Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searchs redirects to advertise/dangerous pages


  • This topic is locked This topic is locked
16 replies to this topic

#1 alonsom13

alonsom13

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 09 July 2012 - 09:31 AM

Hi
I need your assistance, since I cant get rid of this

Almost everytime I search for something in Google (5 out of 6), I'm redirected to different pages like these:
hxxp://www.mexicosearch.info/index.php?search=internet+iusacel
hxxp://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=78313&x=:I5DQ6:E4K8VILVXPbgTlUiOIbvyY7g94frlySit4rg2ieI;:3kLQbsU;dgpTL1Uha9ft31XKr2Oc35YBeLDucOplbje8SqEj3ksJcLufNiUpQVJX79eQaqKDFIf4rF;8igooiRC8LO5XLksDUrMgSkxXr:20MtGifinPNmHdbgPOMvCGejsR6qHnm2j7l2bKbt7xMuV3mkoK67eFEjxvC7CRIFutaVtX7IIedJIsSKc4iVAy3GqY1vMibRTuQi;xHidf6JA5UOQYLXpf9qGqdJUG3qw;K7K5eOu1Hkd4iRko1I6scRJGLOTjmo;PEVl3mMle1uD7dgPJstX6mtnbmtlmeC$8
hxxp://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=78313&x=Wg5D16Rt;Lik5rVXPbgTlU8lubiyhjg94frlySit4rg2ieI;:3kLQbsU;dgpTL1Uha9ft31XKr2Oc35YBeLDucOplbje8SqEjUkcJcLufNiUpQVJX79eQaqKDFIf4rF;8igooiRC8LO5XLksDUrMgSkxXr:20MtGifinPNmHdbgPOMvCGejsR6qHnm2j7l2bKbt7xMuV3mkoK67eFEjxvC7CRIFutaVtX7IIeuJIsSKc4iVPDCdrXMF61cJRMBkY1H7I3l9;Rc5;YLXMfUKlKior8QIEOMvKHa8d1HxCPLGH9Nx2nB2znBdTUctPcUGlFsM79ju5nP$D8
hxxp://216.172.53.12/?clid=2apm1p6hqtkz0 (DANGER)
hxxp://intermanews.com/pages/home/?ppcid=10216&all_3_77&keyword=procedimiento+pedidos+peque%C3%B1os
hxxp://www.mexicosearch.info/index.php?search=proveedores+de+internet+banda+ancha

opens a blank page
or google start page

just to name a few


Google blocks some of them , either as advertising (Your Web Access Has Been Blocked / Category: Advertisement)
or as dangerous (warning, posible malware)

