Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ínfected with Conedex, Sirefef and probably more...Unable to remove them.


  • This topic is locked This topic is locked
21 replies to this topic

#1 mgarciaovejero

mgarciaovejero

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 07 May 2013 - 09:01 PM

Hello,

 

First of all congratulations on you website and thanks for your help. Experiencing a dire strait and finding people/communities like you is something to be truly grateful and hopeful.

 

I have been experienceing redirecting problems lately, but the final strike has come a couple of days ago when my Norton account expired and before renewing it (I was a bit lazy to do it, I admiti it) I got infected by two trojans (Conedex and Sirefef) and probably more malware beyond my limited skills to remove them. As a result, my laptop runs slow, i keep on being redirected in internet and experiencing different software crash randomly without any reason. 

 

I have tried different antivirus (exterminate it and ESET) but the trojans seem to  survive the cleaning process and reproduce like crazy and I get endless notifications of infection in C:recycler folder.

 

Your help would be much appreciated since I really need to fix the laptop.

 

Thank you very much beforehand,

 

Miguel

 

 

The DDS.txt:

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.7.2
Run by Yo at 2:40:55 on 2013-05-08
Microsoft Windows XP Professional  5.1.2600.3.1252.34.3082.18.3067.1882 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Archivos de programa\ARCHIVOS DE INSTALACION\rklauncher\RKLauncher.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Archivos de programa\ArcGIS\License10.0\bin\lmgrd.exe
C:\Archivos de programa\Archivos comunes\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\Archivos de programa\ArcGIS\License10.0\bin\lmgrd.exe
C:\Archivos de programa\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Archivos de programa\ArcGIS\License10.0\bin\ARCGIS.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Portrait Displays\Shared\DTSRVC.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Archivos de programa\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Archivos de programa\Java\jre7\bin\jqs.exe
C:\Archivos de programa\Mediafour\MacDrive 9\MacDrive9Service.exe
C:\Archivos de programa\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Archivos comunes\Portrait Displays\Drivers\pdisrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\Spotify\Data\SpotifyWebHelper.exe
C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Archivos de programa\Google\Chrome\Application\chrome.exe
C:\Archivos de programa\Google\Chrome\Application\chrome.exe
C:\Archivos de programa\Google\Chrome\Application\chrome.exe
C:\Archivos de programa\Google\Chrome\Application\chrome.exe
C:\Archivos de programa\Google\Chrome\Application\chrome.exe
C:\Archivos de programa\Google\Chrome\Application\chrome.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\system32\wisptis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www2.delta-search.com/?affID=119816&tt=gc_&babsrc=HP_ss&mntrId=94B600215D1DEB44
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
uURLSearchHooks: DefaultSearchHook Class: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - c:\archivos de programa\asksearch\bin\DefaultSearch.dll
BHO: Coupon Caddy: {11111111-1111-1111-1111-110111271149} - 
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - 
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\archivos de programa\divx\divx plus web player\npdivx32.dll
BHO: RazossIE Class: {51073A91-D8F4-4A97-8D08-CACF6E88D5B5} - 
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\archivos de programa\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\archivos de programa\java\jre7\bin\ssv.dll
BHO: SaveByclick: {80DADDBE-618F-99B0-5286-B5D1D52F6B85} - 
BHO: LyricsPal: {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - c:\archivos de programa\xinghaolyrics\lrcspal.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\archivos de programa\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\archivos de programa\delta\delta\1.8.16.16\bh\delta.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\archivos de programa\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\archivos de programa\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\google toolbar\GoogleToolbar_32.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\archivos de programa\delta\delta\1.8.16.16\deltaTlbr.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\archivos de programa\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Spotify Web Helper] "c:\archivos de programa\spotify\data\SpotifyWebHelper.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [TkBellExe] "c:\archivos de programa\real\realplayer\update\realsched.exe"  -osboot
mRun: [egui] "c:\archivos de programa\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\archiv~1\archiv~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\yo\menini~1\progra~1\inicio\dropbox.lnk - c:\documents and settings\yo\datos de programa\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:149
IE: Convertir a Adobe PDF - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir destino de vínculo en archivo Adobe PDF - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir selección a Adobe PDF - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir vínculos seleccionados a Adobe PDF - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office12\EXCEL.EXE/3000
IE: Enlace de descarga usando Mega Manager... - c:\archivos de programa\megaupload\mega manager\mm_file.htm
IE: Enviar a &Bluetooth - c:\archivos de programa\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Enviar a Bluetooth - c:\archivos de programa\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archivos de programa\microsoft office\office12\ONBttnIE.dll
IE: {36A378CF-F67B-465E-834F-EDBF3D391190} - {36A378CF-F67B-465E-834F-EDBF3D391190} - 
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\archivos de programa\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www5.aeat.es/es13/h/cactivex.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: NameServer = 10.122.192.1
