitis Smart Agent;d:\program files\Monitis.com\Monitis\Monitis.exe [10/29/2012 10:56 AM 215040]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [3/6/2013 2:21 AM 39056]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\Drivers\SmartDefragDriver.sys --> c:\windows\system32\Drivers\SmartDefragDriver.sys [?]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [4/12/2013 4:47 PM 164736]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [4/7/2013 10:08 PM 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [4/7/2013 10:08 PM 9160]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ISWKL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-10 21:44 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2008-04-14 02:41 99840 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-26 09:39]
.
2013-04-20 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2013-04-16 18:09]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-08 16:40]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-08 16:40]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1035525444-842925246-1003Core.job
- c:\documents and settings\Roberto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-05 20:26]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1035525444-842925246-1003UA.job
- c:\documents and settings\Roberto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-05 20:26]
.
2013-04-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 12:07]
.
2013-04-20 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-436374069-1035525444-842925246-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 08:36]
.
2013-04-20 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-436374069-1035525444-842925246-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 08:36]
.
2013-04-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-436374069-1035525444-842925246-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 08:36]
.
2013-04-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-436374069-1035525444-842925246-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 08:36]
.
2013-04-20 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-04-20 11:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://tuvaro.com/ws/?source=4c3f95e5&tbp=homepage&toolbarid=base&u=d45e8731000000000000000acd1223cd
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
uSearchAssistant = 
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Roberto\Application Data\Mozilla\Firefox\Profiles\0h6q35lu.default-1366019980671\
FF - prefs.js: browser.startup.homepage - hxxp://www.3x3links.com/?set=0
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: keyword.URL - 
FF - ExtSQL: 2013-04-07 10:46; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\documents and settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2013-04-15 22:32; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Roberto\Application Data\Mozilla\Firefox\Profiles\0h6q35lu.default-1366019980671\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-04-19 09:41; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\documents and settings\Roberto\Application Data\Mozilla\Firefox\Profiles\0h6q35lu.default-1366019980671\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-04-20 16:17; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.Softonic.hpOld0 - 
FF - user.js: extensions.Softonic.kw_url - hxxp://search.softonic.com/INF00194/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.Softonic.dnsErr - true
FF - user.js: extensions.Softonic.newTab - true
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/INF00194/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - d45e8731000000000000000acd1223cd
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 15811
FF - user.js: extensions.Softonic.vrsn - 1.8.16.10
FF - user.js: extensions.Softonic.vrsni - 1.8.16.10
FF - user.js: extensions.Softonic.vrsnTs - 1.8.16.1016:47
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive
FF - user.js: extensions.Softonic.instlRef - INF00194
FF - user.js: extensions.Softonic.dfltLng - es
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.ffxUnstlRst - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - false
FF - user.js: extensions.Softonic.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/INF00194/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/INF00194/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.tuvaro.hpOld0 - hxxp://search.softonic.com/INF00194/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.tuvaro.dfltSrch - true
FF - user.js: extensions.tuvaro.srchPrvdr - Tuvaro
FF - user.js: extensions.tuvaro.tlbrSrchUrl - hxxp://tuvaro.com/ws/?source=4c3f95e5&tbp=main&toolbarid=base&u=d45e8731000000000000000acd1223cd&q=
FF - user.js: extensions.tuvaro.id - d45e8731000000000000000acd1223cd
FF - user.js: extensions.tuvaro.appId - {2768469C-717B-401F-8532-C6D88BAE0339}
FF - user.js: extensions.tuvaro.instlDay - 15811
FF - user.js: extensions.tuvaro.vrsn - 1.8.17.3
FF - user.js: extensions.tuvaro.vrsni - 1.8.17.3
FF - user.js: extensions.tuvaro.vrsnTs - 1.8.17.323:39
FF - user.js: extensions.tuvaro.prtnrId - tuvaro
FF - user.js: extensions.tuvaro.prdct - tuvaro
FF - user.js: extensions.tuvaro.aflt - orgnl
FF - user.js: extensions.tuvaro.smplGrp - none
FF - user.js: extensions.tuvaro.tlbrId - base
FF - user.js: extensions.tuvaro.instlRef - 4c3f95e5
FF - user.js: extensions.tuvaro.dfltLng - 
FF - user.js: extensions.tuvaro.excTlbr - false
FF - user.js: extensions.tuvaro.ffxUnstlRst - false
FF - user.js: extensions.tuvaro.admin - false
FF - user.js: extensions.tuvaro.cam - 
FF - user.js: extensions.tuvaro.autoRvrt - false
FF - user.js: extensions.tuvaro.rvrt - false
FF - user.js: extensions.tuvaro.hmpg - true
FF - user.js: extensions.tuvaro.hmpgUrl - hxxp://tuvaro.com/ws/?source=4c3f95e5&tbp=homepage&toolbarid=base&u=d45e8731000000000000000acd1223cd
FF - user.js: extensions.tuvaro.kw_url - hxxp://tuvaro.com/ws/?source=4c3f95e5&tbp=url&toolbarid=base&u=d45e8731000000000000000acd1223cd&q=
FF - user.js: extensions.tuvaro.dnsErr - true
FF - user.js: extensions.tuvaro.newTab - true
FF - user.js: extensions.tuvaro.newTabUrl - chrome://tuvaro/content/new browser tab.html?source=4c3f95e5&tbp=tab&u=d45e8731000000000000000acd1223cd
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-21 00:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1312)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1392)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2013-04-21  00:41:10
ComboFix-quarantined-files.txt  2013-04-20 21:41
ComboFix2.txt  2010-09-28 09:47
.
Pre-Run: 47,632,027,648 bytes free
Post-Run: 48,186,728,448 bytes free
.
- - End Of File - - BA4920DD56501535E5C4CB10FCF25935

Edited by hamluis, 21 April 2013 - 07:45 AM.
Moved from Am I Infected to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 20,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:41 AM

Posted 22 April 2013 - 08:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Training on ComboFix is only given to trained malware helpers.