----
here is the DDS.txt

----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by amenabrito at 13:48:21 on 2012-07-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.52.3082.18.3510.1216 [GMT -5:00]
.
AV: HAURI AntiVirus ViRobot *Enabled/Updated* {5E9F6DDC-01AF-CEA2-9E6D-FFF4DB5AF923}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\AccessControl\HFACSvc.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\hpcsvc.exe
C:\Program Files\Hauri\Common\hsvcmod.exe
C:\Program Files\McAfee\DLP\Agent\fcags.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Hauri\SiteClient\clisvc.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Hauri\Common\Base\vrscan.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\PCFirewall\vrfwsvc.exe
C:\Program Files\Hauri\Common\Base\vrmonsvc.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\AccessControl\vrptsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\McAfee\DLP\Agent\fcagswd.exe
C:\Program Files\Hauri\Common\Base\vrrepair.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\PCFirewall\vrfwsock.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\DLP\Agent\fcag.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\HAURI\SiteClient\SiteCli.exe
C:\Program Files\HAURI\Common\Base\vrmonnt.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\amenabrito\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Users\amenabrito\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\amenabrito\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\amenabrito\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\amenabrito\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\amenabrito\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\amenabrito\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\amenabrito\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Users\amenabrito\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\PCFirewall\vrfwsock.exe
C:\Program Files\McAfee\VirusScan Enterprise\SCAN32.EXE
C:\Users\amenabrito\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\amenabrito\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mrm.com.mx/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee DLP Internet Explorer Plugin: {4b988589-d11c-4762-806e-0e4a6ec5f76b} - c:\program files\mcafee\dlp\agent\x86\fcplie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120630085531.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: IEHelpObj Class: {ec45e3fe-c16d-4f24-9238-d1b49ad74815} - c:\program files\hauri\virobot desktop 5.5\service\hWebMan.dll
mRun: [InitClient] c:\program files\hauri\siteclient\InitCli.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SiteClient] c:\program files\hauri\siteclient\SiteCli.exe
mRun: [HEProtect] c:\program files\hauri\virobot desktop 5.5\antispam\HSockPE.exe
mRun: [Vrmon] c:\program files\hauri\common\base\VRMONNT.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6CB01500-0BBE-499A-A9E9-5F334DBC8E89} - hxxp://148.244.90.21/SLServer/Client/BVCtrl6Es.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: DhcpNameServer = 192.168.2.100 200.76.5.147
TCP: Interfaces\{9DA77FAA-0F47-4112-AFA6-442D2056C6A9} : NameServer = 192.168.2.100,200.76.5.147
TCP: Interfaces\{DCBF4DE1-FEA4-4AC3-9A6F-266CE88AEA40} : DhcpNameServer = 192.168.2.100 200.76.5.147
TCP: Interfaces\{DCBF4DE1-FEA4-4AC3-9A6F-266CE88AEA40}\D425D47594255435 : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-07-07 15:55:19 -------- d-----w- c:\users\amenabrito\appdata\roaming\WindSolutions
2012-07-07 15:55:18 -------- d-----w- c:\programdata\WindSolutions
2012-07-05 22:49:06 110080 ----a-r- c:\users\amenabrito\appdata\roaming\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconF7A21AF7.exe
2012-07-05 22:49:06 110080 ----a-r- c:\users\amenabrito\appdata\roaming\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconD7F16134.exe
2012-07-05 22:49:06 110080 ----a-r- c:\users\amenabrito\appdata\roaming\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconCF33A0CE.exe
2012-07-05 20:41:30 -------- d-----w- c:\users\amenabrito\appdata\roaming\SpeedyPC Software
2012-07-05 20:41:30 -------- d-----w- c:\users\amenabrito\appdata\roaming\DriverCure
2012-07-05 20:40:16 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-03 20:16:23 -------- d-----w- c:\program files\ESET
2012-07-03 15:22:02 -------- d-s---w- C:\etavaresCF
2012-07-03 15:05:02 388096 ----a-r- c:\users\amenabrito\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-07-03 15:04:59 -------- d-----w- c:\program files\Trend Micro
2012-07-02 16:06:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-02 16:06:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-30 17:54:04 -------- d-----w- c:\users\amenabrito\DoctorWeb
2012-06-30 14:17:29 -------- d-----w- C:\QUARANTINE
2012-06-30 13:59:14 63288 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2012-06-30 13:58:49 107848 ----a-w- c:\windows\system32\drivers\hdlpflt.sys
2012-06-30 13:55:32 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2012-06-30 13:55:32 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
2012-06-30 13:55:31 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-06-30 13:55:30 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-06-30 13:55:29 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-06-30 13:55:29 119968 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-06-30 13:55:28 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-06-30 13:55:27 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-06-30 13:55:03 169384 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-06-30 13:55:02 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-06-30 13:54:44 -------- d-----w- c:\program files\common files\McAfee
2012-06-30 13:53:26 -------- d-----w- c:\users\amenabrito\appdata\roaming\McAfee
2012-06-30 13:52:59 -------- d-----w- c:\program files\McAfee
2012-06-30 13:52:49 5877214 ----a-w- c:\windows\FramePkg.exe
2012-06-29 23:35:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 23:35:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-27 18:04:09 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-26 23:29:51 -------- d-----w- c:\windows\system32\appmgmt
2012-06-26 21:11:35 -------- d-----w- C:\sh4ldr
2012-06-26 21:11:35 -------- d-----w- c:\program files\Enigma Software Group
2012-06-26 21:10:43 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-06-26 21:10:28 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-06-26 20:32:59 -------- d-----w- c:\windows\pss
2012-06-26 15:26:39 -------- d-----w- c:\users\amenabrito\appdata\roaming\QuickScan
2012-06-26 15:20:28 -------- d-----w- c:\program files\Panda Security
2012-06-23 18:14:07 98816 ----a-w- c:\windows\sed.exe
2012-06-23 18:14:07 518144 ----a-w- c:\windows\SWREG.exe
2012-06-23 18:14:07 256000 ----a-w- c:\windows\PEV.exe
2012-06-23 18:14:07 208896 ----a-w- c:\windows\MBR.exe
2012-06-23 17:59:22 -------- d-----w- c:\users\amenabrito\appdata\roaming\Malwarebytes
2012-06-23 17:58:49 -------- d-----w- c:\programdata\Malwarebytes
2012-06-23 14:06:25 -------- d-----w- c:\users\amenabrito\appdata\local\{C144B45F-B7B2-41F6-BF5F-4B8F01126D13}
2012-06-23 14:05:39 -------- d-----w- c:\users\amenabrito\appdata\local\{3536BC59-541E-40B0-B600-6B198B18F482}
2012-06-22 14:01:00 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 14:00:55 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 14:00:53 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 14:00:53 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 13:58:19 -------- d-----w- c:\users\amenabrito\appdata\local\{E0C43F5E-6BBC-436F-A431-F0ED8AFBA0D8}
2012-06-22 13:57:30 -------- d-----w- c:\users\amenabrito\appdata\local\{F0D2EC2A-BBDC-4719-A562-D5D06D096F34}
2012-06-21 18:54:03 -------- d-----w- c:\users\amenabrito\appdata\local\{C21EBD1A-B04A-460E-A7B2-7D2842312AB8}
2012-06-21 18:53:42 -------- d-----w- c:\users\amenabrito\appdata\local\{47E1B3F9-CE8C-458A-A505-67FC4CFEBBE5}
2012-06-20 18:53:44 -------- d-----w- c:\windows\system32\SPReview
2012-06-20 18:53:00 -------- d-----w- c:\windows\system32\EventProviders
2012-06-20 13:58:10 -------- d-----w- c:\users\amenabrito\appdata\local\{8E44F5CB-7D5B-410B-9EF2-3785B252ACCF}
2012-06-20 13:57:13 -------- d-----w- c:\users\amenabrito\appdata\local\{DC0E6838-9253-4E40-865D-FB6440AE07DF}
2012-06-19 13:57:44 -------- d-----w- c:\users\amenabrito\appdata\local\{2BE6F601-D583-4315-81A9-A63806D0DF54}
2012-06-19 13:57:33 -------- d-----w- c:\users\amenabrito\appdata\local\{E229EB41-6958-4AE3-8124-C72E3CA9AC6F}
2012-06-18 22:54:47 -------- d-----w- c:\users\amenabrito\appdata\roaming\SmartDraw
2012-06-18 22:48:49 -------- d-----w- c:\program files\SmartDraw 2012
2012-06-18 21:25:38 114688 --sha-r- c:\windows\system32\objselt.dll
2012-06-18 13:58:57 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f1ff8a43-918e-4ee0-a336-e450bb23de5b}\mpengine.dll
2012-06-18 13:48:46 -------- d-----w- c:\users\amenabrito\appdata\local\{9773097C-0FC4-47D2-B22F-C170565088F8}
2012-06-16 14:08:27 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-16 13:58:01 -------- d-----w- c:\users\amenabrito\appdata\local\{9D8AABA0-401C-4A61-9C41-1DA2B3792D9D}
2012-06-15 20:43:33 -------- d-----w- c:\program files\Oracle
2012-06-15 20:43:15 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-15 20:43:15 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-15 15:52:53 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin7.dll
2012-06-15 15:52:53 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin6.dll
2012-06-15 15:52:52 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin5.dll
2012-06-15 15:52:52 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin4.dll
2012-06-15 15:52:52 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin3.dll
2012-06-15 15:52:52 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin2.dll
2012-06-15 15:52:52 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin.dll
2012-06-15 15:51:19 -------- d-----w- c:\users\amenabrito\appdata\local\Apple
2012-06-15 14:24:32 -------- d-----w- C:\PFiles
2012-06-15 14:05:30 -------- d-----w- c:\users\amenabrito\appdata\local\{D581DDBE-2930-4C32-836B-A691BF5ABF28}
2012-06-14 14:02:41 -------- d-----w- c:\users\amenabrito\appdata\local\{B109E8FA-7715-4DB7-9A46-404F2DAC0A39}
2012-06-14 14:02:26 -------- d-----w- c:\users\amenabrito\appdata\local\{A5F3CC36-76F9-406E-A9CB-1ED2DA6121AE}
2012-06-13 23:04:45 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:59:48 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 22:59:40 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 22:59:37 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 22:59:37 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:59:36 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 22:59:32 28672 ----a-w- c:\windows\system32\profprov.dll
2012-06-13 22:59:32 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 22:59:24 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 22:59:23 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 22:59:22 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 21:16:20 -------- d-----w- c:\users\amenabrito\appdata\roaming\TuneUp Software
2012-06-13 21:15:05 -------- d-----w- c:\programdata\TuneUp Software
2012-06-13 21:14:58 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-13 21:14:58 -------- d--h--w- c:\programdata\Common Files
2012-06-13 17:46:01 -------- d-----w- c:\users\amenabrito\appdata\local\ElevatedDiagnostics
2012-06-13 17:36:50 -------- d-----w- c:\users\amenabrito\appdata\local\Diagnostics
2012-06-13 16:01:49 -------- d-----w- c:\users\amenabrito\appdata\local\{E77C68D9-7AB9-46DB-8E75-2E769E0788A0}
2012-06-12 14:09:55 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2012-06-12 14:09:55 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{99e0d605-bcaf-4f76-b889-879fe6f0b883}\gapaengine.dll
2012-06-12 13:58:22 -------- d-----w- c:\users\amenabrito\appdata\local\{FF9DF1AF-5397-4E90-8659-A4E483987BBB}
2012-06-12 13:58:11 -------- d-----w- c:\users\amenabrito\appdata\local\{225502FB-CCA8-4943-B88D-EFCF1317314A}
2012-06-11 13:56:16 -------- d-----w- c:\users\amenabrito\appdata\local\{C3F2D583-4AFB-4796-A8B7-2A121EB94E61}
2012-06-11 13:56:05 -------- d-----w- c:\users\amenabrito\appdata\local\{8886C946-EDDF-4929-82AD-A5808EB641E9}
2012-06-09 14:02:27 -------- d-----w- c:\users\amenabrito\appdata\local\{E7CACA8E-2A21-45D8-894A-D7B855B9D1B5}
2012-06-09 14:02:15 -------- d-----w- c:\users\amenabrito\appdata\local\{0DCA3CBE-07F7-4720-8B24-AA18FA63BF94}
2012-06-08 13:57:27 -------- d-----w- c:\users\amenabrito\appdata\local\{F9F1B575-6DD4-4924-BC5F-84844456A3CB}
2012-06-08 13:57:16 -------- d-----w- c:\users\amenabrito\appdata\local\{E58F6CF2-B395-4101-B137-2BC299E875F2}
2012-06-08 13:57:16 -------- d-----w- c:\users\amenabrito\appdata\local\{3F68A1A5-5EA9-4F85-BB8F-D3A438203B81}
2012-06-07 23:25:30 -------- d-----w- c:\users\amenabrito\appdata\local\cef_data
.
==================== Find3M ====================
.
2012-06-20 19:03:07 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-06-20 13:58:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-20 13:58:36 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-31 20:17:04 106496 ----a-w- c:\windows\system32\MSCAL.OCX
2012-05-21 18:12:55 121224 ----a-w- c:\windows\system32\drivers\vradfil.sys
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 13:51:32.31 ===============