TCP: Interfaces\{6EF6E01E-6171-48DC-9D0B-4C3CD4E2277F} : DHCPNameServer = 10.122.192.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\archivos de programa\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\archivos de programa\archivos comunes\skype\Skype4COM.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages =  scecli psqlpwd
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\archivos de programa\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 66.98.148.65 auto.search.msn.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\yo\datos de programa\mozilla\firefox\profiles\ttels9ck.default\
FF - prefs.js: browser.search.defaulturl - www.Google.com
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www2.delta-search.com/?affID=119816&tt=gc_&babsrc=HP_ss&mntrId=94B600215D1DEB44
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=
FF - component: c:\archivos de programa\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\documents and settings\all users\datos de programa\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\all users\datos de programa\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\datos de programa\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\archivos de programa\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\archivos de programa\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\archivos de programa\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\archivos de programa\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\archivos de programa\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\archivos de programa\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\archivos de programa\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\archivos de programa\nitro pdf\reader 2\npnitroie.dll
FF - plugin: c:\archivos de programa\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-05-07 01:31; ffxtlbr@delta.com; c:\documents and settings\yo\datos de programa\mozilla\firefox\profiles\ttels9ck.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: 2013-05-07 01:32; lrcspal@xinghao.net; c:\archivos de programa\xinghaolyrics\FF
FF - ExtSQL: 2013-05-07 01:32; crossriderapp12749@crossrider.com; c:\documents and settings\yo\datos de programa\mozilla\firefox\profiles\ttels9ck.default\extensions\crossriderapp12749@crossrider.com
FF - ExtSQL: !HIDDEN! 2009-09-02 23:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0 
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2012-12-3 243920]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2012-12-3 29904]
R0 MDRAID;MacDrive RAID Bus Driver;c:\windows\system32\drivers\MDRAID.SYS [2013-1-5 154864]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-5-23 57800]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-1-10 122240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2013-1-10 105784]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\archivos de programa\arcgis\license10.0\bin\lmgrd.exe [2008-11-5 1500424]
R2 Autodesk Content Service;Autodesk Content Service;c:\archivos de programa\autodesk\content service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 ekrn;ESET Service;c:\archivos de programa\eset\eset nod32 antivirus\ekrn.exe [2013-3-21 1341664]
R2 MacDrive9Service;MacDrive 9 service;c:\archivos de programa\mediafour\macdrive 9\MacDrive9Service.exe [2012-12-11 162816]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\archivos de programa\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-9-13 196112]
R2 PdiService;Portrait Displays SDK Service;c:\archivos de programa\archivos comunes\portrait displays\drivers\pdisrvc.exe [2010-10-23 109168]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-7 1373480]
R3 bpenum;Intel® Wireless WiMax Link Enumerator;c:\windows\system32\drivers\bpenum.sys [2008-3-21 163456]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-10-12 81296]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [2012-9-16 106752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\archivos de programa\skype\updater\Updater.exe [2013-2-28 161384]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2012-9-16 25728]
S3 cnnctfy2MP;cnnctfy2MP;c:\windows\system32\drivers\cnnctfy2.sys --> c:\windows\system32\drivers\cnnctfy2.sys [?]
S3 LTT_ENCRYPT_WATCHING;Lightuning Encrypt Watching Service;c:\windows\system32\encryptwatchingservice.exe -service --> c:\windows\system32\EncryptWatchingService.exe -service [?]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2012-9-16 9216]
S3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\drivers\RtsUCcid.sys [2012-9-6 50720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-9-6 181280]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2008-9-8 12288]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="c:\windows\system32\NOTEPAD.EXE" "%1"
FileExt: .txt: Applications\WORDPAD.EXE="c:\archivos de programa\windows nt\accesorios\WORDPAD.EXE" "%1" [UserChoice]
ShellExec: MegaManager.exe: open=c:\archivos de programa\megaupload\mega manager\MegaManager.exe
ShellExec: PDF Architect.exe: open="c:\archivos de programa\pdf architect\\PDF Architect.exe""%1"
ShellExec: regsvr32.exe: RegDLL=regsvr32 %1
ShellExec: regsvr32.exe: UnRegDLL=regsvr32 /u %1
.
=============== Created Last 30 ================
.
2013-05-07 22:27:02 -------- d-----w- c:\archivos de programa\ESET
2013-05-07 00:43:54 -------- d-sh--w- c:\documents and settings\yo\IETldCache
2013-05-07 00:36:56 -------- dc-h--w- c:\windows\ie8
2013-05-07 00:32:28 -------- d-----w- c:\archivos de programa\Coupon Caddy
2013-05-07 00:32:14 -------- d-----w- c:\archivos de programa\XingHaoLyrics
2013-05-07 00:31:52 -------- d-----w- c:\documents and settings\yo\datos de programa\BabSolution
2013-05-07 00:31:50 -------- d-----w- c:\archivos de programa\Delta
2013-05-07 00:31:47 -------- d-----w- c:\documents and settings\yo\datos de programa\Delta
2013-05-07 00:31:21 -------- d-----w- c:\documents and settings\all users\datos de programa\Babylon
2013-05-07 00:31:20 -------- d-----w- c:\documents and settings\yo\datos de programa\Babylon
.
==================== Find3M  ====================
.
2013-03-13 03:57:25 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 03:57:25 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 03:57:21 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
============= FINISH:  2:41:42.84 ===============