If you need additional help please post these logs and let me know what problems you are having with this computer.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 azarober

azarober
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 22 April 2013 - 09:27 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by Roberto at 17:21:15 on 2013-04-22
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1536.554 [GMT 3:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Monitis.com\Monitis\Monitis.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Roberto\My Documents\Descargas\SharePointDesigner.exe
C:\DOCUME~1\Roberto\LOCALS~1\Temp\OWP1A.tmp\setup.exe
C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe
C:\DOCUME~1\Roberto\LOCALS~1\Temp\ose00000.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Roberto\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.b1.org/?bsrc=hmior&chid=c162341
uSearch Page = hxxp://search.b1.org/?bsrc=hmior&chid=c162341
uProxyOverride = localhost; 127.0.0.1; <local>
mSearchAssistant = ${SEARCH_URL_IE7}
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\7.0\iobitappsToolbarIE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} -
TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\7.0\iobitappsToolbarIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Skype] "d:\program files\skype\phone\Skype.exe" /minimized /regrun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1366578177156
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{3F8E19CE-5EB5-43A6-AF47-654A1E874365} : DHCPNameServer = 192.117.235.235 62.219.186.7
TCP: Interfaces\{C3ABC6BA-EC5F-4D52-95E1-F72D46DBF2A1} : DHCPNameServer = 10.0.0.138
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - d:\install\coreftp\pftpns.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\roberto\application data\mozilla\firefox\profiles\0h6q35lu.default-1366019980671\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.3x3links.com/?set=0
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\roberto\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\roberto\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\roberto\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\roberto\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: d:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: d:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: d:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - ExtSQL: 2013-04-07 10:46; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\firefox\Ext
FF - ExtSQL: 2013-04-15 22:32; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\roberto\application data\mozilla\firefox\profiles\0h6q35lu.default-1366019980671\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-04-19 09:41; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\documents and settings\roberto\application data\mozilla\firefox\profiles\0h6q35lu.default-1366019980671\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-04-22 14:53; [email protected]; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2013-04-22 17:07; jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack; c:\documents and settings\roberto\application data\mozilla\firefox\profiles\0h6q35lu.default-1366019980671\extensions\[email protected]
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.Softonic.hpOld0 -
FF - user.js: extensions.Softonic.kw_url - hxxp://search.softonic.com/INF00194/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.Softonic.dnsErr - true
FF - user.js: extensions.Softonic.newTab - true
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/INF00194/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - d45e8731000000000000000acd1223cd
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 15811
FF - user.js: extensions.Softonic.vrsn - 1.8.16.10
FF - user.js: extensions.Softonic.vrsni - 1.8.16.10
FF - user.js: extensions.Softonic.vrsnTs - 1.8.16.1016:47:17
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive
FF - user.js: extensions.Softonic.instlRef - INF00194
FF - user.js: extensions.Softonic.dfltLng - es
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.ffxUnstlRst - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - false
FF - user.js: extensions.Softonic.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/INF00194/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/INF00194/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.tuvaro.hpOld0 - hxxp://search.softonic.com/INF00194/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.tuvaro.dfltSrch - true
FF - user.js: extensions.tuvaro.srchPrvdr - Tuvaro
FF - user.js: extensions.tuvaro.tlbrSrchUrl - hxxp://tuvaro.com/ws/?source=4c3f95e5&tbp=main&toolbarid=base&u=d45e8731000000000000000acd1223cd&q=
FF - user.js: extensions.tuvaro.id - d45e8731000000000000000acd1223cd
FF - user.js: extensions.tuvaro.appId - {2768469C-717B-401F-8532-C6D88BAE0339}
FF - user.js: extensions.tuvaro.instlDay - 15811
FF - user.js: extensions.tuvaro.vrsn - 1.8.17.3
FF - user.js: extensions.tuvaro.vrsni - 1.8.17.3
FF - user.js: extensions.tuvaro.vrsnTs - 1.8.17.323:39:00
FF - user.js: extensions.tuvaro.prtnrId - tuvaro
FF - user.js: extensions.tuvaro.prdct - tuvaro
FF - user.js: extensions.tuvaro.aflt - orgnl
FF - user.js: extensions.tuvaro.smplGrp - none
FF - user.js: extensions.tuvaro.tlbrId - base
FF - user.js: extensions.tuvaro.instlRef - 4c3f95e5
FF - user.js: extensions.tuvaro.dfltLng -
FF - user.js: extensions.tuvaro.excTlbr - false
FF - user.js: extensions.tuvaro.ffxUnstlRst - false
FF - user.js: extensions.tuvaro.admin - false
FF - user.js: extensions.tuvaro.cam -
FF - user.js: extensions.tuvaro.autoRvrt - false
FF - user.js: extensions.tuvaro.rvrt - false
FF - user.js: extensions.tuvaro.hmpg - true
FF - user.js: extensions.tuvaro.hmpgUrl - hxxp://tuvaro.com/ws/?source=4c3f95e5&tbp=homepage&toolbarid=base&u=d45e8731000000000000000acd1223cd
FF - user.js: extensions.tuvaro.kw_url - hxxp://tuvaro.com/ws/?source=4c3f95e5&tbp=url&toolbarid=base&u=d45e8731000000000000000acd1223cd&q=
FF - user.js: extensions.tuvaro.dnsErr - true
