Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with unknown redirect virus/malware


  • This topic is locked This topic is locked
146 replies to this topic

#1 cllopezm

cllopezm

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 12 January 2013 - 02:44 PM

Hello friends at Bleeping computer,

I'm new here and this is my 2nd post (the 1st one, introduction of myself.)

I've detected a kind of malware I can't remove, for a long time, some months. But about 2 weeks ago the thing erupted and was out of control. I remember I modified some BIOS settings to accelerate my processor. Then I found that the browser started redirecting on every web site I browsed to a blank page or to google.com. I could manage but then about 10 days ago it started opening lots of browser windows, which I had to kill manually, in the end I lost the computer and had to shut it down "by force." I tried restarting on safe mode and could not start; also tried to start on my old Windows 98 installation but it was damaged long ago.

So I finally started again and used msconfig.exe to deactivate all I could.

I switched the default browser to Safari, and then changed the name of the executable, and stopped the browser's hell.

After reactivating a few services, I started using lots of malware detectors. Some removed a few things, others didn't detect anything:
- Avira antivirus (no detection)
- Avast! (same result)
- Norton Security Scan (detected one, but asks for payment - and I'm not using payments in a hijacked computer! could be a fake program asking for my credit card info, and I have no credit card as well.)
- Panda:
1- from Panda I used ActiveScan and had to stop it, first didn't run from the browsers, they asked me to install Panda Cloud Cleaner and didn't detect anything.
2- Then I used ActiveScan and also didn't detecting anything. I had to stop it before the scan was complete.
- HijackThis
I ran this tool but since the recommendations here in BleepingComputer mention not to post anything yet not recommended, I saved the logs and instead followed the procedure, downloading DDS.
- Ad-Aware Antivirus detected a few bugs and corrected them, but now and then, Internet Explorer opens by itself and starts opening multiple browser windows.
- Malwarebytes detected a lot of them and deleted them as well.
- Spybot's Search & Destroy 2 run and detected one already whitelisted. MajorGeeks recommended using the VX2 plugin which I couldn't install on it. Doing some research, people said this plugin was already added to the SD installer.

I ran an immunization from Spybot SD but still the browsing hell unleashes now and then.

I deactivated a lot of services but I'm sure some of them are still "infected" or damaged or tampered with malware.

So I reactivated a few of them in order to connect again to the Internet and send this post.

I really hope you guys can help me, I know I'll have to wait and I'll keep doing my part meanwhile. Of course, if I can help someone I'm willing to lend a hand too.

Thank you guys.

As requested in the Preparation Guide, below is the dds.txt content, and the attached file generated by dds,
Attached File  attach.zip   5.65KB   1 downloads

:



DDS (Ver_2012-11-20.01) - FAT32_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by CésarLeninLópezMuñoz at 13:11:58 on 2013-01-12
#Option Extended Search is enabled.
Microsoft Windows XP Professional 5.1.2600.3.1252.504.1033.18.1279.457 [GMT -6:00]
.
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled*
FW: avast! Internet Security *Enabled*
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ================
.
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\totalcmd\TOTALCMD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\totalcmd\TOTALCMD.EXE
D:\WINDOWS\system32\mmc.exe
D:\Program Files\Microsoft Office\Office12\WINWORD.EXE
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\dllhost.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\DOCUME~1\CÉSARL~1\LOCALS~1\Temp\nsv1ED.tmp\ns1EE.tmp
D:\WINDOWS\System32\wbem\wmiprvse.exe
D:\DOCUME~1\CÉSARL~1\LOCALS~1\Temp\nsv1ED.tmp\PEV.DAT
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\System32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - d:\program

files\yahoo!\companion\installs\cpn4\yt.dll
uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - d:\program files\adawaretb\adawareDx.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - d:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - d:\program files\divx\divx plus web

player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy

2\SDHelper.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - d:\program files\adawaretb\adawareDx.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - d:\program files\microsoft\search enhancement pack\search

helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - d:\program files\microsoft

office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre7\bin\ssv.dll
BHO: Video Download Toolbar Helper: {83BD144C-5E53-4E12-8E99-5A7F1BBF3EA0} - d:\program files\video download

toolbar\v3.3.0.3\Video_Download_Toolbar.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - d:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: IeCatch2 Class: {A5366673-E8CA-11D3-9CD9-0090271D075B} - d:\program files\flashget\Jccatch.dll
BHO: Plugin for GeneralDownloader: {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - d:\documents and

settings\césarleninlópezmuñoz\application data\general downloader\extensions\IEPlugin32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - d:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - d:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - d:\documents and settings\césarleninlópezmuñoz\application

data\flashgetbho\FlashGetBHO3.dll
BHO: Video Download Toolbar IE Browser Helper Object: {B29002A0-87A1-4DC4-AC55-5982034EB61E} - d:\program files\video

download toolbar\v3.3.0.3\resources\VideoDownloadToolbar.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - d:\program files\iobit\advanced

systemcare 6\browerprotect\ASCPlugin_Protection.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - d:\program

files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - d:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - d:\program

files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - d:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - d:\program files\windows live\toolbar\wltcore.dll
TB: Video Download Toolbar: {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - d:\program files\video download

toolbar\v3.3.0.3\Video_Download_Toolbar.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - d:\program

files\ask.com\GenericAskToolbar.dll
TB: FlashGet Bar: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - d:\program files\flashget\fgiebar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - d:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - d:\program files\windows live\toolbar\wltcore.dll
TB: Video Download Toolbar: {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - d:\program files\video download

toolbar\v3.3.0.3\Video_Download_Toolbar.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - d:\program