 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:22 PM

Posted 07 May 2013 - 09:08 PM


Hello mgarciaovejero

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mgarciaovejero

mgarciaovejero
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 07 May 2013 - 10:16 PM

Hi Gringo,

 

Thanks a lot for your prompt and kind answer. 

I have done as told. 

Everything went smoothly. After running the three apps, I haven't had any further virus notification from my antivirus...cool !!

Maybe this is not important but, just in case, I forgot to say in the previous post that I cannont access Windows Firewall through the Control Panel.

 

Here I am posting the content of the three reports, Thanks again:

 

 

 

 

Security Check:

 

 

Results of screen317's Security Check version 0.99.63  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
ESET NOD32 Antivirus 6.0   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spyder3Express     
 CCleaner     
 ArcObjects SDK for the Java Platform 
 Java™ 6 Update 21  
 Java 7 Update 7  
 Java™ 6 Update 7  
 ArcObjects SDK for the Java Platform 
 Java version out of Date!
 Adobe Flash Player  11.6.602.180  
 Adobe Reader XI  
 Mozilla Firefox (20.0.1) 
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

AdwCleaner:

 

 

# AdwCleaner v2.300 - Fichero creado el 08/05/2013 a 03:52:29
# Actualizado el 28/04/2013 por Xplode
# Sistema operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuario : Yo - MIGUEL
# Modo de inicio : Normal
# Ejecutado desde : C:\Documents and Settings\Yo\Mis documentos\Downloads\adwcleaner.exe
# Opción [Supresión]
 
 
***** [Servicios] *****
 
 
***** [Ficheros / Carpetas] *****
 
Carpeta Suprimido : C:\Archivos de programa\AskSearch
Carpeta Suprimido : C:\Archivos de programa\Delta
Carpeta Suprimido : C:\Archivos de programa\SaveByClick
Carpeta Suprimido : C:\Archivos de programa\vghd
Carpeta Suprimido : C:\Archivos de programa\XingHaoLyrics
Carpeta Suprimido : C:\Documents and Settings\All Users\Datos de programa\Babylon
Carpeta Suprimido : C:\Documents and Settings\All Users\Datos de programa\boost_interprocess
Carpeta Suprimido : C:\Documents and Settings\All Users\Datos de programa\ClickIT
Carpeta Suprimido : C:\Documents and Settings\All Users\Datos de programa\InstallMate
Carpeta Suprimido : C:\Documents and Settings\All Users\Datos de programa\SaveByClick
Carpeta Suprimido : C:\Documents and Settings\All Users\Menú Inicio\Programas\SaveByClick
Carpeta Suprimido : C:\Documents and Settings\Carola\Datos de programa\Mozilla\Firefox\Profiles\aboglc8v.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Carpeta Suprimido : C:\Documents and Settings\Carola\Datos de programa\Mozilla\Firefox\Profiles\aboglc8v.default\extensions\crossriderapp12749@crossrider.com
Carpeta Suprimido : C:\Documents and Settings\Carola\Datos de programa\Mozilla\Firefox\Profiles\aboglc8v.default\Searchqutoolbar
Carpeta Suprimido : C:\Documents and Settings\Invitado\Datos de programa\Mozilla\Firefox\Profiles\14oa3z0u.default\extensions\crossriderapp12749@crossrider.com
Carpeta Suprimido : C:\Documents and Settings\Yo\Configuración local\Datos de programa\SanctionedMedia
Carpeta Suprimido : C:\Documents and Settings\Yo\Datos de programa\BabSolution
Carpeta Suprimido : C:\Documents and Settings\Yo\Datos de programa\Babylon
Carpeta Suprimido : C:\Documents and Settings\Yo\Datos de programa\Delta
Carpeta Suprimido : C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Carpeta Suprimido : C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\extensions\51067a712a58f@51067a712a5c8.com
Carpeta Suprimido : C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\extensions\crossriderapp12749@crossrider.com
Carpeta Suprimido : C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\extensions\ffxtlbr@delta.com
Carpeta Suprimido : C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\Searchqutoolbar
Carpeta Suprimido : C:\Documents and Settings\Yo\Datos de programa\pdfforge
Carpeta Suprimido : C:\Documents and Settings\Yo\Datos de programa\searchquband
Carpeta Suprimido : C:\Documents and Settings\Yo\Datos de programa\vghd
Fichero Suprimido : C:\Archivos de programa\Mozilla FireFox\Components\AskSearch.js
Fichero Suprimido : C:\Archivos de programa\Mozilla FireFox\searchplugins\Search_Results.xml
Fichero Suprimido : C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\bProtector_extensions.rdf
Fichero Suprimido : C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\searchplugins\Babylon.xml
Fichero Suprimido : C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\searchplugins\delta.xml
Fichero Suprimido : C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\searchplugins\Search_Results.xml
Fichero Suprimido : C:\WINDOWS\Tasks\EPUpdater.job
Suprimido al reiniciar : C:\Documents and Settings\Yo\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
 