FF - user.js: extensions.tuvaro.newTab - true
FF - user.js: extensions.tuvaro.newTabUrl - chrome://tuvaro/content/new browser tab.html?source=4c3f95e5&tbp=tab&u=d45e8731000000000000000acd1223cd
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-4-22 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-4-22 199384]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-12 49248]
R1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [2013-4-22 101656]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-4-22 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-4-22 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-4-22 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-4-22 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-12 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-4-22 45248]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-4-22 136912]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2010-7-30 189736]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-5-14 10448]
R2 Monitis Smart Agent;Monitis Smart Agent;d:\program files\monitis.com\monitis\Monitis.exe [2012-10-29 215040]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-12 164736]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2013-4-7 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2013-4-7 9160]
S3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2000-1-1 715520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
.
=============== Created Last 30 ================
.
2013-04-22 14:06:32    --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2013-04-22 12:42:12    --------    d-----w-    c:\documents and settings\roberto\local settings\application data\B1E
2013-04-22 12:42:04    --------    d-----w-    c:\documents and settings\roberto\application data\B1Toolbar
2013-04-22 11:55:36    199384    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2013-04-22 11:55:36    101656    ----a-w-    c:\windows\system32\drivers\aswFW.sys
2013-04-22 11:55:33    765736    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-04-22 11:55:33    21576    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2013-04-22 11:52:36    41664    ----a-w-    c:\windows\avastSS.scr
2013-04-22 11:52:33    12112    ----a-w-    c:\windows\system32\drivers\aswNdis.sys
2013-04-21 22:27:09    --------    dc-h--w-    c:\windows\ie8
2013-04-20 21:04:40    --------    d-----w-    C:\ComboFix
2013-04-20 20:30:47    --------    d-----w-    c:\documents and settings\roberto\local settings\application data\Max Secure Software
2013-04-20 20:29:13    --------    d-----w-    c:\documents and settings\roberto\application data\GetRightToGo
2013-04-20 13:18:32    --------    d-----w-    c:\documents and settings\roberto\application data\CheckPoint
2013-04-20 13:13:21    --------    d-----w-    c:\documents and settings\roberto\application data\Check Point Software Technologies LTD
2013-04-20 13:12:22    --------    d-----w-    c:\documents and settings\all users\application data\CheckPoint
2013-04-20 10:10:17    --------    d-----w-    c:\documents and settings\roberto\local settings\application data\APN
2013-04-20 10:09:57    --------    d-----w-    c:\documents and settings\all users\application data\Avira
2013-04-20 09:24:43    --------    d-----w-    c:\documents and settings\roberto\local settings\application data\LogMeIn Rescue Applet
2013-04-18 21:56:41    --------    d-----w-    c:\documents and settings\roberto\application data\Foxit Software
2013-04-18 19:29:57    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2013-04-18 19:29:57    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-04-16 20:41:54    --------    d-----w-    c:\documents and settings\roberto\application data\PC Turbo Boost
2013-04-16 20:40:56    951104    ----a-w-    c:\windows\system32\tssOfficeMenu1d.ocx
2013-04-16 20:40:55    65536    ----a-w-    c:\windows\system32\MBSplit.ocx
2013-04-16 20:40:55    32768    ----a-w-    c:\windows\system32\tssOfficeMenu1d.oca
2013-04-16 20:40:55    22016    ----a-w-    c:\windows\system32\MBSplit.oca
2013-04-16 20:40:55    --------    d-----w-    c:\program files\PC Turbo Boost
2013-04-16 14:07:21    --------    d-----w-    c:\documents and settings\roberto\application data\Glarysoft
2013-04-16 14:07:20    --------    d-----w-    c:\program files\Glary Utilities
2013-04-16 13:58:25    --------    d-----w-    c:\program files\Glary Utilities Portable
2013-04-15 10:53:16    --------    d-----w-    c:\documents and settings\all users\application data\TuneUp Software
2013-04-15 10:52:54    --------    d-sh--w-    c:\documents and settings\all users\application data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-04-15 10:52:53    --------    d--h--w-    c:\documents and settings\all users\application data\Common Files
2013-04-12 13:47:48    164736    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-04-12 13:47:47    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-04-12 13:47:47    49248    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-04-12 13:45:33    --------    d-----w-    c:\program files\AVAST Software
2013-04-09 21:31:37    --------    d-----w-    c:\documents and settings\all users\application data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-04-08 12:05:58    --------    d-----w-    c:\documents and settings\roberto\local settings\application data\Sun
2013-04-08 08:50:11    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2013-04-08 08:50:10    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-04-08 08:49:35    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-04-07 19:08:51    2468520    ----a-w-    c:\windows\system32\BootMan.exe
2013-04-07 19:08:51    19840    ----a-w-    c:\windows\system32\EuEpmGdi.dll
2013-04-07 19:08:50    9160    ----a-w-    c:\windows\system32\EuGdiDrv.sys
2013-04-07 19:08:50    87112    ----a-w-    c:\windows\system32\setupempdrv03.exe
2013-04-07 19:08:50    13896    ----a-w-    c:\windows\system32\epmntdrv.sys
2013-04-07 07:48:19    --------    d-----w-    c:\documents and settings\roberto\application data\RealNetworks