files\ask.com\GenericAskToolbar.dll
TB: Advanced SystemCare Surfing Protection: {C262D7CF-4AE3-41C8-937A-BC727ABE907F} - d:\program files\iobit\advanced

systemcare 6\browerprotect\ASCPlugin_Protection.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - d:\program files\adawaretb\adawareDx.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [MSConfig] d:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TVTray] <no file>
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:148
uPolicies-Explorer: NoDriveAutoRun = dword:1
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:149
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - d:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft

office\office12\ONBttnIE.dll
IE: {2A4C4CD6-CA0E-42EC-9738-ABD90AD3EA44} - d:\program files\freshdevices\freshdownload\fd.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\program files\microsoft

activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\program files\microsoft

activesync\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - d:\program

files\winhttrack\WinHTTrackIEBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search &

destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -

hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} -

hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 192.168.2.1 190.5.108.48 190.5.69.231 190.5.104.48
TCP: Interfaces\{0825F0D8-862B-4E62-8A77-2A833A8F41E9} : NameServer = 192.168.2.1
TCP: Interfaces\{1AC73916-1224-48B7-A3F5-69FEF7DDE83C} : DHCPNameServer = 192.168.2.1 190.5.108.48 190.5.69.231 190.5.104.48
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft

office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\program files\common files\skype\Skype4COM.dll
Notify: LMIinit - LMIinit.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - d:\program files\microsoft

office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\césarleninlópezmuñoz\application data\mozilla\firefox\profiles\tf31ic7w.default\
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;d:\windows\system32\drivers\gfibto.sys [2013-1-8 13560]
R0 hotcore3;hc3ServiceName;d:\windows\system32\drivers\hotcore3.sys [2012-9-25 58496]
R0 pavboot;Panda Boot Driver;d:\windows\system32\drivers\pavboot.sys [2013-1-6 28552]
R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [2011-2-24 738504]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2010-9-23 361032]
R1 avkmgr;avkmgr;d:\windows\system32\drivers\avkmgr.sys [2012-12-13 36552]
R1 sbaphd;sbaphd;d:\windows\system32\drivers\sbaphd.sys [2013-1-8 22064]
R1 Uim_Vim;UIM Virtual Image Plugin;d:\windows\system32\drivers\Uim_Vim.sys [2012-6-4 283344]
R2 Ad-Aware Service;Ad-Aware Service;d:\program files\ad-aware antivirus\AdAwareService.exe [2012-12-14 1236968]
R2 AntiVirSchedulerService;Avira Scheduler;d:\program files\avira\antivir desktop\sched.exe [2012-12-13 85280]
R2 AntiVirService;Avira Real-Time Protection;d:\program files\avira\antivir desktop\avguard.exe [2012-12-13 109344]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2010-9-23 21256]
R2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast5\AvastSvc.exe [2010-9-23 44808]
R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2012-12-13 83944]
R2 fssfltr;FssFltr;d:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-5 54752]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\logmein\x86\rainfo.sys [2008-2-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;d:\windows\system32\drivers\LMIRfsDriver.sys [2008-8-8 47640]
R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-8 398184]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-8 682344]
R2 npf;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2010-1-26 50704]
R2 sbapifs;sbapifs;d:\windows\system32\drivers\sbapifs.sys [2013-1-8 66344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;d:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-9 1103392]
R3 3xHybrid;Philips SAA713x PCI Card;d:\windows\system32\drivers\3xHybrid.sys [2009-1-4 557568]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2013-1-8 21104]
R3 PAC207;VideoCAM GE111;d:\windows\system32\drivers\pfc027.sys [2005-4-8 162176]
R3 SiS300;SiS300;d:\windows\system32\drivers\sis300p.sys [2004-11-7 119552]
S0 SmartDefragDriver;SmartDefragDriver;d:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-17 13496]
S2 713xTVCard;SAA7130 TV Card;d:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504]
S2 SBAMSvc;Ad-Aware;d:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;d:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-9 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;d:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-9

168384]
S2 SrvUpdater;Software Updater;d:\program files\softwareupdater\UpdaterService.exe [2012-12-21 31744]
S3 ASPI;Advanced SCSI Programming Interface Driver;d:\windows\system32\drivers\ASPI32.SYS [2010-3-7 17005]
S3 gfiark;gfiark;d:\windows\system32\drivers\gfiark.sys [2013-1-8 33616]
S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;d:\windows\system32\drivers\MRVW23B.sys [2008-7-7 231040]
S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;d:\windows\system32\drivers\MRVW225.sys [2008-7-7 299904]
S3 Netaapl;Apple Mobile Device Ethernet Service;d:\windows\system32\drivers\netaapl.sys [2011-1-8 18432]
S3 PCAlertDriver;PCAlertDriver;d:\program files\msi\fuzzylogic4\Ntglm7x.sys [2012-1-20 20823]
S3 prwntdrv;prwntdrv;d:\windows\system32\prwntdrv.sys [2012-6-19 13064]
S3 WinRing0_1_2_0;WinRing0_1_2_0;d:\program files\razer\razer game booster\driver\WinRing0.sys [2012-9-17 14416]
S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;d:\program files\iobit\advanced systemcare 6\ASCService.exe

[2012-8-7 1026432]
S4 AviraUpgradeService;Avira Upgrade Service;"d:\windows\temp\avsetup_507e6484\avupgsvc.exe"

/tempstart:""d:\windows\temp\avsetup_507e6484\setup.exe" /notempcleanup /crossupgrade" -->

d:\windows\temp\avsetup_507e6484\avupgsvc.exe [?]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S4 fsssvc;Servicio de Windows Live Protección infantil;d:\program files\windows live\family safety\fsssvc.exe [2010-4-28