***** [Registro] *****
 
Clave Supprimida : HKCU\Software\AppDataLow\AskSA
Clave Supprimida : HKCU\Software\AppDataLow\SProtector
Clave Supprimida : HKCU\Software\BabylonToolbar
Clave Supprimida : HKCU\Software\BI
Clave Supprimida : HKCU\Software\Cr_Installer
Clave Supprimida : HKCU\Software\Crossrider
Clave Supprimida : HKCU\Software\DataMngr
Clave Supprimida : HKCU\Software\DataMngr_Toolbar
Clave Supprimida : HKCU\Software\Delta
Clave Supprimida : HKCU\Software\delta LTD
Clave Supprimida : HKCU\Software\Headlight
Clave Supprimida : HKCU\Software\InstalledBrowserExtensions
Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111271149}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{80DADDBE-618F-99B0-5286-B5D1D52F6B85}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111271149}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{80DADDBE-618F-99B0-5286-B5D1D52F6B85}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smad
Clave Supprimida : HKCU\Software\SanctionedMedia
Clave Supprimida : HKCU\Software\searchqutoolbar
Clave Supprimida : HKCU\Software\Softonic
Clave Supprimida : HKCU\Software\XingHaoLyrics
Clave Supprimida : HKLM\SOFTWARE\5228cdfb535e813
Clave Supprimida : HKLM\Software\AskBarDis
Clave Supprimida : HKLM\Software\Babylon
Clave Supprimida : HKLM\Software\BabylonToolbar
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clave Supprimida : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Clave Supprimida : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111271149}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{80DADDBE-618F-99B0-5286-B5D1D52F6B85}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Clave Supprimida : HKLM\SOFTWARE\Classes\CrossriderApp0012749.BHO
Clave Supprimida : HKLM\SOFTWARE\Classes\CrossriderApp0012749.BHO.1
Clave Supprimida : HKLM\SOFTWARE\Classes\CrossriderApp0012749.Sandbox
Clave Supprimida : HKLM\SOFTWARE\Classes\CrossriderApp0012749.Sandbox.1
Clave Supprimida : HKLM\SOFTWARE\Classes\delta.deltaappCore
Clave Supprimida : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Clave Supprimida : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Clave Supprimida : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Clave Supprimida : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Clave Supprimida : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Clave Supprimida : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Clave Supprimida : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Clave Supprimida : HKLM\SOFTWARE\Classes\escort.escortIEPane
Clave Supprimida : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Clave Supprimida : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Clave Supprimida : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Clave Supprimida : HKLM\SOFTWARE\Classes\Prod.cap
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Clave Supprimida : HKLM\Software\DataMngr
Clave Supprimida : HKLM\Software\Delta
Clave Supprimida : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271149}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271149}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{26B5A6D1-1F75-3B59-5825-E4D4CAE3445D}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111271149}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80DADDBE-618F-99B0-5286-B5D1D52F6B85}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26B5A6D1-1F75-3B59-5825-E4D4CAE3445D}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lrcspal@xinghao.net
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Clave Supprimida : HKLM\Software\SearchquMediabarTb
Clave Supprimida : HKLM\Software\SP Global
Clave Supprimida : HKLM\Software\SProtector
Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C94E154B-1459-4A47-966B-4B843BEFC7DB}]
Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Valor Supprimida : HKCU\Software\Mozilla\Firefox\extensions [lrcspal@xinghao.net]
Valor Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Valor Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
 