2013-04-07 07:46:22    --------    d-----w-    c:\program files\RealNetworks
2013-04-07 07:46:16    --------    d-----w-    c:\documents and settings\all users\application data\RealNetworks
2013-04-07 07:45:37    --------    d-----w-    c:\program files\common files\xing shared
2013-04-06 12:36:56    260096    ----a-w-    c:\windows\system32\WPShellExt32.dll
2013-04-06 12:33:43    --------    d-----w-    c:\documents and settings\all users\application data\Wondershare AllMyTube
2013-04-06 12:33:38    --------    d-----w-    c:\documents and settings\all users\application data\Wondershare Application Common Data
2013-04-04 14:47:09    --------    d-----w-    c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-03-29 21:43:04    --------    d-----w-    c:\documents and settings\roberto\application data\IObit Apps
2013-03-29 20:00:55    --------    d-----w-    c:\documents and settings\roberto\dwhelper
2013-03-29 16:32:56    --------    d-----w-    c:\documents and settings\all users\application data\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-03-29 16:32:43    --------    d-----w-    c:\documents and settings\roberto\AppData
2013-03-29 16:32:33    --------    d-----w-    c:\documents and settings\all users\application data\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-03-29 16:27:06    --------    d-----w-    c:\program files\IObit Apps Toolbar
2013-03-29 16:01:28    --------    d-----w-    c:\documents and settings\roberto\application data\KompoZer
2013-03-28 21:26:00    --------    d-----w-    C:\Signatures
2013-03-28 21:25:38    --------    d-----r-    C:\My Pictures
2013-03-28 21:25:24    --------    d-----w-    C:\recovered_mails
2013-03-28 18:40:54    --------    d-----w-    c:\program files\YourWare Solutions
2013-03-28 18:40:21    8191438    ----a-w-    c:\program files\EasyDriveDataRecovery-3.0-Setup-RegNow-trial-build3.exe
2013-03-28 17:47:08    --------    d-----w-    C:\ProgramData
2013-03-28 13:26:04    --------    d-----w-    C:\PerfLogs
2013-03-28 13:25:55    --------    d-----w-    C:\output
2013-03-28 13:10:25    --------    d-----w-    C:\My Documents
2013-03-28 12:54:49    --------    d-----w-    C:\MGADiagToolOutput
2013-03-28 12:54:41    --------    d-----w-    C:\Log
2013-03-28 08:38:54    --------    d-----w-    C:\Conexant
2013-03-28 08:38:36    --------    d-----w-    C:\CallingID
2013-03-28 08:34:39    --------    d-----w-    C:\96b122dcdde458493800cce89b39df
2013-03-27 19:04:25    --------    d-----w-    C:\LogiShrd
2013-03-27 18:19:15    60304    ----a-w-    C:\g2mdlhlpx.exe
2013-03-27 18:18:54    --------    d-----w-    C:\UserData
2013-03-27 18:18:45    --------    d-----w-    C:\Tracing
2013-03-27 18:18:35    --------    d-----w-    C:\SyncFolder
2013-03-27 18:18:26    --------    d-----r-    C:\Searches
2013-03-27 18:18:13    --------    d-----r-    C:\Saved Games
2013-03-27 18:15:26    --------    d-----r-    C:\Videos
2013-03-27 18:15:17    --------    d-----r-    C:\Pictures
2013-03-27 18:15:04    --------    d-----r-    C:\Music
2013-03-27 18:14:55    --------    d-----r-    C:\Links
2013-03-27 18:13:56    --------    d-----r-    C:\Favorites
2013-03-27 18:04:51    --------    d-----w-    C:\dwhelper
2013-03-27 17:41:24    --------    d-----r-    C:\Documents
2013-03-27 17:39:54    --------    d-----r-    C:\Desktop
2013-03-27 17:39:45    --------    d-----r-    C:\Contacts
2013-03-27 15:53:03    --------    d-----w-    C:\AppData
2013-03-26 20:04:29    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-03-26 16:25:29    0    ----a-w-    c:\program files\GUM6F.tmp
2013-03-26 16:20:50    --------    d-----r-    C:\Users
2013-03-26 16:13:52    522240    -c----w-    c:\windows\system32\dllcache\jsdbgui.dll
2013-03-26 16:13:39    12928    -c----w-    c:\windows\system32\dllcache\usb8023x.sys
2013-03-26 16:07:36    3072    -c----w-    c:\windows\system32\dllcache\iacenc.dll
2013-03-26 16:07:36    3072    ------w-    c:\windows\system32\iacenc.dll
2013-03-26 16:01:38    691592    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M  ====================
.
2013-04-21 19:30:55    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-08 08:49:06    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-04-07 07:43:44    348160    ----a-w-    c:\windows\system32\msvcr71.dll
2013-04-07 07:43:43    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2013-03-08 08:36:22    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:28:24    2193408    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:28    2070016    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-03-02 02:06:30    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-03-02 01:08:47    385024    ------w-    c:\windows\system32\html.iec
2013-02-27 07:56:51    2067456    ----a-w-    c:\windows\system32\mstscax.dll
2013-02-12 00:32:23    12928    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55:44    552448    ----a-w-    c:\windows\system32\oleaut32.dll
2005-10-24 06:01:28    774144    ----a-w-    c:\program files\RngInterstitial.dll
2005-07-06 17:01:58    2039808    ----a-w-    c:\program files\navstudio.msi
2005-06-05 06:14:08    552096    ----a-w-    c:\program files\GoogleToolbarInstaller.exe
2003-12-28 20:56:24    5064526    ----a-w-    c:\program files\WebPage.exe
2003-04-27 10:28:16    4989952    ----a-w-    c:\program files\msxml.msi
2002-09-06 05:08:02    464704    ----a-w-    c:\program files\SobigVirusStopperSetup.exe
2001-07-07 16:23:02    1040017    ----a-w-    c:\program files\dap5.exe
2001-04-27 18:29:42    117776    ----a-w-    c:\program files\advpack.exe
2001-04-14 01:00:24    1307140    ----a-w-    c:\program files\surf031.exe
2001-04-05 02:07:18    378966    ----a-w-    c:\program files\upgradeb.exe
2001-04-04 00:58:50    260700    ----a-w-    c:\program files\ICQMessageArchive.exe
2001-02-19 01:51:22    597872    ----a-w-    c:\program files\ie5fonts.exe
2000-10-16 02:19:26    241576    ----a-w-    c:\program files\ICQVoiceMessage.exe
.
============= FINISH: 17:23:21.34 ===============
 