704872]
S4 LMIGuardianSvc;LMIGuardianSvc;d:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-11 374152]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"g:\program files\microsoft visual studio 8\common7\ide\remote

debugger\x86\msvsmon.exe" /service msvsmon80 --> g:\program files\microsoft visual studio 8\common7\ide\remote

debugger\x86\msvsmon.exe [?]
S4 Programador de LiveUpdate automático;Programador de LiveUpdate automático;"d:\program

files\symantec\liveupdate\aluschedulersvc.exe" --> d:\program files\symantec\liveupdate\ALUSchedulerSvc.exe [?]
S4 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\program files\sisoftware\sisoftware sandra professional business

2009\RpcAgentSrv.exe [2012-1-10 98488]
S4 Skype C2C Service;Skype C2C Service;d:\documents and settings\all users\application data\skype\toolbars\skype c2c

service\c2c_service.exe [2012-12-13 3290896]
S4 SkypeUpdate;Skype Updater;d:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="d:\program files\macromedia\dreamweaver 4\Dreamweaver.exe" "%1"
ShellExec: vmidi.exe: open="d:\program files\vanbasco's karaoke player\vmidi.exe"
ShellExec: vmidi.exe: play="d:\program files\vanbasco's karaoke player\vmidi.exe"
.
=============== Created Last 60 ================
.
2013-01-10 05:10:29 -------- d-----w- d:\documents and settings\all users\application data\Spybot - Search

& Destroy
2013-01-10 05:09:57 15224 ----a-w- d:\windows\system32\sdnclean.exe
2013-01-10 05:09:26 -------- d-----w- d:\program files\Spybot - Search & Destroy 2
2013-01-09 01:15:01 21104 ----a-w- d:\windows\system32\drivers\mbam.sys
2013-01-09 01:15:01 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2013-01-09 00:49:30 -------- d-----w- d:\program files\SoftwareUpdater
2013-01-08 13:45:35 33616 ----a-w- d:\windows\system32\drivers\gfiark.sys
2013-01-08 09:05:55 66344 ----a-w- d:\windows\system32\drivers\sbapifs.sys
2013-01-08 09:05:55 22064 ----a-w- d:\windows\system32\drivers\sbaphd.sys
2013-01-08 09:05:51 -------- d-----w- d:\windows\system32\drivers\VDD
2013-01-08 08:59:14 -------- d-----w- d:\documents and settings\all users\application data\Ad-Aware

Antivirus
2013-01-08 08:58:49 -------- d-----w- d:\documents and settings\césarleninlópezmuñoz\application

data\LavasoftStatistics
2013-01-08 07:46:23 -------- d-----w- d:\program files\Ad-Aware Antivirus
2013-01-08 07:45:01 13560 ----a-w- d:\windows\system32\drivers\gfibto.sys
2013-01-08 07:43:45 316416 ----a-w- D:\vx2cleaner.dlx
2013-01-08 07:43:44 910336 ----a-w- D:\vx2cleaner.dll
2013-01-08 07:43:44 164864 ----a-w- D:\UNWISE.EXE
2013-01-08 07:31:41 -------- d-----w- d:\documents and settings\all users\application data\Ad-Aware

Browsing Protection
2013-01-08 07:31:19 -------- d-----w- d:\program files\Toolbar Cleaner
2013-01-08 07:27:26 -------- d-----w- d:\documents and settings\césarleninlópezmuñoz\application

data\adawaretb
2013-01-08 07:27:16 -------- d-----w- d:\program files\adawaretb
2013-01-08 07:23:56 -------- d-----w- d:\documents and settings\césarleninlópezmuñoz\application

data\Ad-Aware Antivirus
2013-01-08 06:24:52 388096 ----a-r- d:\documents and settings\césarleninlópezmuñoz\application

data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-01-07 00:14:11 28552 ----a-w- d:\windows\system32\drivers\pavboot.sys
2013-01-06 23:58:23 -------- d-----w- d:\documents and settings\césarleninlópezmuñoz\application

data\AskToolbar
2013-01-03 12:52:58 -------- d-sh--w- D:\FOUND.008
2013-01-03 08:26:48 -------- d-sh--w- D:\FOUND.007
2013-01-03 07:11:42 -------- d-sh--w- D:\FOUND.006
2013-01-03 06:57:14 -------- d-sh--w- D:\FOUND.005
2012-12-19 13:42:44 -------- d-----w- d:\windows\system32\drivers\nss\0307020.005
2012-12-19 13:42:43 -------- d-----w- d:\windows\system32\drivers\NSS
2012-12-19 13:42:38 -------- d-----w- d:\program files\Norton Security Scan
2012-12-19 13:42:00 -------- d-----w- d:\documents and settings\all users\application data\Norton
2012-12-19 13:39:43 -------- d-----w- d:\program files\NortonInstaller
2012-12-19 13:39:41 -------- d-----w- d:\documents and settings\all users\application data\NortonInstaller
2012-12-17 05:49:06 -------- d-sh--w- D:\FOUND.004
2012-12-13 20:30:28 5955856 ----a-w- d:\program files\mozilla

firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-12-13 08:29:56 -------- d-----w- d:\documents and settings\césarleninlópezmuñoz\application data\Avira
2012-12-13 08:17:10 83944 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2012-12-13 08:17:10 36552 ----a-w- d:\windows\system32\drivers\avkmgr.sys
2012-12-13 08:17:07 -------- d-----w- d:\program files\Avira
2012-12-13 06:15:48 -------- d-----w- d:\documents and settings\césarleninlópezmuñoz\application