Attached Files


Edited by D-FRED-BROWN, 12 July 2012 - 03:42 PM.
links obfuscated


BC AdBot (Login to Remove)

 


#2 alonsom13

alonsom13
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 10 July 2012 - 10:44 AM

UPDATE

The redirect opened this page
hxxttp://www1.top-xsecurity.dnset.com/osos5?q2xg=laDky%2BKs0qLb5MjNm%2BfS2LamYqmdmt%2FZkbWmi8TX1Nuxy8V9ntPnrKJeqZnU1rLp36uf05vcpNbOs5Xq4tLIm9TR5eSuqeHS3%2BfUU9vWorDNmNLktqNir5Wmo6hbqqaYkauoj%2Bft0qbt2rGglqTh16KXp5jd6OWumKnIqdClXqumlpab5tyxqqRmqaCno6VjqpnJ0uLT0uK26KnvmqLi0aPd1NfQ7ujfouzZm%2ByV4NCWouDXotPm393l3ONY6szarNih7OOKlraXm7qeo3jv3uud4pzb3srX49fg56fUoeWMprWVYL7mysTn1dGZrLWj7dDm3uCc3NzGiKeo15mstWOrm6Woo2GtqJmH

pretending to be protecting tools
and even downloaded a file: scandsk.exe
which was deleted by mi antivirus

Edited by nasdaq, 10 July 2012 - 01:02 PM.
link obfuscated


#3 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:47 PM

Posted 12 July 2012 - 03:42 PM

Hello alonsom13 and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)

It's important that you avoid posting direct links to the sites you've been redirected to- doing so can lead to others getting infected just as well, from clicking those links while viewing this site.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#4 alonsom13

alonsom13
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 12 July 2012 - 05:21 PM

Hi D-FRED-BROWN

Sorry about the links, didn't knew that could be active
but Google on Chrome still redirects
to a strong-cleanergl.dnset and intermanews
in 2 of the first 4 searchs i tried

I also received an alert
"Ilegal try erasing a registry key" a envutil.exe file in McAffee folder


Here are the logs:

----

TDSSKiller found nothing

----

ComboFix 12-07-12.02 - amenabrito 12/07/2012 16:41:05.4.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.52.3082.18.3510.2397 [GMT -5:00]
Running from: c:\users\amenabrito\Desktop\ComboFix.exe
AV: HAURI AntiVirus ViRobot *Enabled/Updated* {5E9F6DDC-01AF-CEA2-9E6D-FFF4DB5AF923}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\amenabrito\Documents\~amenabrito.pst.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 21:58 . 2012-07-12 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 21:58 . 2012-07-12 21:58 -------- d-----w- c:\users\administrador\AppData\Local\temp
2012-07-12 21:58 . 2012-07-12 21:58 -------- d-----w- c:\users\mrm\AppData\Local\temp
2012-07-11 23:33 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-07 15:55 . 2012-07-07 15:55 -------- d-----w- c:\users\amenabrito\AppData\Roaming\WindSolutions
2012-07-07 15:55 . 2012-07-07 15:55 -------- d-----w- c:\programdata\WindSolutions
2012-07-05 22:49 . 2012-07-05 22:49 110080 ----a-r- c:\users\amenabrito\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconF7A21AF7.exe
2012-07-05 22:49 . 2012-07-05 22:49 110080 ----a-r- c:\users\amenabrito\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconD7F16134.exe
2012-07-05 22:49 . 2012-07-05 22:49 110080 ----a-r- c:\users\amenabrito\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconCF33A0CE.exe
2012-07-05 20:41 . 2012-07-05 20:41 -------- d-----w- c:\users\amenabrito\AppData\Roaming\SpeedyPC Software
2012-07-05 20:41 . 2012-07-05 20:41 -------- d-----w- c:\users\amenabrito\AppData\Roaming\DriverCure
2012-07-05 20:40 . 2012-07-05 20:53 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-03 20:16 . 2012-07-03 20:16 -------- d-----w- c:\program files\ESET
2012-07-03 15:05 . 2012-07-03 15:05 388096 ----a-r- c:\users\amenabrito\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-03 15:04 . 2012-07-03 15:04 -------- d-----w- c:\program files\Trend Micro
2012-07-02 16:06 . 2012-07-02 18:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-02 16:06 . 2012-07-02 18:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-30 17:54 . 2012-06-30 17:54 -------- d-----w- c:\users\amenabrito\DoctorWeb
2012-06-30 14:17 . 2012-07-12 21:41 -------- d-----w- C:\QUARANTINE
2012-06-30 13:59 . 2012-01-04 23:31 63288 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2012-06-30 13:58 . 2012-04-02 03:08 107848 ----a-w- c:\windows\system32\drivers\hdlpflt.sys
2012-06-30 13:55 . 2012-06-30 13:54 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2012-06-30 13:55 . 2012-06-30 13:54 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
2012-06-30 13:55 . 2012-06-30 13:54 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-06-30 13:55 . 2012-06-30 13:54 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-06-30 13:55 . 2012-06-30 13:54 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-06-30 13:55 . 2012-06-30 13:54 119968 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-06-30 13:55 . 2012-06-30 13:54 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-06-30 13:55 . 2012-01-04 23:30 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-06-30 13:55 . 2012-01-04 23:31 169384 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-06-30 13:55 . 2012-01-04 23:31 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-06-30 13:54 . 2012-06-30 13:55 -------- d-----w- c:\program files\Common Files\McAfee
2012-06-30 13:53 . 2012-06-30 13:53 -------- d-----w- c:\users\amenabrito\AppData\Roaming\McAfee
2012-06-30 13:52 . 2012-06-30 13:58 -------- d-----w- c:\programdata\McAfee
2012-06-30 13:52 . 2012-06-30 13:58 -------- d-----w- c:\program files\McAfee
2012-06-30 13:52 . 2012-06-30 13:53 5877214 ----a-w- c:\windows\FramePkg.exe
2012-06-29 23:35 . 2012-06-29 23:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-29 23:35 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 21:11 . 2012-07-05 22:49 -------- d-----w- C:\sh4ldr
2012-06-26 21:11 . 2012-07-05 22:49 -------- d-----w- c:\program files\Enigma Software Group
2012-06-26 21:10 . 2012-07-05 22:49 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-06-26 21:10 . 2012-06-26 21:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-06-26 15:26 . 2012-06-26 15:26 -------- d-----w- c:\users\amenabrito\AppData\Roaming\QuickScan
2012-06-26 15:20 . 2012-06-30 13:47 -------- d-----w- c:\program files\Panda Security
2012-06-23 17:59 . 2012-06-23 17:59 -------- d-----w- c:\users\amenabrito\AppData\Roaming\Malwarebytes
2012-06-23 17:58 . 2012-06-23 17:58 -------- d-----w- c:\programdata\Malwarebytes
2012-06-22 14:01 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 14:01 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 14:01 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 14:01 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 14:00 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 14:00 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 14:00 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 14:00 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 14:00 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 18:53 . 2012-06-20 18:53 -------- d-----w- c:\windows\system32\SPReview
2012-06-20 18:53 . 2012-06-20 18:53 -------- d-----w- c:\windows\system32\EventProviders
2012-06-18 22:54 . 2012-06-18 22:55 -------- d-----w- c:\users\amenabrito\AppData\Roaming\SmartDraw
2012-06-18 22:48 . 2012-06-18 22:50 -------- d-----w- c:\program files\SmartDraw 2012
2012-06-18 21:25 . 2012-06-18 21:25 114688 --sha-r- c:\windows\system32\objselt.dll
2012-06-18 13:58 . 2012-05-08 14:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1FF8A43-918E-4EE0-A336-E450BB23DE5B}\mpengine.dll
2012-06-16 14:08 . 2012-05-08 14:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-16 13:57 . 2012-06-16 13:57 -------- d-----w- c:\users\amenabrito\AppData\Roaming\Apple Computer
2012-06-15 20:44 . 2012-06-15 20:44 -------- d-----w- c:\program files\Common Files\Java
2012-06-15 20:43 . 2012-06-15 20:43 -------- d-----w- c:\program files\Oracle
2012-06-15 20:43 . 2012-05-05 00:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-15 20:43 . 2012-05-05 00:29 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-15 20:42 . 2012-06-15 20:42 -------- d-----w- c:\program files\Java
2012-06-15 15:52 . 2012-06-15 19:07 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin7.dll
2012-06-15 15:52 . 2012-06-15 19:07 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin6.dll
2012-06-15 15:52 . 2012-06-15 19:07 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin5.dll
2012-06-15 15:52 . 2012-06-15 19:07 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin4.dll
2012-06-15 15:52 . 2012-06-15 19:07 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin3.dll
2012-06-15 15:52 . 2012-06-15 19:07 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin2.dll
2012-06-15 15:52 . 2012-06-15 19:07 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin.dll
2012-06-15 15:52 . 2012-06-15 19:07 -------- d-----w- c:\program files\QuickTime
2012-06-15 15:52 . 2012-06-15 15:52 -------- d-----w- c:\programdata\Apple Computer
2012-06-15 15:51 . 2012-06-15 15:51 -------- d-----w- c:\program files\Common Files\Apple
2012-06-15 15:51 . 2012-06-15 15:51 -------- d-----w- c:\users\amenabrito\AppData\Local\Apple
2012-06-15 15:51 . 2012-06-15 15:51 -------- d-----w- c:\program files\Apple Software Update
2012-06-15 15:51 . 2012-06-15 15:51 -------- d-----w- c:\programdata\Apple
2012-06-15 14:24 . 2012-06-15 14:24 -------- d-----w- C:\PFiles
2012-06-13 23:04 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:59 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 22:59 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 22:59 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:59 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 22:59 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 22:59 . 2010-11-20 12:20 28672 ----a-w- c:\windows\system32\profprov.dll
2012-06-13 22:59 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 22:59 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 22:59 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 21:16 . 2012-06-13 21:16 -------- d-----w- c:\users\amenabrito\AppData\Roaming\TuneUp Software
2012-06-13 21:15 . 2012-06-13 21:16 -------- d-----w- c:\programdata\TuneUp Software
2012-06-13 21:14 . 2012-06-13 21:14 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-13 21:14 . 2012-06-13 21:14 -------- d--h--w- c:\programdata\Common Files
2012-06-13 17:46 . 2012-06-16 19:02 -------- d-----w- c:\users\amenabrito\AppData\Local\ElevatedDiagnostics
2012-06-13 17:36 . 2012-06-13 17:36 -------- d-----w- c:\users\amenabrito\AppData\Local\Diagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-20 19:03 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-06-20 13:58 . 2012-05-29 13:46 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-20 13:58 . 2012-03-22 16:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 16:13 . 2011-03-28 23:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-31 20:17 . 2012-05-31 20:27 106496 ----a-w- c:\windows\system32\MSCAL.OCX
2012-05-21 18:12 . 2012-05-19 18:37 121224 ----a-w- c:\windows\system32\drivers\vradfil.sys
2012-05-19 18:02 . 2012-06-12 14:09 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-05-19 18:02 . 2012-06-12 14:09 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{99E0D605-BCAF-4F76-B889-879FE6F0B883}\gapaengine.dll
2012-05-08 16:40 . 2012-05-19 14:17 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98465CE9-FCB7-4EDB-B875-22E9739386D2}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InitClient"="c:\program files\Hauri\SiteClient\InitCli.exe" [2009-06-30 621568]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-11-15 333376]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-15 215360]
"SiteClient"="c:\program files\Hauri\SiteClient\SiteCli.exe" [2011-08-17 616960]
"HEProtect"="c:\program files\Hauri\ViRobot Desktop 5.5\AntiSpam\HSockPE.exe" [2008-10-29 385112]
"Vrmon"="c:\program files\Hauri\Common\Base\VRMONNT.EXE" [2009-12-16 314080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeDlpAgentService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2010-02-26 16:21 5249024 ----a-w- c:\program files\Dell\DW WLAN Card\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-01-11 04:44 177432 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2012-01-11 04:44 142616 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 22:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-01-11 04:44 177944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteClient]
2011-08-17 14:23 616960 ----a-w- c:\program files\HAURI\SiteClient\SiteCli.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 16:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\187.tmp [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspección de red de Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 hdlpflt;hdlpflt;c:\windows\system32\DRIVERS\hdlpflt.sys [x]
S1 hdlpnetf;hdlpnetf;c:\windows\system32\drivers\hdlpnetf.sys [x]
S1 vrptcomn;vrptcomn;c:\windows\system32\drivers\vrptcomn.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 hpcsvc;ViRobot Communication Service;c:\program files\Hauri\ViRobot Desktop 5.5\hpcsvc.exe [x]
S2 McAfeeDLPAgentService;McAfee DLP Endpoint Service;c:\program files\McAfee\DLP\Agent\fcags.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 SiteClientService;ViRobot ISMS Client Service;c:\program files\Hauri\SiteClient\clisvc.exe [x]
S2 ViRobot Common Scan Service;ViRobot Common Scan Service;c:\program files\Hauri\Common\Base\vrscan.exe [x]
S2 vrptself;vrptself;c:\program files\Hauri\ViRobot Desktop 5.5\AccessControl\vrptself.sys [x]
S2 vrptsvc;Hauri Self Protect Service;c:\program files\Hauri\ViRobot Desktop 5.5\AccessControl\vrptsvc.exe [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 hdlpctrl;hdlpctrl;c:\windows\system32\drivers\hdlpctrl.sys [x]
S3 hdlpdbk;hdlpdbk;c:\windows\system32\drivers\hdlpdbk.sys [x]
S3 hdlpevnt;hdlpevnt;c:\windows\system32\drivers\hdlpevnt.sys [x]
S3 VRFWNTD6;VRFWNTD6 Hauri Network Driver; [x]
S3 vrrepair;ViRobot Repairing Service;c:\program files\Hauri\Common\Base\vrrepair.exe [x]
S3 VRsecos;VRsecos;c:\windows\system32\drivers\VRsecos.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - VRADFIL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 13:58]
.
2012-07-12 c:\windows\Tasks\Amuh.job
- c:\windows\system32\objselt.dll [2012-06-18 21:25]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-640567708-3037494811-2052883830-1330Core.job
- c:\users\amenabrito\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-21 18:10]
.
2012-06-19 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2012-06-18 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mrm.com.mx/
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.100 200.76.5.147
TCP: Interfaces\{9DA77FAA-0F47-4112-AFA6-442D2056C6A9}: NameServer = 192.168.2.100,200.76.5.147
TCP: Interfaces\{DCBF4DE1-FEA4-4AC3-9A6F-266CE88AEA40}: DhcpNameServer = 192.168.2.100 200.76.5.147
DPF: {6CB01500-0BBE-499A-A9E9-5F334DBC8E89} - hxxp://148.244.90.21/SLServer/Client/BVCtrl6Es.cab
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\187.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4940)
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\windows\system32\conhost.exe
c:\program files\Hauri\ViRobot Desktop 5.5\AccessControl\HFACSvc.exe
c:\program files\Hauri\Common\hsvcmod.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\conhost.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Hauri\ViRobot Desktop 5.5\PCFirewall\vrfwsvc.exe
c:\program files\Hauri\Common\Base\vrmonsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\McAfee\DLP\Agent\fcagswd.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\McAfee\DLP\Agent\fcag.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hauri\ViRobot Desktop 5.5\PCFirewall\vrfwsock.exe
.
**************************************************************************
.
Completion time: 2012-07-12 17:09:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-12 22:09
ComboFix2.txt 2012-06-27 18:03
ComboFix3.txt 2012-06-23 18:25
.
Pre-Run: 218,084,212,736 bytes libres
Post-Run: 218,079,244,288 bytes libres
.
- - End Of File - - 2AEB5D68A6082EF9CBBEBBF454ABF421