***** [Navegadores] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Sustituido : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www2.delta-search.com/?affID=119816&tt=gc_&babsrc=HP_ss&mntrId=94B600215D1DEB44 --> hxxp://www.google.com
Sustituido : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q= --> hxxp://www.google.com
Sustituido : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Par défaut)] = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s --> Dato vacío
 
-\\ Mozilla Firefox v20.0.1 (es-ES)
 
Fichero : C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\prefs.js
 
C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\user.js ... Suprimido !
 
Supprimida : user_pref("aol_toolbar.default.search.check", false);
Supprimida : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?affID=119816&tt=gc_&babsrc=NT_ss&mntr[...]
Supprimida : user_pref("browser.search.defaultenginename", "Search Results");
Supprimida : user_pref("browser.search.order.1", "Search Results");
Supprimida : user_pref("browser.search.selectedEngine", "Delta Search");
Supprimida : user_pref("browser.startup.homepage", "hxxp://www2.delta-search.com/?affID=119816&tt=gc_&babsrc=HP_s[...]
Supprimida : user_pref("extensions.51067a712a63c.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Supprimida : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Supprimida : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Supprimida : user_pref("extensions.crossriderapp12749.12749.InstallationThankYouPage", true);
Supprimida : user_pref("extensions.crossriderapp12749.12749.InstallationTime", 1367886745);
Supprimida : user_pref("extensions.crossriderapp12749.12749.InstallationUserSettings.searchUserConifrmation", fal[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.InstallationUserSettings.setHomepage", false);
Supprimida : user_pref("extensions.crossriderapp12749.12749.InstallationUserSettings.setNewTab", false);
Supprimida : user_pref("extensions.crossriderapp12749.12749.InstallationUserSettings.setSearch", false);
Supprimida : user_pref("extensions.crossriderapp12749.12749.active", true);
Supprimida : user_pref("extensions.crossriderapp12749.12749.addressbar", "");
Supprimida : user_pref("extensions.crossriderapp12749.12749.addressbarenhanced", "");
Supprimida : user_pref("extensions.crossriderapp12749.12749.backgroundjs", "\n\n//\n");
Supprimida : user_pref("extensions.crossriderapp12749.12749.backgroundver", 40);
Supprimida : user_pref("extensions.crossriderapp12749.12749.can_run_bg_code", true);
Supprimida : user_pref("extensions.crossriderapp12749.12749.certdomaininstaller", "");
Supprimida : user_pref("extensions.crossriderapp12749.12749.changeprevious", false);
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie.InstallationTime.value", "1367886745");
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_aoi.value", "1367886745");
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_arbitrary_code.expiration", "Tue May 07 2[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_arbitrary_code.value", "%22appAPI.db.get%[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_blocklist.expiration", "Tue May 07 2013 0[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_country_code.expiration", "Tue May 14 201[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_country_code.value", "%22GB%22");
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_crr.value", "1367888205");
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_currenttime.value", "%221367851674%22");
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_hotfix20111102645.value", "%221%22");
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_installtime.value", "%221367851674%22");
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_parent_zoneid.value", "%22118046%22");
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_pc_20120828.value", "1367888216220");
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_product_id.value", "%221324%22");
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie._GPL_zoneid.value", "%22183309%22");
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.cookie.dbtest.value", "1367888204113");
Supprimida : user_pref("extensions.crossriderapp12749.12749.description", "Coupon Caddy !");
Supprimida : user_pref("extensions.crossriderapp12749.12749.domain", "");
Supprimida : user_pref("extensions.crossriderapp12749.12749.enablesearch", false);
Supprimida : user_pref("extensions.crossriderapp12749.12749.homepage", "");
Supprimida : user_pref("extensions.crossriderapp12749.12749.iframe", false);
Supprimida : user_pref("extensions.crossriderapp12749.12749.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.internaldb.Resources_appVer.value", "68");
Supprimida : user_pref("extensions.crossriderapp12749.12749.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.internaldb.Resources_lastVersion.value", "0");
Supprimida : user_pref("extensions.crossriderapp12749.12749.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.internaldb.Resources_meta.value", "%7B%7D");
Supprimida : user_pref("extensions.crossriderapp12749.12749.internaldb.Resources_nextCheck.expiration", "Tue May [...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.internaldb.Resources_nextCheck.value", "true");
Supprimida : user_pref("extensions.crossriderapp12749.12749.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.internaldb.Resources_queue.value", "%7B%7D");
Supprimida : user_pref("extensions.crossriderapp12749.12749.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.manifesturl", "");