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/28/2010 8:25:32 PM
System Uptime: 4/22/2013 3:22:57 PM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P4S333
Processor:               Intel® Pentium® 4 CPU 1.80GHz | PGA 478 | 1816/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 120 GiB total, 41.515 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 11.842 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is FIXED (NTFS) - 466 GiB total, 113.991 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Keyboard
Device ID: ACPI\PNP0303\4&102163C3&0
Manufacturer: Logitech
Name: PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&102163C3&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP441: 3/30/2013 8:34:37 PM - System Checkpoint
RP442: 3/30/2013 9:45:10 PM - IObit Uninstaller restore point
RP443: 3/30/2013 10:30:12 PM - IObit Uninstaller restore point
RP444: 3/30/2013 10:30:51 PM - IObit Uninstaller restore point
RP445: 3/30/2013 10:35:09 PM - IObit Uninstaller restore point
RP446: 3/31/2013 7:50:18 PM - IObit Uninstaller restore point
RP447: 3/31/2013 7:52:40 PM - Removed Apple Application Support
RP448: 3/31/2013 8:05:44 PM - IObit Uninstaller restore point
RP449: 3/31/2013 8:06:51 PM - Skype™ 6.3 eliminado
RP450: 3/31/2013 8:32:02 PM - IObit Uninstaller restore point
RP451: 3/31/2013 8:39:54 PM - IObit Uninstaller restore point
RP452: 3/31/2013 8:43:25 PM - avast! Free Antivirus Setup
RP453: 4/1/2013 8:44:02 PM - System Checkpoint
RP454: 4/2/2013 11:03:58 PM - System Checkpoint
RP455: 4/3/2013 12:14:03 PM - IObit Uninstaller restore point
RP456: 4/3/2013 12:14:43 PM - IObit Uninstaller restore point
RP457: 4/3/2013 12:20:45 PM - IObit Uninstaller restore point
RP458: 4/3/2013 12:22:11 PM - IObit Uninstaller restore point
RP459: 4/3/2013 12:22:49 PM - IObit Uninstaller restore point
RP460: 4/3/2013 12:23:41 PM - Removed Apple Mobile Device Support
RP461: 4/3/2013 12:27:40 PM - IObit Uninstaller restore point
RP462: 4/3/2013 2:08:12 PM - IObit Uninstaller restore point
RP463: 4/3/2013 2:08:45 PM - IObit Uninstaller restore point
RP464: 4/3/2013 2:11:16 PM - IObit Uninstaller restore point
RP465: 4/3/2013 2:45:09 PM - IObit Uninstaller restore point
RP466: 4/3/2013 10:49:13 PM - IObit Uninstaller restore point
RP467: 4/3/2013 10:53:15 PM - IObit Uninstaller restore point
RP468: 4/3/2013 10:53:42 PM - IObit Uninstaller restore point
RP469: 4/3/2013 10:55:54 PM - IObit Uninstaller restore point
RP470: 4/4/2013 3:50:15 PM - Removed Windows Live Sign-in Assistant
RP471: 4/4/2013 3:51:18 PM - Removed Windows Live Sync
RP472: 4/4/2013 3:51:53 PM - Removed Windows Live Upload Tool
RP473: 4/4/2013 5:58:28 PM - IObit Uninstaller restore point
RP474: 4/4/2013 5:59:52 PM - Removed iTunes
RP475: 4/4/2013 7:56:35 PM - Software Distribution Service 3.0
RP476: 4/5/2013 6:19:19 PM - IObit Uninstaller restore point
RP477: 4/5/2013 10:10:25 PM - IObit Uninstaller restore point
RP478: 4/5/2013 10:30:21 PM - IObit Uninstaller restore point
RP479: 4/5/2013 10:35:54 PM - IObit Uninstaller restore point
RP480: 4/5/2013 10:44:48 PM - IObit Uninstaller restore point
RP481: 4/5/2013 10:55:13 PM - IObit Uninstaller restore point
RP482: 4/5/2013 11:29:16 PM - IObit Uninstaller restore point
RP483: 4/5/2013 11:29:44 PM - Removed Microsoft Silverlight
RP484: 4/5/2013 11:31:23 PM - IObit Uninstaller restore point
RP485: 4/5/2013 11:31:55 PM - Removed Adobe Reader X (10.1.6).
RP486: 4/5/2013 11:32:56 PM - IObit Uninstaller restore point
RP487: 4/6/2013 4:00:36 PM - IObit Uninstaller restore point
RP488: 4/6/2013 10:30:57 PM - IObit Uninstaller restore point
RP489: 4/6/2013 10:31:18 PM - Skype™ 6.3 eliminado
RP490: 4/6/2013 10:37:30 PM - Installed Skype™ 6.3
RP491: 4/7/2013 10:37:18 AM - IObit Uninstaller restore point
RP492: 4/8/2013 11:23:29 AM - System Checkpoint
RP493: 4/8/2013 11:33:56 AM - IObit Uninstaller restore point
RP494: 4/8/2013 11:47:54 AM - Removed Java™ 6 Update 22
RP495: 4/8/2013 11:48:47 AM - Installed Java 7 Update 17
RP496: 4/8/2013 4:49:01 PM - IObit Uninstaller restore point