----


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
HAURI AntiVirus ViRobot
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpyHunter
Malwarebytes Anti-Malware versión 1.61.0.1400
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Reader X (10.1.3)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise mfeann.exe
Hauri ViRobot Desktop 5.5 PCFirewall vrfwsvc.exe
Hauri ViRobot Desktop 5.5 PCFirewall vrfwsock.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


-----

#5 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:47 PM

Posted 12 July 2012 - 10:15 PM

Do the redirects occur only in Chrome, or Internet Explorer as well? Please let me know. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#6 alonsom13

alonsom13
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 13 July 2012 - 09:16 AM

Hi D-FRED-BROWN

The redirects happens on both, Chrome and IE
frecuently (about 50 or 60% of the times)
i have to either go back and click on the link again
or trying opening new tabs until the page I want is opened


regards

#7 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:47 PM

Posted 13 July 2012 - 01:43 PM

Thank you for the information. Let's try this:

Please Launch Malwarebytes' Anti-Malware.
  • Please click Check for Updates to see if any updates are found. If so, please allow MBAM to download and install them.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK for either of the prompts and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#8 alonsom13

alonsom13
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 13 July 2012 - 03:05 PM

Hi again

Here is the MBAM log
sorry its in spanish
says no malware found
no need to restar the computer



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Versión de la Base de Datos: v2012.07.13.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
amenabrito :: AMENABRITO [administrador]

13/07/2012 01:52:23 p.m.
mbam-log-2012-07-13 (13-52-23).txt

Tipos de Análisis: Análisis Completo (C:\|D:\|)
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 336382
Tiempo transcurrido: 1 hora(s), 9 minuto(s), 23 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 0
(No se han detectado elementos maliciosos)

fin)

#9 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:47 PM

Posted 14 July 2012 - 11:55 AM

Please do the following:
  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

Note: you can opt out of the optional Avast! antivirus scan.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#10 alonsom13

alonsom13
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 14 July 2012 - 12:19 PM

Thanks

here is the log
no fix attempted
and attached the zipped file


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-14 12:13:42
-----------------------------
12:13:42.469 OS Version: Windows 6.1.7601 Service Pack 1
12:13:42.469 Number of processors: 4 586 0x2505
12:13:42.471 ComputerName: AMENABRITO UserName: amenabrito
12:14:03.380 Initialize success
12:14:37.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:14:37.331 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 8
12:14:37.446 Disk 0 MBR read successfully
12:14:37.450 Disk 0 MBR scan
12:14:37.455 Disk 0 Windows 7 default MBR code
12:14:37.459 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:14:37.474 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 750 MB offset 81920
12:14:37.485 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 235634 MB offset 1617920
12:14:37.491 Disk 0 Partition - 00 0F Extended LBA 2050 MB offset 484196352
12:14:37.535 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2049 MB offset 484198400
12:14:37.643 Disk 0 scanning sectors +488394752
12:14:37.722 Disk 0 scanning C:\Windows\system32\drivers
12:14:52.803 Service scanning
12:15:06.074 Modules scanning
12:15:17.003 Disk 0 trace - called modules:
12:15:17.036 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll
12:15:17.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870dd4f8]
12:15:17.056 3 CLASSPNP.SYS[8c9ca59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86612028]
12:15:17.066 Scan finished successfully
12:15:37.034 Disk 0 MBR has been saved successfully to "C:\Users\amenabrito\Desktop\MBR.dat"
12:15:37.046 The log file has been saved successfully to "C:\Users\amenabrito\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   622bytes   0 downloads


#11 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:47 PM

Posted 14 July 2012 - 02:48 PM

We've got some more digging to do it seems. Please do the following:

----------Step 1----------------
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


----------Step 2----------------
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

----------Step 3----------------
Please post both MiniToolBox report (Result.txt) as well as the ESET scan results in your next reply.