Supprimida : user_pref("extensions.crossriderapp12749.12749.name", "Coupon Caddy");
Supprimida : user_pref("extensions.crossriderapp12749.12749.newtab", "");
Supprimida : user_pref("extensions.crossriderapp12749.12749.opensearch", "");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_1.name", "base");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_1.ver", 6);
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_1000014.ver", 15);
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_1000015.code", "var a=appAPI.db.getLis[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_1000015.name", "GPL Background (BG)");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_1000015.ver", 37);
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_13.name", "CrossriderAppUtils");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_13.ver", 3);
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_14.name", "CrossriderUtils");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_14.ver", 3);
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_16.name", "FFAppAPIWrapper");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_16.ver", 7);
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_17.name", "jQuery");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_17.ver", 4);
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_21.name", "debug");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_21.ver", 4);
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_22.name", "resources");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_22.ver", 4);
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_28.name", "initializer");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_28.ver", 3);
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_4.name", "jquery_1_7_1");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_4.ver", 4);
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_47.name", "resources_background");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_47.ver", 3);
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_64.name", "appApiMessage");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_64.ver", 2);
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_72.name", "appApiValidation");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_72.ver", 3);
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_78.name", "CrossriderInfo");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_78.ver", 3);
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_98.code", "(function(){var b=\"cr_\"+a[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_98.name", "omniCommands");
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins.plugin_98.ver", 2);
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,100[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,2[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Supprimida : user_pref("extensions.crossriderapp12749.12749.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/a[...]
Supprimida : user_pref("extensions.crossriderapp12749.12749.pluginsversion", 61);
Supprimida : user_pref("extensions.crossriderapp12749.12749.publisher", "Innovative Apps");
Supprimida : user_pref("extensions.crossriderapp12749.12749.searchstatus", 0);
Supprimida : user_pref("extensions.crossriderapp12749.12749.setnewtab", false);
Supprimida : user_pref("extensions.crossriderapp12749.12749.thankyou", "");
Supprimida : user_pref("extensions.crossriderapp12749.12749.updateinterval", 360);
Supprimida : user_pref("extensions.crossriderapp12749.12749.ver", 68);
Supprimida : user_pref("extensions.crossriderapp12749.adsOldValue", -1);
Supprimida : user_pref("extensions.crossriderapp12749.apps", "12749");
Supprimida : user_pref("extensions.crossriderapp12749.bic", "13e7c7d636a28675958f537d87e8d409");
Supprimida : user_pref("extensions.crossriderapp12749.cid", 12749);
Supprimida : user_pref("extensions.crossriderapp12749.firstrun", false);
Supprimida : user_pref("extensions.crossriderapp12749.hadappinstalled", true);
Supprimida : user_pref("extensions.crossriderapp12749.installationdate", 1367888192);
Supprimida : user_pref("extensions.crossriderapp12749.lastcheck", 22798137);
Supprimida : user_pref("extensions.crossriderapp12749.lastcheckitem", 22798147);
Supprimida : user_pref("extensions.crossriderapp12749.modetype", "production");
Supprimida : user_pref("extensions.crossriderapp12749.reportInstall", true);
Supprimida : user_pref("extensions.crossriderapp12749.statsDailyCounter", 1);
Supprimida : user_pref("extensions.delta.bbDpng", "7");
Supprimida : user_pref("extensions.delta.cntry", "GB");
Supprimida : user_pref("extensions.delta.hdrMd5", "");
Supprimida : user_pref("extensions.delta.lastVrsnTs", "");
Supprimida : user_pref("extensions.delta.sg", "er");
Supprimida : user_pref("extensions.delta.smplGrp", "er");
Supprimida : user_pref("extensions.enabledAddons", "crossriderapp12749%40crossrider.com:0.91.64,ffxtlbr%40delta.c[...]
Supprimida : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=");
Supprimida : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Supprimida : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Supprimida : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Supprimida : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Supprimida : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Supprimida : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Supprimida : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Supprimida : user_pref("sweetim.toolbar.searchguard.enable", "");
 