data\WinLive
2012-12-13 06:15:43 -------- d-----w- d:\documents and settings\césarleninlópezmuñoz\application

data\MCommon
2012-12-13 04:32:06 -------- d-----w- d:\program files\Free PDF Unlocker
2012-12-13 03:54:51 -------- d-----w- d:\documents and settings\césarleninlópezmuñoz\application

data\EurekaLog
2012-12-08 06:10:59 891312 ----a-w- d:\program files\mozilla firefox\uninstall\helper.exe
2012-12-03 06:30:10 -------- d-sh--w- D:\FOUND.003
2012-11-30 13:34:22 49152 ----a-w- d:\windows\system32\ChCfg.exe
2012-11-30 13:33:41 -------- d-----w- d:\program files\Realtek AC97
2012-11-30 13:33:40 10528768 ----a-w- d:\windows\system32\RTLCPL.exe
2012-11-30 13:33:38 147456 ----a-w- d:\windows\system32\RtlCPAPI.dll
2012-11-30 13:33:37 315392 ----a-w- d:\windows\alcupd.exe
2012-11-30 13:33:37 217088 ----a-w- d:\windows\Alcrmv.exe
2012-11-28 01:28:23 -------- d-----w- d:\documents and settings\césarleninlópezmuñoz\application

data\Softplicity
2012-11-28 01:28:09 -------- d-----w- d:\program files\PDF Splitter
2012-11-26 03:09:18 -------- d-----w- d:\program files\common files\Macrovision Shared
2012-11-25 05:51:31 -------- d-----w- d:\program files\PHM
2012-11-14 14:42:03 -------- d-----w- d:\program files\iPod
2012-11-14 14:41:57 -------- d-----w- d:\documents and settings\all users\application

data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-14 14:41:56 -------- d-----w- d:\program files\iTunes
2012-11-13 20:29:04 354216 ----a-w- d:\windows\system32\DivXControlPanelApplet.cpl
.
==================== Find6M ====================
.
2012-12-13 02:46:14 73656 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-13 02:46:14 697272 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-10-30 22:51:58 738504 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51:08 41224 ----a-w- d:\windows\avastSS.scr
2012-09-25 05:16:36 93672 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
2012-09-20 11:40:02 13192 ----a-w- d:\windows\system32\drivers\vdd\apvdd.dll
2012-09-20 11:39:58 44424 ----a-w- d:\windows\system32\sbbd.exe
2012-09-17 23:00:36 1998168 ----a-w- d:\windows\system32\D3DX9_43.dll
2012-09-17 23:00:34 2106216 ----a-w- d:\windows\system32\D3DCompiler_43.dll
2012-09-17 23:00:02 470880 ----a-w- d:\windows\system32\d3dx10_43.dll
2012-09-17 23:00:02 248672 ----a-w- d:\windows\system32\d3dx11_43.dll
2012-09-01 06:29:52 821736 ----a-w- d:\windows\system32\npdeployJava1.dll
2012-09-01 06:29:52 746984 ----a-w- d:\windows\system32\deployJava1.dll
2012-08-21 19:01:22 26840 ----a-w- d:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 19:01:22 106928 ----a-w- d:\windows\system32\GEARAspi.dll
2012-08-07 04:32:04 143872 ----a-w- d:\windows\system32javacpl.cpl
2012-07-30 21:18:54 22400 ----a-w- d:\windows\system32\RegistryDefragBootTime.exe
.
============= FINISH: 13:13:27.01 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:02 PM

Posted 12 January 2013 - 03:33 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cllopezm

cllopezm
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 12 January 2013 - 06:40 PM

Hello Gringo, thanks for your help and prompt reply. This is Cesar.

As instructed originally in your guidelines, I used and posted the DDS log. That's why I posted them, I didn't know about your guidelines. That’s why I zipped and attached that log file & pasted it.

Now I'll follow your guidelines.

The virus is still active and already redirected the browser to google so I can't keep logged in BeepingComputer long enough. I'm editing the reply in Word and pasting it here.

On your 1st NOTE:
- I can’t find a Watch Topic Button. In fact I found out your reply by opening my post. I’ll keep doing that. I’m new in this site and still don’t know how buttons and settings work.

I’ll leave for a while and continue after I return, thanks for your help.

The checkup.txt log follows:


Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
avast! Antivirus
Kaspersky Internet Security
ESET NOD32 Antivirus 4.0
Lavasoft Ad-Aware
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
TuneUp Utilities 2007
Lavasoft VX2 Cleaner
nCleaner second 2.3.4.0
Panda Cloud Cleaner
Microsoft VM for Java
Java 7 Update 9
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
Google Chrome plugins...
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Ad-Aware Antivirus AdAwareService.exe
CésarLeninLópezMuñoz My Documents mantenimiento mi PC blank redirect virus removal tools\2013-01-12 troubleshooting with Gringo\1- SecurityCheck.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Alwil Software Avast5 AvastSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive D:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:02 PM

Posted 12 January 2013 - 07:13 PM

if you look right above your first reply you will see three buttons - the one on the left says "watch topic"
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cllopezm

cllopezm
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 12 January 2013 - 11:31 PM

Thank you, gringo. As I mentioned before, I already pasted the checkup log generated by Security Check.

I could only read these 3 buttons:

stop watching topic, add reply, start new topic

So I clicked the 1st, and then appeared : watch topic, add reply, start new topic

So I clicked again on Watch Topic and it showed me the options I already chose when I opened the account.