Edited by D-FRED-BROWN, 14 July 2012 - 02:48 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#12 alonsom13

alonsom13
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 16 July 2012 - 10:16 AM

Hi D-FRED-BROWN
sorry for the delay
Here you go


MINITOOLBOX (in spanish, the way it reported)

MiniToolBox by Farbar Version: 15-07-2012
Ran by amenabrito (administrator) on 16-07-2012 at 09:05:56
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Tarjeta Mini de media altura WLAN Wireless-N DW1501 = Conexión de red inalámbrica (Connected)
Dispositivo Bluetooth (Red de área personal) = Conexión de red Bluetooth (Media disconnected)
Intel® 82577LM Gigabit Network Connection = Conexión de área local (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Conexión de red inalámbrica 2 (Media disconnected)


# ----------------------------------
# Configuraci¢n de IPv4
# ----------------------------------
pushd interface ipv4

reset
set global
add route prefix=0.0.0.0/0 interface="Conexi¢n de  rea local" nexthop=192.168.2.191 publish=S¡
add address name="Conexi¢n de  rea local" address=192.168.2.121 mask=255.255.255.0


popd
# Fin de la configuraci¢n de IPv4



Configuraci¢n IP de Windows

Nombre de host. . . . . . . . . : amenabrito
Sufijo DNS principal . . . . . : mrm.local
Tipo de nodo. . . . . . . . . . : h¡brido
Enrutamiento IP habilitado. . . : no
Proxy WINS habilitado . . . . . : no
Lista de b£squeda de sufijos DNS: mrm.local

Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica 2:

Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Direcci¢n f¡sica. . . . . . . . . . . . . : 78-E4-00-D4-2C-BF
DHCP habilitado . . . . . . . . . . . . . : s¡
Configuraci¢n autom tica habilitada . . . : s¡

Adaptador de Ethernet Conexi¢n de  rea local:

Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Intel® 82577LM Gigabit Network Connection
Direcci¢n f¡sica. . . . . . . . . . . . . : 00-26-B9-DA-A6-42
DHCP habilitado . . . . . . . . . . . . . : no
Configuraci¢n autom tica habilitada . . . : s¡

Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica:

Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Tarjeta Mini de media altura WLAN Wireless-N DW1501
Direcci¢n f¡sica. . . . . . . . . . . . . : 78-E4-00-D4-2C-BF
DHCP habilitado . . . . . . . . . . . . . : s¡
Configuraci¢n autom tica habilitada . . . : s¡
V¡nculo: direcci¢n IPv6 local. . . : fe80::554:c351:616f:c486%12(Preferido)
Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.4.79(Preferido)
M scara de subred . . . . . . . . . . . . : 255.255.255.0
Concesi¢n obtenida. . . . . . . . . . . . : lunes, 16 de julio de 2012 08:59:13 a.m.
La concesi¢n expira . . . . . . . . . . . : lunes, 18 de enero de 2038 10:14:07 p.m.
Puerta de enlace predeterminada . . . . . : 192.168.4.191
Servidor DHCP . . . . . . . . . . . . . . : 192.168.4.191
IAID DHCPv6 . . . . . . . . . . . . . . . : 293135360
DUID de cliente DHCPv6. . . . . . . . . . : 00-01-00-01-16-FD-0A-88-78-E4-00-D4-2C-BF
Servidores DNS. . . . . . . . . . . . . . : 192.168.2.100
200.76.5.147
NetBIOS sobre TCP/IP. . . . . . . . . . . : habilitado

Adaptador de Ethernet Conexi¢n de red Bluetooth:

Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Dispositivo Bluetooth (Red de  rea personal)
Direcci¢n f¡sica. . . . . . . . . . . . . : 70-F1-A1-9B-91-17
DHCP habilitado . . . . . . . . . . . . . : s¡
Configuraci¢n autom tica habilitada . . . : s¡

Adaptador de t£nel isatap.{DCBF4DE1-FEA4-4AC3-9A6F-266CE88AEA40}:

Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Adaptador ISATAP de Microsoft
Direcci¢n f¡sica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuraci¢n autom tica habilitada . . . : s¡

Adaptador de t£nel isatap.{9DA77FAA-0F47-4112-AFA6-442D2056C6A9}:

Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Adaptador ISATAP de Microsoft #2
Direcci¢n f¡sica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuraci¢n autom tica habilitada . . . : s¡

Adaptador de t£nel Conexi¢n de  rea local* 2:

Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Direcci¢n f¡sica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuraci¢n autom tica habilitada . . . : s¡
Direcci¢n IPv6 . . . . . . . . . . : 2001:0:5ef5:79fb:14a9:2fd5:3f57:fbb0(Preferido)
V¡nculo: direcci¢n IPv6 local. . . : fe80::14a9:2fd5:3f57:fbb0%15(Preferido)
Puerta de enlace predeterminada . . . . . : ::
NetBIOS sobre TCP/IP. . . . . . . . . . . : deshabilitado

Adaptador de t£nel isatap.{41F10025-6C42-4C96-9C36-E0993790A83B}:

Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Adaptador ISATAP de Microsoft #3
Direcci¢n f¡sica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuraci¢n autom tica habilitada . . . : s¡

Adaptador de t£nel isatap.{E5E33614-B430-410D-ABC1-1F7EC474DAC8}:

Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Adaptador ISATAP de Microsoft #4
Direcci¢n f¡sica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuraci¢n autom tica habilitada . . . : s¡
Servidor: UnKnown
Address: 192.168.2.100

Nombre: google.com
Addresses: 2001:4860:800a::71
74.125.137.100
74.125.137.101
74.125.137.102
74.125.137.113
74.125.137.138
74.125.137.139


Haciendo ping a google.com [74.125.137.101] con 32 bytes de datos:
Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.

Estad¡sticas de ping para 74.125.137.101:
Paquetes: enviados = 2, recibidos = 0, perdidos = 2
(100% perdidos),
Servidor: UnKnown
Address: 192.168.2.100

Nombre: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Haciendo ping a yahoo.com [72.30.38.140] con 32 bytes de datos:
Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.

Estad¡sticas de ping para 72.30.38.140:
Paquetes: enviados = 2, recibidos = 0, perdidos = 2
(100% perdidos),
Servidor: UnKnown
Address: 192.168.2.100

Nombre: bleepingcomputer.com
Address: 208.43.87.2


Haciendo ping a bleepingcomputer.com [208.43.87.2] con 32 bytes de datos:
Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.