Fichero : C:\Documents and Settings\Carola\Datos de programa\Mozilla\Firefox\Profiles\aboglc8v.default\prefs.js
 
Supprimida : user_pref("extensions.crossriderapp12749.adsOldValue", -1);
 
Fichero : C:\Documents and Settings\Invitado\Datos de programa\Mozilla\Firefox\Profiles\14oa3z0u.default\prefs.js
 
Supprimida : user_pref("extensions.crossriderapp12749.adsOldValue", -1);
 
-\\ Google Chrome v26.0.1410.64
 
Fichero : C:\Documents and Settings\Yo\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Preferences
 
Supprimida [l.2332] : homepage = "hxxp://www2.delta-search.com/?affID=119816&tt=gc_&babsrc=HP_ss&mntrId=94B600215D1DEB[...]
 
Fichero : C:\Documents and Settings\Carola\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Preferences
 
[OK] El fichero no contiene ninguna entrada ilegítima.
 
Fichero : C:\Documents and Settings\Invitado\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Preferences
 
[OK] El fichero no contiene ninguna entrada ilegítima.
 
*************************
 
AdwCleaner[S1].txt - [33342 octets] - [08/05/2013 03:52:29]
 
########## EOF - C:\AdwCleaner[S1].txt - [33403 octets] ##########
 

 

 

 

 

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Yo [Admin rights]
Mode : Remove -- Date : 05/08/2013 04:01:46
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 :  (C:\RECYCLER\S-1-5-21-2000478354-261903793-725345543-1003\$11ea1b1a231aeaf1a828a4ff8ea50b9a\n.) [x] -> REPLACED (C:\WINDOWS\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 :  (C:\RECYCLER\S-1-5-18\$11ea1b1a231aeaf1a828a4ff8ea50b9a\n.) [x] -> REPLACED (C:\WINDOWS\system32\wbem\fastprox.dll)
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$11ea1b1a231aeaf1a828a4ff8ea50b9a\@ [-] --> REMOVED
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-2000478354-261903793-725345543-1003\$11ea1b1a231aeaf1a828a4ff8ea50b9a\@ [-] --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\RECYCLER\S-1-5-18\$11ea1b1a231aeaf1a828a4ff8ea50b9a\U\00000008.@ [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$11ea1b1a231aeaf1a828a4ff8ea50b9a\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-2000478354-261903793-725345543-1003\$11ea1b1a231aeaf1a828a4ff8ea50b9a\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\RECYCLER\S-1-5-18\$11ea1b1a231aeaf1a828a4ff8ea50b9a\L\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\RECYCLER\S-1-5-18\$11ea1b1a231aeaf1a828a4ff8ea50b9a\L\201d3dde [-] --> REMOVED
[Del.Parent][FILE] 76603ac3 : C:\RECYCLER\S-1-5-18\$11ea1b1a231aeaf1a828a4ff8ea50b9a\L\76603ac3 [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$11ea1b1a231aeaf1a828a4ff8ea50b9a\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-2000478354-261903793-725345543-1003\$11ea1b1a231aeaf1a828a4ff8ea50b9a\L --> REMOVED
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
66.98.148.65 auto.search.msn.com
66.98.148.65 auto.search.msn.es127.0.0.1       localhost127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD3200BEKT-22F3T0 +++++
--- User ---
[MBR] 14454b0fa6c4417537d9d607f074834d
[BSP] afc21201de4e384ce92d718d4320c232 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 80772 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 165421305 | Size: 224470 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: JMCR SD/MMC SCSI Disk Device +++++
--- User ---
[MBR] 2dd27a2bd9b0b305e974b4defc45b985
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15189 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
Finished : << RKreport[2]_D_05082013_02d0401.txt >>
RKreport[1]_S_05082013_02d0400.txt ; RKreport[2]_D_05082013_02d0401.txt


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:22 PM

Posted 07 May 2013 - 10:18 PM


Hello mgarciaovejero

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mgarciaovejero

mgarciaovejero
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 08 May 2013 - 05:21 AM

Hello again,

 

After running Combofix (no troubles to do so) my laptop works much better. Internet browsers open faster and without redirecting, I get no virus notifications anymore and I gained access to Control Panel again so I could activate Windows Firewall.

This is the log file by Combofix, thanks a lot.