I chose Immediate Notification.

What should I do now? I ran Security check and pasted the log already.
Thanks.

Update, 11.42pm.

I ran the remaining 2 programs that you mentioned in your 1st procedure, AdwCleaner and RogueKiller. I'm copying their logs here. Thanks for your time.

# AdwCleaner v2.105 - Logfile created 01/12/2013 at 23:17:02
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3, v.3311 (32 bits)
# User : CésarLeninLópezMuñoz - PERSONAL-2JEXC8
# Boot Mode : Normal
# Running from : D:\Documents and Settings\CésarLeninLópezMuñoz\My Documents\mantenimiento mi PC\blank redirect virus removal tools\2013-01-12 troubleshooting with Gringo\2- adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : D:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9aztx16n.default\searchplugins\Conduit.xml
File Deleted : D:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : D:\WINDOWS\system32\conduitEngine.tmp
File Deleted : D:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : D:\DOCUME~1\CÉSARL~1\LOCALS~1\Temp\AskSearch
Folder Deleted : D:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : D:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : D:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : D:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : D:\Documents and Settings\CésarLeninLópezMuñoz\Application Data\adawaretb
Folder Deleted : D:\Documents and Settings\CésarLeninLópezMuñoz\Application Data\AskToolbar
Folder Deleted : D:\Documents and Settings\CésarLeninLópezMuñoz\Application Data\Babylon
Folder Deleted : D:\Documents and Settings\CésarLeninLópezMuñoz\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : D:\Documents and Settings\CésarLeninLópezMuñoz\Application Data\Mozilla\Firefox\Profiles\bkftm865.default-1357416827640\adawaretb
Folder Deleted : D:\Documents and Settings\CésarLeninLópezMuñoz\Application Data\Mozilla\Firefox\Profiles\tf31ic7w.default\adawaretb
Folder Deleted : D:\Documents and Settings\CésarLeninLópezMuñoz\Application Data\Mozilla\Firefox\Profiles\tf31ic7w.default\extensions\toolbar@ask.com
Folder Deleted : D:\Documents and Settings\CésarLeninLópezMuñoz\Application Data\yourfiledownloader
Folder Deleted : D:\Documents and Settings\CésarLeninLópezMuñoz\Local Settings\Application Data\APN
Folder Deleted : D:\Documents and Settings\CésarLeninLópezMuñoz\Local Settings\Application Data\AskToolbar
Folder Deleted : D:\Documents and Settings\CésarLeninLópezMuñoz\Local Settings\Application Data\Babylon
Folder Deleted : D:\Documents and Settings\CésarLeninLópezMuñoz\Local Settings\Application Data\Ilivid Player
Folder Deleted : D:\Documents and Settings\cllopezm\Application Data\Mozilla\Firefox\Profiles\m20o6nad.default\adawaretb
Folder Deleted : D:\Documents and Settings\cllopezm\Local Settings\Application Data\AskToolbar
Folder Deleted : D:\Documents and Settings\Colm\Application Data\Mozilla\Firefox\Profiles\y6arzf5b.default\adawaretb
Folder Deleted : D:\Documents and Settings\Colm\Local Settings\Application Data\AskToolbar
Folder Deleted : D:\Documents and Settings\Familia\Application Data\AskToolbar
Folder Deleted : D:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9aztx16n.default\adawaretb
Folder Deleted : D:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9aztx16n.default\Conduit
Folder Deleted : D:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9aztx16n.default\ConduitEngine
Folder Deleted : D:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9aztx16n.default\extensions\staged
Folder Deleted : D:\Documents and Settings\Familia\Local Settings\Application Data\AskToolbar
Folder Deleted : D:\Documents and Settings\Familia\Local Settings\Application Data\Conduit
Folder Deleted : D:\Documents and Settings\Familia\Local Settings\Application Data\ConduitEngine
Folder Deleted : D:\Program Files\adawaretb
Folder Deleted : D:\Program Files\Ask.com
Folder Deleted : D:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A01A3335-0C30-4312-A430-92356CC37A92}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook
Key Deleted : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKU\S-1-5-21-1644491937-343818398-839522115-1013\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [firefox@bandoo.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (es-CL)

File : D:\Documents and Settings\CésarLeninLópezMuñoz\Application Data\Mozilla\Firefox\Profiles\tf31ic7w.default\prefs.js

D:\Documents and Settings\CésarLeninLópezMuñoz\Application Data\Mozilla\Firefox\Profiles\tf31ic7w.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.asktb.InstallDir", "D:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.OOBEVersion", "1");
Deleted : user_pref("extensions.asktb.apn_dbr", "cr_17.0.963.56");
Deleted : user_pref("extensions.asktb.cbid", "JM");
Deleted : user_pref("extensions.asktb.config-updated", true);
Deleted : user_pref("extensions.asktb.cr-o", "100000080cr");
Deleted : user_pref("extensions.asktb.crumb", "2012.02.22+20.35.39-toolbar015iad-HN-VGVndWNpZ2FscGEsSG9uZHVyYX[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://es.ask.com/web?q={query}&o={o}&l={l}&[...]
Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYHN");
Deleted : user_pref("extensions.asktb.first-launch-url", "hxxp://login.yahoo.com/config/reset_cookies_token?.t[...]
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "291af932-223f-40e6-9e13-f7a5de7e71a2");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1358014551478");
Deleted : user_pref("extensions.asktb.locale", "es_ES");
Deleted : user_pref("extensions.asktb.location", "Tegucigalpa,Honduras");
Deleted : user_pref("extensions.asktb.notification-shown", true);
Deleted : user_pref("extensions.asktb.o", "100000080");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "4");
Deleted : user_pref("extensions.asktb.sa", "NO");
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "2012-02-22 10:47:34 p.m.");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.15.4.100015");
Deleted : user_pref("extensions.asktb.version", "5.15.4.23930");
Deleted : user_pref("extensions.enabledAddons", "LogMeInClient%40logmein.com:1.0.0.972,%7Bb9db16a4-6edc-47ec-a[...]
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112553&babsrc=KW_ss&mntrId=3f819d25000000[...]