RP497: 4/8/2013 4:49:37 PM - Removed Skype Click to Call
RP498: 4/8/2013 7:52:33 PM - IObit Uninstaller restore point
RP499: 4/10/2013 12:00:35 AM - System Checkpoint
RP500: 4/10/2013 12:13:24 AM - Software Distribution Service 3.0
RP501: 4/11/2013 1:01:34 AM - System Checkpoint
RP502: 4/12/2013 1:13:08 PM - System Checkpoint
RP503: 4/12/2013 4:45:33 PM - avast! Free Antivirus Setup
RP504: 4/13/2013 7:46:15 PM - System Checkpoint
RP505: 4/15/2013 12:08:43 AM - System Checkpoint
RP506: 4/15/2013 1:53:34 PM - Installed TuneUp Utilities 2013
RP507: 4/16/2013 2:52:17 PM - System Checkpoint
RP508: 4/16/2013 5:14:17 PM - Removed TuneUp Utilities 2013
RP509: 4/16/2013 5:15:56 PM - Quitado TuneUp Utilities Language Pack (es-ES)
RP510: 4/16/2013 11:41:49 PM - PCTurboBoost 4/16/2013 11:41:36 PM
RP511: 4/18/2013 8:09:09 AM - System Checkpoint
RP512: 4/18/2013 10:19:45 PM - Restore Operation
RP513: 4/19/2013 1:42:37 AM - avast! Free Antivirus Setup
RP514: 4/18/2013 2:50:04 AM - System Checkpoint
RP515: 4/19/2013 6:07:31 AM - Printer Driver Foxit Reader PDF Printer Driver Installed
RP516: 4/20/2013 1:09:21 PM - Removed IObit Apps Toolbar v7.0.
RP517: 4/20/2013 1:29:28 PM - Removed Avira SearchFree Toolbar.
RP518: 4/20/2013 1:35:17 PM - Removed Avira SearchFree Toolbar.
RP519: 4/20/2013 3:49:54 PM - Software Distribution Service 3.0
RP520: 4/20/2013 7:28:43 PM - Removed IObit Apps Toolbar v7.0.
RP521: 4/20/2013 7:34:25 PM - Removed IObit Apps Toolbar v7.0.
RP522: 4/20/2013 7:38:56 PM - Removed IObit Apps Toolbar v7.0.
RP523: 4/20/2013 9:19:47 PM - Removed IObit Apps Toolbar v7.0.
RP524: 4/21/2013 11:10:08 PM - System Checkpoint
RP525: 4/22/2013 1:29:45 AM - Installed Windows Internet Explorer 8.
RP526: 4/22/2013 1:33:54 AM - Software Distribution Service 3.0
RP527: 4/22/2013 3:00:38 AM - Software Distribution Service 3.0
RP528: 4/22/2013 3:43:14 AM - Installed Safari
RP529: 4/22/2013 2:51:29 PM - avast! Internet Security Setup
RP530: 4/22/2013 5:02:34 PM - Installed Microsoft Office SharePoint Designer 2007
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Apple Software Update
avast! Internet Security
CCleaner
Defraggler
EaseUS Partition Master 9.2.1 Home Edition
eReg
Foxit Reader
Glary Utilities 2.54.0.1759
Google Chrome
Google Gmail Notifier
Google Talk Plugin
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IObit Apps Toolbar v7.0
Java 7 Update 17
Java Auto Updater
jZip
K-Lite Codec Pack 7.0.0 (Standard)
Logitech SetPoint 6.22
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer MUI (Spanish) 2007
Microsoft Software Update for Web Folders  (Spanish) 12
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mon.itor.us Smart Agent
Mozilla Firefox 20.0.1 (x86 es-AR)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.5 (x86 es-AR)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
Opera 12.15
PartitionMagic
PCI Audio Driver
PowerQuest PartitionMagic 8.0
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Safari
Samsung_MonSetup
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB982381)
Skype™ 6.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
USB PC Camera (ZS0211)
VC80CRTRedist - 8.0.50727.4053
VideoLightBox
WebFldrs XP
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
WinRAR archiver
Xenu's Link Sleuth
ZoneAlarm LTD Toolbar
ZoneAlarm Security Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/22/2013 12:30:30 AM, error: Service Control Manager [7000]  - The Adobe Flash Player Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/22/2013 12:30:28 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
4/21/2013 12:56:42 AM, error: Service Control Manager [7003]  - The TrueVector Internet Monitor service depends on the following nonexistent service: vsdatant
4/20/2013 11:42:21 PM, error: Service Control Manager [7023]  - The HID Input Service service terminated with the following error:  The specified module could not be found.
4/20/2013 10:35:44 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
.
==== End Of File ===========================
 