Estad¡sticas de ping para 208.43.87.2:
Paquetes: enviados = 2, recibidos = 0, perdidos = 2
(100% perdidos),

Haciendo ping a 127.0.0.1 con 32 bytes de datos:
Respuesta desde 127.0.0.1: bytes=32 tiempo<1m TTL=128
Respuesta desde 127.0.0.1: bytes=32 tiempo<1m TTL=128

Estad¡sticas de ping para 127.0.0.1:
Paquetes: enviados = 2, recibidos = 2, perdidos = 0
(0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
M¡nimo = 0ms, M ximo = 0ms, Media = 0ms
===========================================================================
ILista de interfaces
16...78 e4 00 d4 2c bf ......Microsoft Virtual WiFi Miniport Adapter
14...00 26 b9 da a6 42 ......Intel® 82577LM Gigabit Network Connection
12...78 e4 00 d4 2c bf ......Tarjeta Mini de media altura WLAN Wireless-N DW1501
10...70 f1 a1 9b 91 17 ......Dispositivo Bluetooth (Red de  rea personal)
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Adaptador ISATAP de Microsoft
19...00 00 00 00 00 00 00 e0 Adaptador ISATAP de Microsoft #2
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Adaptador ISATAP de Microsoft #3
18...00 00 00 00 00 00 00 e0 Adaptador ISATAP de Microsoft #4
===========================================================================

IPv4 Tabla de enrutamiento
===========================================================================
Rutas activas:
Destino de red M scara de red Puerta de enlace Interfaz M‚trica
0.0.0.0 0.0.0.0 192.168.4.191 192.168.4.79 25
127.0.0.0 255.0.0.0 En v¡nculo 127.0.0.1 306
127.0.0.1 255.255.255.255 En v¡nculo 127.0.0.1 306
127.255.255.255 255.255.255.255 En v¡nculo 127.0.0.1 306
192.168.4.0 255.255.255.0 En v¡nculo 192.168.4.79 281
192.168.4.79 255.255.255.255 En v¡nculo 192.168.4.79 281
192.168.4.255 255.255.255.255 En v¡nculo 192.168.4.79 281
224.0.0.0 240.0.0.0 En v¡nculo 127.0.0.1 306
224.0.0.0 240.0.0.0 En v¡nculo 192.168.4.79 281
255.255.255.255 255.255.255.255 En v¡nculo 127.0.0.1 306
255.255.255.255 255.255.255.255 En v¡nculo 192.168.4.79 281
===========================================================================
Rutas persistentes:
Direcci¢n de red M scara de red Direcci¢n de puerta de enlace M‚trica
0.0.0.0 0.0.0.0 192.168.2.191 Predeterminada
===========================================================================

IPv6 Tabla de enrutamiento
===========================================================================
Rutas activas:
Cuando destino de red m‚trica Puerta de enlace
15 58 ::/0 En v¡nculo
1 306 ::1/128 En v¡nculo
15 58 2001::/32 En v¡nculo
15 306 2001:0:5ef5:79fb:14a9:2fd5:3f57:fbb0/128
En v¡nculo
12 281 fe80::/64 En v¡nculo
15 306 fe80::/64 En v¡nculo
12 281 fe80::554:c351:616f:c486/128
En v¡nculo
15 306 fe80::14a9:2fd5:3f57:fbb0/128
En v¡nculo
1 306 ff00::/8 En v¡nculo
15 306 ff00::/8 En v¡nculo
12 281 ff00::/8 En v¡nculo
===========================================================================
Rutas persistentes:
Ninguno
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/14/2012 01:57:39 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: El análisis encontró detecciones. Versión de motor de análisis 5400.1158 versión DAT 6770.

Error: (07/14/2012 01:55:53 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: El archivo c:\Archivos de programa\HAURI\SiteServer\VISMSUpdate\vms1005.zip\CliSvc.exe contiene Generic.dx!oeo Troyano. Error de limpieza indeterminado. No se pudo eliminar. Detectado con la versión de motor de análisis 5400.1158 versión DAT 6770.0000.

Error: (07/14/2012 01:22:19 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: El archivo c:\Program Files\HAURI\SiteServer\VISMSUpdate\vms1005.zip\CliSvc.exe contiene Generic.dx!oeo Troyano. Error de limpieza indeterminado. No se pudo eliminar. Detectado con la versión de motor de análisis 5400.1158 versión DAT 6770.0000.

Error: (07/12/2012 04:41:05 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: El archivo C:\Users\AMENAB~1\AppData\Local\Temp\Av-test.txt contiene EICAR test file Prueba. No hay ningún programa de limpieza disponible. El archivo se ha eliminado correctamente. Detectado con la versión de motor de análisis 5400.1158 versión DAT 6769.0000.

Error: (07/12/2012 09:07:53 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: No se pudo finalizar una transacción de Windows Installer {90120000-0053-0000-0000-0000000FF1CE}. Error 1603 al finalizar la transacción.

Error: (07/12/2012 09:06:08 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: No se pudo finalizar una transacción de Windows Installer {90120000-0053-0000-0000-0000000FF1CE}. Error 1603 al finalizar la transacción.

Error: (07/12/2012 09:05:56 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: No se pudo finalizar una transacción de Windows Installer {90120000-0053-0000-0000-0000000FF1CE}. Error 1603 al finalizar la transacción.

Error: (07/12/2012 09:02:42 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: No se pudo finalizar una transacción de Windows Installer {90120000-0053-0000-0000-0000000FF1CE}. Error 1603 al finalizar la transacción.

Error: (07/12/2012 09:01:00 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: No se pudo finalizar una transacción de Windows Installer {90120000-0053-0000-0000-0000000FF1CE}. Error 1603 al finalizar la transacción.

Error: (07/12/2012 09:00:15 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: No se pudo finalizar una transacción de Windows Installer {90120000-0053-0000-0000-0000000FF1CE}. Error 1603 al finalizar la transacción.


System errors:
=============
Error: (07/16/2012 09:00:02 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: No se puede procesar la directiva de grupo debido a que no se puede conectar a un controlador de dominio a través de la red. Esta condición puede ser temporal. Se podría generar un mensaje de operación correcta una vez que el equipo se conecte al controlador de dominio y la directiva de grupo se procese correctamente. Póngase en contacto con el administrador si no ve un mensaje de operación correcta en un algún par de horas.

Error: (07/16/2012 08:59:31 AM) (Source: NETLOGON) (User: )
Description: Error en la configuración de sesión al Controlador de dominio \\mrmapp1.mrm.local de Windows NT o Windows 2000 para el dominio MRM
porque el controlador de dominio no poseía la cuenta AMENABRITO$
necesaria para que este equipo configurara la sesión AMENABRITO.



DATOS ADICIONALES

Si este equipo es miembro del dominio especificado o un controlador de dominio de dicho domino, la
cuenta anteriormente mencionada es una cuenta de equipo para este equipo en el dominio especificado.
De lo contrario, la cuenta es una cuenta de confianza entre dominios con el dominio especificado.

Error: (07/16/2012 08:59:12 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: El servicio Programador de tareas no pudo cargar las tareas al inicio del servicio. Datos adicionales: valor del error: 2147549183.

Error: (07/16/2012 08:59:12 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: El servicio Programador de tareas no pudo cargar las tareas al inicio del servicio. Datos adicionales: valor del error: 2147549183.

Error: (07/16/2012 08:59:12 AM) (Source: NETLOGON) (User: )
Description: Este equipo no pudo establecer una sesión segura con un controlador de
dominio en el dominio MRM debido a lo siguiente:
%%1311

Esto puede derivar en problemas de autenticación. Asegúrese de que el
equipo esté conectado a la red. Si el problema persiste,
póngase en contacto con el administrador de dominio.



INFORMACIÓN ADICIONAL

Si este equipo es un controlador de dominio para el dominio especificado,
establece la sesión segura con el emulador del controlador de dominio primario en el dominio
especificado. De lo contrario, este equipo establece la sesión segura con cualquier controlador de dominio
en el dominio especificado.