File : D:\Documents and Settings\cllopezm\Application Data\Mozilla\Firefox\Profiles\m20o6nad.default\prefs.js

[OK] File is clean.

File : D:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9aztx16n.default\prefs.js

D:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9aztx16n.default\user.js ... Deleted !

Deleted : user_pref("CT2406214.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2406214.CTID", "CT2406214");
Deleted : user_pref("CT2406214.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2406214.EMailNotifierPollDate", "Fri Dec 25 2009 21:26:11 GMT-0600 (Central America Sta[...]
Deleted : user_pref("CT2406214.FeedLastCount7923348117823634131", 1378);
Deleted : user_pref("CT2406214.FeedPollDate7923348117224598874", "Fri Dec 25 2009 20:56:10 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348117391721765", "Fri Dec 25 2009 20:56:09 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348117466036816", "Fri Dec 25 2009 20:56:11 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348117681873899", "Fri Dec 25 2009 20:56:12 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348117746366957", "Fri Dec 25 2009 20:56:12 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348117750015005", "Fri Dec 25 2009 20:56:10 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348117847510602", "Fri Dec 25 2009 20:56:11 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348117921955785", "Fri Dec 25 2009 20:56:10 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348118056178859", "Fri Dec 25 2009 20:56:10 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348118109551332", "Fri Dec 25 2009 20:56:12 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348118148597571", "Fri Dec 25 2009 20:56:12 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348118149247675", "Fri Dec 25 2009 20:56:10 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348118199040986", "Fri Dec 25 2009 20:56:11 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348118424522290", "Fri Dec 25 2009 20:56:09 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348118430015287", "Fri Dec 25 2009 20:56:09 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348118463450147", "Fri Dec 25 2009 20:56:10 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348118482142604", "Fri Dec 25 2009 20:56:12 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348118497243839", "Fri Dec 25 2009 20:56:09 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348118896869830", "Fri Dec 25 2009 20:56:11 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348119447862375", "Fri Dec 25 2009 20:56:11 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348119573657559", "Fri Dec 25 2009 20:56:12 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348119618134140", "Fri Dec 25 2009 20:56:12 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348120061178644", "Fri Dec 25 2009 20:56:10 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348120191860222", "Fri Dec 25 2009 20:56:10 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348120630879186", "Fri Dec 25 2009 20:56:12 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348120692396443", "Fri Dec 25 2009 20:56:12 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348120719490029", "Fri Dec 25 2009 20:56:11 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348120864045343", "Fri Dec 25 2009 20:56:11 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348121105229975", "Fri Dec 25 2009 20:56:12 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348121117115280", "Fri Dec 25 2009 20:56:10 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348121240717193", "Fri Dec 25 2009 20:56:11 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedPollDate7923348121299983385", "Fri Dec 25 2009 20:56:12 GMT-0600 (Central A[...]
Deleted : user_pref("CT2406214.FeedTTL7923348117391721765", 15);
Deleted : user_pref("CT2406214.FeedTTL7923348117466036816", 4);
Deleted : user_pref("CT2406214.FeedTTL7923348117750015005", 10);
Deleted : user_pref("CT2406214.FeedTTL7923348118149247675", 10);
Deleted : user_pref("CT2406214.FeedTTL7923348118482142604", 10);
Deleted : user_pref("CT2406214.FeedTTL7923348118497243839", 60);
Deleted : user_pref("CT2406214.FeedTTL7923348119447862375", 60);
Deleted : user_pref("CT2406214.FeedTTL7923348120191860222", 16);
Deleted : user_pref("CT2406214.FeedTTL7923348120719490029", 60);
Deleted : user_pref("CT2406214.FeedTTL7923348121105229975", 10);
Deleted : user_pref("CT2406214.FirstTime", true);
Deleted : user_pref("CT2406214.FirstTimeFF3", true);
Deleted : user_pref("CT2406214.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2406214.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2406214.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2406214.Initialize", true);
Deleted : user_pref("CT2406214.InitializeCommonPrefs", true);
Deleted : user_pref("CT2406214.InstalledDate", "Thu Nov 19 2009 12:52:13 GMT-0600 (Central America Standard Ti[...]
Deleted : user_pref("CT2406214.InvalidateCache", false);
Deleted : user_pref("CT2406214.IsGrouping", false);
Deleted : user_pref("CT2406214.IsMulticommunity", false);
Deleted : user_pref("CT2406214.IsOpenThankYouPage", true);
Deleted : user_pref("CT2406214.IsOpenUninstallPage", true);
Deleted : user_pref("CT2406214.LanguagePackLastCheckTime", "Fri Dec 25 2009 20:56:08 GMT-0600 (Central America[...]