thanks in advance for your help !

Roberto



#4 nasdaq

nasdaq

  • Malware Response Team
  • 20,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:41 AM

Posted 22 April 2013 - 10:44 AM

Please download and run the other 2 tools.

Post the logs and let me know what problem persists.

#5 azarober

azarober
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 22 April 2013 - 10:50 AM

 Results of screen317's Security Check version 0.99.62  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Internet Security   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Java 7 Update 17  
 Adobe Flash Player     11.7.700.169  
 Mozilla Firefox (20.0.1)
 Mozilla Thunderbird (17.0.5)
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast avastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````
 



#6 azarober

azarober
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 22 April 2013 - 10:59 AM

# AdwCleaner v2.201 - Logfile created 04/22/2013 at 18:51:39
# Updated 21/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Roberto - HOME-7136BC1539
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Roberto\My Documents\Descargas\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\DOCUME~1\Roberto\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\Roberto\Application Data\Mozilla\Firefox\Profiles\0h6q35lu.default-1366019980671\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Roberto\Application Data\Mozilla\Firefox\Profiles\0h6q35lu.default-1366019980671\searchplugins\softonic.xml
File Deleted : C:\user.js
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Speedbit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Crawler Toolbar
Folder Deleted : C:\Documents and Settings\Roberto\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Roberto\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Roberto\Local Settings\Application Data\Max Secure Software
Folder Deleted : C:\Documents and Settings\Roberto\Local Settings\Application Data\midicair
Folder Deleted : C:\Documents and Settings\Roberto\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Program Files\IObit Apps Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\midicair
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A3BA75B-E371-4746-B78E-2A8C84F8DB6F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAF50246-5343-4EAC-8745-E654DF1D2832}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\Software\midicair
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (es-AR)

File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\awmwl26b.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Roberto\Application Data\Mozilla\Firefox\Profiles\0h6q35lu.default-1366019980671\prefs.js

C:\Documents and Settings\Roberto\Application Data\Mozilla\Firefox\Profiles\0h6q35lu.default-1366019980671\user.js ... Deleted !

Deleted : user_pref("extensions.Softonic.admin", false);
Deleted : user_pref("extensions.Softonic.aflt", "SD");
Deleted : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Deleted : user_pref("extensions.Softonic.autoRvrt", "false");
Deleted : user_pref("extensions.Softonic.dfltLng", "es");
Deleted : user_pref("extensions.Softonic.dfltSrch", true);
Deleted : user_pref("extensions.Softonic.dnsErr", true);
Deleted : user_pref("extensions.Softonic.excTlbr", false);
Deleted : user_pref("extensions.Softonic.ffxUnstlRst", false);
Deleted : user_pref("extensions.Softonic.hmpg", true);
Deleted : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/INF00194/tb_v1?SearchSource=13&[...]
Deleted : user_pref("extensions.Softonic.hpOld0", "");
Deleted : user_pref("extensions.Softonic.id", "d45e8731000000000000000acd1223cd");
Deleted : user_pref("extensions.Softonic.instlDay", "15811");
Deleted : user_pref("extensions.Softonic.instlRef", "INF00194");
Deleted : user_pref("extensions.Softonic.kw_url", "hxxp://search.softonic.com/INF00194/tb_v1?SearchSource=2&cc[...]
Deleted : user_pref("extensions.Softonic.newTab", true);
Deleted : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/INF00194/tb_v1?SearchSource=1[...]
Deleted : user_pref("extensions.Softonic.prdct", "Softonic");
Deleted : user_pref("extensions.Softonic.prtnrId", "softonic");
Deleted : user_pref("extensions.Softonic.rvrt", "false");
Deleted : user_pref("extensions.Softonic.smplGrp", "none");
Deleted : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Deleted : user_pref("extensions.Softonic.tlbrId", "BASEirobinhoodActive");
Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/INF00194/tb_v1?SearchSource[...]
Deleted : user_pref("extensions.Softonic.vrsn", "1.8.16.10");
Deleted : user_pref("extensions.Softonic.vrsnTs", "1.8.16.1016:47:17");
Deleted : user_pref("extensions.Softonic.vrsni", "1.8.16.10");
Deleted : user_pref("extensions.tuvaro.hpOld0", "hxxp://search.softonic.com/INF00194/tb_v1?SearchSource=13&cc=[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Roberto\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.15.1748.0

File : C:\Documents and Settings\Roberto\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8299 octets] - [22/04/2013 18:51:39]

########## EOF - C:\AdwCleaner[S1].txt - [8359 octets] ##########
 



My apologies... I did'n see the last two tasks.....