Error: (07/14/2012 01:06:31 PM) (Source: NETLOGON) (User: )
Description: Este equipo no pudo establecer una sesión segura con un controlador de
dominio en el dominio MRM debido a lo siguiente:
%%1311

Esto puede derivar en problemas de autenticación. Asegúrese de que el
equipo esté conectado a la red. Si el problema persiste,
póngase en contacto con el administrador de dominio.



INFORMACIÓN ADICIONAL

Si este equipo es un controlador de dominio para el dominio especificado,
establece la sesión segura con el emulador del controlador de dominio primario en el dominio
especificado. De lo contrario, este equipo establece la sesión segura con cualquier controlador de dominio
en el dominio especificado.

Error: (07/14/2012 09:03:19 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: No se puede procesar la directiva de grupo debido a que no se puede conectar a un controlador de dominio a través de la red. Esta condición puede ser temporal. Se podría generar un mensaje de operación correcta una vez que el equipo se conecte al controlador de dominio y la directiva de grupo se procese correctamente. Póngase en contacto con el administrador si no ve un mensaje de operación correcta en un algún par de horas.

Error: (07/14/2012 09:02:47 AM) (Source: NETLOGON) (User: )
Description: Error en la configuración de sesión al Controlador de dominio \\mrmapp1.mrm.local de Windows NT o Windows 2000 para el dominio MRM
porque el controlador de dominio no poseía la cuenta AMENABRITO$
necesaria para que este equipo configurara la sesión AMENABRITO.



DATOS ADICIONALES

Si este equipo es miembro del dominio especificado o un controlador de dominio de dicho domino, la
cuenta anteriormente mencionada es una cuenta de equipo para este equipo en el dominio especificado.
De lo contrario, la cuenta es una cuenta de confianza entre dominios con el dominio especificado.

Error: (07/14/2012 09:02:29 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: El servicio Programador de tareas no pudo cargar las tareas al inicio del servicio. Datos adicionales: valor del error: 2147549183.

Error: (07/14/2012 09:02:29 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: El servicio Programador de tareas no pudo cargar las tareas al inicio del servicio. Datos adicionales: valor del error: 2147549183.


Microsoft Office Sessions:
=========================
Error: (07/07/2012 02:24:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8367 seconds with 300 seconds of active time. This session ended with a crash.

Error: (07/03/2012 10:37:01 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5537 seconds with 1260 seconds of active time. This session ended with a crash.

Error: (06/26/2012 07:05:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12618 seconds with 60 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Reader X (10.1.3) - Español (Version: 10.1.3)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
BIO Vue for Microsoft Dynamics SL Client (Spanish) (Version: 06.00.0205.1627)
Control ActiveX de Windows Live Mesh para conexiones remotas (Version: 15.4.5722.2)
D3DX10 (Version: 15.4.2368.0902)
Desinstalación de CopyTrans Suite solamente (Version: 2.36)
DW WLAN Card Utility (Version: 5.60.48.35)
ESET Online Scanner v3
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 19.0.1084.56)
HiJackThis (Version: 1.0.0)
Intel® Network Connections Drivers (Version: 15.2)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware versión 1.62.0.1300 (Version: 1.62.0.1300)
McAfee Agent (Version: 4.6.0.2292)
McAfee DLP Endpoint (Version: 9.2.100.36)
McAfee VirusScan Enterprise (Version: 8.8.01000)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile ESN Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook 2007 Help Actualización (KB963677)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office PowerPoint MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Project Professional 2003 (Version: 11.0.8173.0)
Microsoft Office Proof (Basque) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Catalan) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Galician) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 15.4.2862.0708)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (Version: 4.0.30319)
QuickTime (Version: 7.71.80.42)
SmartDraw 2012
SpyHunter (Version: 4.9.11.3987)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
ViRobot Desktop 5.5
ViRobot ISMS Client 3.5
ViRobot ISMS Server 3.5 (Version: 3.5)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.11 (32-bit) (Version: 4.11.0)

========================= Devices: ================================

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 3509.84 MB
Available physical RAM: 1835.32 MB
Total Pagefile: 7017.96 MB
Available Pagefile: 4910.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1929.35 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:230.11 GB) (Free:203.15 GB) NTFS
2 Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.9 GB) FAT32

========================= Users: ========================================

Cuentas de usuario de \\AMENABRITO

Administrador Invitado mrm
Se ha completado el comando correctamente.

========================= Minidump Files ==================================

No minidump file found


**** End of log ****


-----

ESET ONLINE


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ef91ac09f9c9234eb20bf32da4fe834a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-03 09:11:19
# local_time=2012-07-03 04:11:19 (-0600, Hora de verano central (México))
# country="Mexico"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5633 16775037 100 100 0 245852396 0 0
# compatibility_mode=5893 16776574 100 94 120827 92891587 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=98391
# found=0
# cleaned=0
# scan_time=3084
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ef91ac09f9c9234eb20bf32da4fe834a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-05 10:57:08
# local_time=2012-07-05 05:57:08 (-0600, Hora de verano central (México))
# country="Mexico"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5633 16775037 100 100 0 246027585 0 0
# compatibility_mode=5893 16776574 100 94 296016 93066776 0 0
# compatibility_mode=8192 67108863 100 0 89002 89002 0 0
# scanned=100066
# found=0
# cleaned=0
# scan_time=7046
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ef91ac09f9c9234eb20bf32da4fe834a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-14 03:30:29
# local_time=2012-07-14 10:30:29 (-0600, Hora de verano central (México))
# country="Mexico"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5633 16775037 100 100 22380 246780857 166457 0
# compatibility_mode=5893 16776574 100 94 1049288 93820048 0 0
# compatibility_mode=8192 67108863 100 0 842274 842274 0 0
# scanned=103371
# found=2
# cleaned=2
# scan_time=4573
C:\Users\amenabrito\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008be JS/Kryptik.RK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\amenabrito\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\6197386a-7a7d50f1 a variant of Win32/Kryptik.AIJY trojan (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ef91ac09f9c9234eb20bf32da4fe834a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2012-07-16 03:05:30
# local_time=2012-07-16 10:05:30 (-0600, Hora de verano central (México))
# country="Mexico"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5633 16775037 100 100 194867 246953344 338944 0
# compatibility_mode=5893 16776574 100 94 1221775 93992535 0 0
# compatibility_mode=8192 67108863 100 0 1014761 1014761 0 0
# scanned=103215
# found=0
# cleaned=0
# scan_time=3386

#13 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:47 PM

Posted 16 July 2012 - 12:48 PM

Before we do anything else, have the redirects reappeared? Please let me know. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#14 alonsom13

alonsom13
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 16 July 2012 - 12:53 PM

Actually, so far
no redirections
I´ve tried Google searchs on both IE and Chrome
opening 20+ links
no strange pages at the moment

#15 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:47 PM

Posted 16 July 2012 - 12:57 PM

That's great! :clapping:

At this point, I'd say you are clean. Since you appear to be doing a good job of keeping your programs up-to-date, I will now provide you with some suggestions for security software.


The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------


Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.


It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.
AntiVir
AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available A tutorial on understanding and using firewalls may be found here.


If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users