Deleted : user_pref("CT2406214.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2406214.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2406214.LastLogin_2.4.0.4", "Fri Dec 25 2009 20:56:08 GMT-0600 (Central America Standar[...]
Deleted : user_pref("CT2406214.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2406214.Locale", "es");
Deleted : user_pref("CT2406214.LoginCache", 4);
Deleted : user_pref("CT2406214.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2406214.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2406214.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2406214.RadioIsPodcast", false);
Deleted : user_pref("CT2406214.RadioLastCheckTime", "Fri Dec 25 2009 20:56:09 GMT-0600 (Central America Standa[...]
Deleted : user_pref("CT2406214.RadioLastUpdateIPServer", "4");
Deleted : user_pref("CT2406214.RadioLastUpdateServer", "4");
Deleted : user_pref("CT2406214.RadioMediaID", "9962");
Deleted : user_pref("CT2406214.RadioMediaType", "Media Player");
Deleted : user_pref("CT2406214.RadioMenuSelectedID", "EBRadioMenu_CT24062149962");
Deleted : user_pref("CT2406214.RadioStationName", "California%20Rock");
Deleted : user_pref("CT2406214.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT2406214.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2406214.SearchBoxWidth", 150);
Deleted : user_pref("CT2406214.SearchEngine", "Buscar||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2406214.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2406214.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240[...]
Deleted : user_pref("CT2406214.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2406214.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2406214.SearchInNewTabLastCheckTime", "Fri Dec 25 2009 20:56:04 GMT-0600 (Central Ameri[...]
Deleted : user_pref("CT2406214.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...]
Deleted : user_pref("CT2406214.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2406214.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2406214.SettingsLastCheckTime", "Fri Dec 25 2009 20:56:02 GMT-0600 (Central America Sta[...]
Deleted : user_pref("CT2406214.SettingsLastUpdate", "1258231764");
Deleted : user_pref("CT2406214.ThirdPartyComponentsInterval", 72);
Deleted : user_pref("CT2406214.ThirdPartyComponentsLastCheck", "Thu Dec 24 2009 15:25:47 GMT-0600 (Central Ame[...]
Deleted : user_pref("CT2406214.ThirdPartyComponentsLastUpdate", "1258231764");
Deleted : user_pref("CT2406214.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2406214.UserID", "UN60226498822192061");
Deleted : user_pref("CT2406214.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2406214.WeatherNetwork", "");
Deleted : user_pref("CT2406214.WeatherPollDate", "Fri Dec 25 2009 20:56:10 GMT-0600 (Central America Standard [...]
Deleted : user_pref("CT2406214.WeatherUnit", "C");
Deleted : user_pref("CT2406214.alertChannelId", "800694");
Deleted : user_pref("CT2406214.clientLogIsEnabled", false);
Deleted : user_pref("CT2406214.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2406214.myStuffEnabled", true);
Deleted : user_pref("CT2406214.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2406214.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E[...]
Deleted : user_pref("CT2406214.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2406214.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2406214.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2406214,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2406214");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Apr 17 2011 11:02:14 GMT-06[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 0);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jul 03 2011 17:03:43 GMT-0600 (Central A[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "aae1c9d5-874f-4eba-81c8-2f92ec6d37ce");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2406214");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun Jul 03 2011 17:04:10 GMT-0600 (Central Amer[...]
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Jul 03 2011 16:54:31 GMT-0600 (Central Am[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "04/17/2011 20");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Mon May 02 2011 11:37:11 GMT-0600 (Central America Standar[...]
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Jul 03 2011 16:54:31 GMT-0600 (Central Ame[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sun Jul 03 2011 16:54:31 GMT-0600 (Central America Sta[...]
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Jul 03 2011 16:54:31 GMT-0600 (Central America[...]
Deleted : user_pref("ConduitEngine.UserID", "UN57440464397664675");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "es-CL");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Jul 03 2011 16:54:31 GMT-0600 (Centr[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun Jul 03 2011 16:54:31 GMT-0600 (Cent[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("browser.search.defaultthis.engineName", "Softonic Espana PVZ Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2406214&Sea[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2406214&SearchSource=13");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2406214&SearchSource=2&q=[...]