#7 nasdaq

nasdaq

  • Malware Response Team
  • 20,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:41 AM

Posted 22 April 2013 - 12:14 PM

Any other issues with this computer?

#8 azarober

azarober
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 22 April 2013 - 01:10 PM

slowliness caused by I do not know what... before all these programs... apparently now is working better but no 100%



#9 nasdaq

nasdaq

  • Malware Response Team
  • 20,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:41 AM

Posted 22 April 2013 - 01:16 PM

Try this.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push the esetFinish.png button.


#10 azarober

azarober
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 22 April 2013 - 02:08 PM

I am currently doing the first full scan with Avast Internet Security... when it finishes the work I'll do that Eset Scan and I'll post the results here...

Thanks a lot for all your work !

Roberto



#11 azarober

azarober
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 25 April 2013 - 03:39 AM

Be patient... please... Third time I am running this loooooooooooong scan...
First time interrupted by an electricity power cut at night it seems longer than my UPS can afford...

and now:

The system has recovered from a serious error.

BCCode : 1000000a     BCP1 : 00000001     BCP2 : 00000002     BCP3 : 00000000
BCP4 : 804DBC95     OSVer : 5_1_2600     SP : 3_0     Product : 256_1     

C:\DOCUME~1\Roberto\LOCALS~1\Temp\WER3422.dir00\Mini042513-01.dmp
C:\DOCUME~1\Roberto\LOCALS~1\Temp\WER3422.dir00\sysdata.xml

 

Third time I run the scan...

Thanks for your work and patience !

Roberto


Edited by azarober, 25 April 2013 - 03:48 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 20,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:41 AM

Posted 25 April 2013 - 08:35 AM

Please download the free home edition of WhoCrashed to your Desktop from here whocra10.png and install it by double-clicking "whocrashedSetup.exe".
At the end, it will open automatically. Click the "Analyze" button.

Please scroll down the Information window to copy and paste the results in your next reply.
 

whocra11.png



#13 azarober

azarober
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 28 April 2013 - 04:25 AM

After another crash similiar to the previous after 3 days scan from ESET here is the other report...

Thanks for your work !

Roberto

 

Welcome to WhoCrashed (HOME EDITION) v 4.01


This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.

Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.

This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. It will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.

To obtain technical support visit www.resplendence.com/support

Click here to check if you have the latest version or if an update is available.

Just click the Analyze button for a comprehensible report ...




Home Edition Notice


This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which also allows analysis of crashdumps on remote drives and computers on the network and offers a range of additional features.

Click here for more information on the professional edition.
Click here to buy the the professional edition of WhoCrashed.



System Information (local)


computer name: HOME-7136BC1539
windows version: Windows XP Service Pack 3, 5.1, build: 2600
windows dir: C:\WINDOWS
CPU: GenuineIntel Intel® Pentium® 4 CPU 1.80GHz Intel586, level: 15
1 logical processors, active mask: 1
RAM: 1610121216 total
VM: 2147352576, free: 2043863040





Crash Dump Analysis


Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.

On Sun 4/28/2013 7:10:08 AM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini042813-01.dmp
This was probably caused by the following module: aswsnx.sys (aswSnx+0x5C7F0)
Bugcheck code: 0x10000050 (0xFFFFFFFF8A800438, 0x0, 0xFFFFFFFF80590029, 0x0)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\drivers\aswsnx.sys
product: avast! Antivirus
company: AVAST Software
description: avast! Virtualization Driver
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsnx.sys (avast! Virtualization Driver, AVAST Software).
Google query: AVAST Software CUSTOM_ERROR



On Thu 4/25/2013 7:19:37 AM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini042513-01.dmp
This was probably caused by the following module: lmoufilt.sys (LMouFilt+0x65C)
Bugcheck code: 0x1000000A (0x1, 0x2, 0x0, 0xFFFFFFFF804DBC95)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\drivers\lmoufilt.sys
product: Logitech SetPoint™
company: Logitech, Inc.
description: Logitech Mouse Filter Driver.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: lmoufilt.sys (Logitech Mouse Filter Driver., Logitech, Inc.).
Google query: Logitech, Inc. CUSTOM_ERROR





Conclusion


2 crash dumps have been found and analyzed. 2 third party drivers have been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

lmoufilt.sys (Logitech Mouse Filter Driver., Logitech, Inc.)
aswsnx.sys (avast! Virtualization Driver, AVAST Software)

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 20,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:41 AM

Posted 28 April 2013 - 08:33 AM

Please run this AVAST Uninstall Utility

http://www.avast.com/uninstall-utility

===

Before you do please make sure you have the installer to reinstall the programs after the removal.

Run the removal tool, restart the computer normally, close all running programs and reinstall.

How is it now?

p.s.
Did you installed the tuvaro toolbar?
Was it installed by a 3rd party software?

#15 azarober

azarober
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 28 April 2013 - 08:39 AM

3rd party through softonic

and I do not find how to uninstall tuvao






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users