File : D:\Documents and Settings\Colm\Application Data\Mozilla\Firefox\Profiles\y6arzf5b.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : D:\Documents and Settings\CésarLeninLópezMuñoz\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : D:\Documents and Settings\cllopezm\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : D:\Documents and Settings\Familia\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : D:\Documents and Settings\Colm\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [30803 octets] - [12/01/2013 23:14:00]
AdwCleaner[S1].txt - [31634 octets] - [12/01/2013 23:17:02]

########## EOF - D:\AdwCleaner[S1].txt - [31695 octets] ##########











RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3, v.3311) 32 bits version
Started in : Normal mode
User : CésarLeninLópezMuñoz [Admin rights]
Mode : Remove -- Date : 01/12/2013 23:39:32

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{1AC73916-1224-48B7-A3F5-69FEF7DDE83C} : NameServer (190.4.6.194,200.30.169.2,190.4.31.1,190.4.31.3,190.4.52.142,192.168.2.1,200.35.161.153,200.35.166.25) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805678DD -> HOOKED (Unknown @ 0xBADF7C1C)
SSDT[41] : NtCreateKey @ 0x8057065D -> HOOKED (Unknown @ 0xBADF7BD6)
SSDT[50] : NtCreateSection @ 0x805652B3 -> HOOKED (Unknown @ 0xBADF7C26)
SSDT[53] : NtCreateThread @ 0x8058E63F -> HOOKED (Unknown @ 0xBADF7BCC)
SSDT[63] : NtDeleteKey @ 0x805952BE -> HOOKED (Unknown @ 0xBADF7BDB)
SSDT[65] : NtDeleteValueKey @ 0x80592D50 -> HOOKED (Unknown @ 0xBADF7BE5)
SSDT[68] : NtDuplicateObject @ 0x805715E0 -> HOOKED (Unknown @ 0xBADF7C17)
SSDT[98] : NtLoadKey @ 0x805AED5D -> HOOKED (Unknown @ 0xBADF7BEA)
SSDT[122] : NtOpenProcess @ 0x805717C7 -> HOOKED (Unknown @ 0xBADF7BB8)
SSDT[128] : NtOpenThread @ 0x8058A1BD -> HOOKED (Unknown @ 0xBADF7BBD)
SSDT[177] : NtQueryValueKey @ 0x8056A1F1 -> HOOKED (Unknown @ 0xBADF7C3F)
SSDT[193] : NtReplaceKey @ 0x8064F0FA -> HOOKED (Unknown @ 0xBADF7BF4)
SSDT[200] : NtRequestWaitReplyPort @ 0x80576CE6 -> HOOKED (Unknown @ 0xBADF7C30)
SSDT[204] : NtRestoreKey @ 0x8064EC91 -> HOOKED (Unknown @ 0xBADF7BEF)
SSDT[213] : NtSetContextThread @ 0x8062DCDF -> HOOKED (Unknown @ 0xBADF7C2B)
SSDT[237] : NtSetSecurityObject @ 0x8059B19B -> HOOKED (Unknown @ 0xBADF7C35)
SSDT[247] : NtSetValueKey @ 0x80572889 -> HOOKED (Unknown @ 0xBADF7BE0)
SSDT[255] : NtSystemDebugControl @ 0x80649CE3 -> HOOKED (Unknown @ 0xBADF7C3A)
SSDT[257] : NtTerminateProcess @ 0x805822E0 -> HOOKED (Unknown @ 0xBADF7BC7)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xBADF7C4E)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xBADF7C53)

¤¤¤ HOSTS File: ¤¤¤
--> D:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3120022A +++++
--- User ---
[MBR] 5f837f71c906864143ec445c26d13c57
[BSP] a8408d779ced35ee05bf3de7f1cc0e5e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8095 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16579080 | Size: 106375 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG SV0412H +++++
--- User ---
[MBR] 6d008e28f0759878bde7103f4a31cabd
[BSP] d8bb84eb2606ab83b1af18175810fbbc : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 19994 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 40949685 | Size: 18206 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] aafd8cffa15add8e039b69220b655e80
[BSP] 102a56e4f83d9d0e190d3322e57b2ea1 : Standard MBR Code
Partition table:
0 - [ACTIVE] DISKMNG (0x54) [VISIBLE] Offset (sectors): 9 | Size: 8024 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] aafd8cffa15add8e039b69220b655e80
[BSP] 102a56e4f83d9d0e190d3322e57b2ea1 : Standard MBR Code
Partition table:
0 - [ACTIVE] DISKMNG (0x54) [VISIBLE] Offset (sectors): 9 | Size: 8024 Mo

Finished : << RKreport[2]_D_01122013_02d2339.txt >>
RKreport[1]_S_01122013_02d2338.txt ; RKreport[2]_D_01122013_02d2339.txt




This last report says there were items not removed and recommends using DNSFIX, so I will wait your reply for further instructions. Thank you.

Edited by cllopezm, 13 January 2013 - 12:44 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:02 PM

Posted 13 January 2013 - 05:07 AM

Hello cllopezm


This last report says there were items not removed and recommends using DNSFIX - they are fine and do not need to be removed

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cllopezm

cllopezm
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 14 January 2013 - 02:39 AM

Thanks for your reply, I apologize I could not answer your post, it's been a hard weekend.

I tried using ComboFix but can't get rid of Eset Antivirus NOD32 4.0 (in real life it was Eset Online Scanner). I uninstalled it using Add / Remove prgs. The removal utility was useless because the computer can't get into Safe Mode (1st post, remember?). When I get into Safe Mode the boot freezes on hotcore3.sys and reboots the machine. I did a little research and it's related to a Paragon's software (Hotbackup), which I don't remember having used. I have used partitioning software (Partition Magic).

I have not continued after the ComboFix warning, since it could damage the computer, it says.

So far the computer seemed OK but then, IE opened by itself just once.

Thanks for your help.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:02 PM

Posted 14 January 2013 - 10:21 AM

Go Ahead and continue and run combofix
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 cllopezm

cllopezm
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 14 January 2013 - 10:35 AM

Thanks, I'll answer and post results when I get back home. I'm at my office.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:02 PM

Posted 14 January 2013 - 10:39 AM

no problem


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 cllopezm

cllopezm
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 15 January 2013 - 04:43 PM

Hello, I could not post in the morning, I ran combofix and the compuetr stalled in a phase "deleting folders." the folder was all users / temp, and I hibernated and left to my office. I'll tell you when I get home.

The computer stalled for about 50 min, after starting the deletion phase.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:02 PM

Posted 15 January 2013 - 05:00 PM

OK no problem and I will check on you later


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 cllopezm

cllopezm
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 15 January 2013 - 05:11 PM

thanks, I was just wondering because combofix stated that usually repair times are 10 minutes or so, and this one has gone for about 5 times that.

It's an old computer, she's 9 years old, but I'm concerned it's something worse that that. The computer also has problems shutting down or restarting.

I'll tell you later, thanks for your patience.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:02 PM

Posted 15 January 2013 - 05:27 PM

depends on the infection and what else is running - 50 min is on the high side and if it takes much longer than that and you do not see any progress it might be best to try and run it in safe mode





gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 cllopezm

cllopezm
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 15 January 2013 - 05:42 PM

Ok, I'll try with the double of that time. The thing is, safe mode isn't working. :(

thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users