 

 

ComboFix 13-05-07.02 - Yo 08/05/2013   4:50.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.34.3082.18.3067.2239 [GMT 1:00]
Running from: c:\documents and settings\Yo\Mis documentos\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Datos de programa\TEMP
c:\windows\jestertb.dll
c:\windows\Readme.txt
c:\windows\system32\Cache
c:\windows\system32\Cache\26820c5f05fcf9bd.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\8925d8d2f24b6ca6.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\regobj.dll
c:\windows\system32\SET42.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\tmp.bat
c:\windows\XSxS
E:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-08 to 2013-05-08  )))))))))))))))))))))))))))))))
.
.
2013-05-07 22:32 . 2013-05-07 22:32 -------- d-----w- c:\documents and settings\Yo\Configuración local\Datos de programa\ESET
2013-05-07 22:31 . 2013-05-07 22:31 -------- d-----w- c:\windows\system32\config\systemprofile\Configuración local\Datos de programa\ESET
2013-05-07 22:27 . 2013-05-07 22:27 -------- d-----w- c:\documents and settings\All Users\Datos de programa\ESET
2013-05-07 22:27 . 2013-05-07 22:27 -------- d-----w- c:\archivos de programa\ESET
2013-05-07 00:51 . 2013-05-07 00:51 -------- d-----r- c:\documents and settings\NetworkService\Favoritos
2013-05-07 00:49 . 2013-05-07 00:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-05-07 00:44 . 2013-05-07 00:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-05-07 00:43 . 2013-05-07 00:43 -------- d-sh--w- c:\documents and settings\Yo\IETldCache
2013-05-07 00:38 . 2013-05-07 00:38 -------- d-----w- c:\documents and settings\LocalService\Configuración local\Datos de programa\PCHealth
2013-05-07 00:36 . 2013-05-07 00:41 -------- dc-h--w- c:\windows\ie8
2013-05-07 00:32 . 2013-05-07 22:32 -------- d-----w- c:\documents and settings\Yo\Configuración local\Datos de programa\Updater12749
2013-05-07 00:32 . 2013-05-08 00:51 -------- d-----w- c:\archivos de programa\Coupon Caddy
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 03:57 . 2013-02-06 20:23 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 03:57 . 2013-02-06 20:23 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 03:57 . 2013-03-13 03:57 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-04-26 23:47 . 2013-04-26 23:47 263064 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Yo\Datos de programa\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Yo\Datos de programa\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Yo\Datos de programa\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Yo\Datos de programa\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 15:10 576976 ----a-w- c:\archivos de programa\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 15:10 576976 ----a-w- c:\archivos de programa\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 15:10 576976 ----a-w- c:\archivos de programa\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 15:10 576976 ----a-w- c:\archivos de programa\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MacDriveVolumeIcon]
@="{6B21AF46-EE37-40D0-A707-C06C17D06CE9}"
[HKEY_CLASSES_ROOT\CLSID\{6B21AF46-EE37-40D0-A707-C06C17D06CE9}]
2012-11-28 11:29 222720 ----a-w- c:\archivos de programa\Mediafour\MacDrive 9\MDVolumeIcons.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MacDriveVolumeIconReadOnly]
@="{E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}"
[HKEY_CLASSES_ROOT\CLSID\{E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}]
2012-11-28 11:29 222720 ----a-w- c:\archivos de programa\Mediafour\MacDrive 9\MDVolumeIcons.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-04-29 16:55 4232968 ----a-w- c:\archivos de programa\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-04-29 16:55 4232968 ----a-w- c:\archivos de programa\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-17 39408]
"Spotify Web Helper"="c:\archivos de programa\Spotify\Data\SpotifyWebHelper.exe" [2013-04-27 1105408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-24 16871936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-24 13537280]
"TkBellExe"="c:\archivos de programa\real\realplayer\update\realsched.exe" [2011-08-31 273528]
"egui"="c:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 5078504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
c:\documents and settings\Yo\Menú Inicio\Programas\Inicio\
Dropbox.lnk - c:\documents and settings\Yo\Datos de programa\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-04-29 16:43 96008 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^BTTray.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Inicio rápido de Adobe Acrobat.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Acrobat.lnk
backup=c:\windows\pss\Inicio rápido de Adobe Acrobat.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Spyder3Utility.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Spyder3Utility.lnk
backup=c:\windows\pss\Spyder3Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Winter Fun Wallpaper Changer.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Winter Fun Wallpaper Changer.lnk
backup=c:\windows\pss\Winter Fun Wallpaper Changer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Yo^Menú Inicio^Programas^Inicio^Dropbox.lnk]
path=c:\documents and settings\Yo\Menú Inicio\Programas\Inicio\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Yo^Menú Inicio^Programas^Inicio^MagicDisc.lnk]
path=c:\documents and settings\Yo\Menú Inicio\Programas\Inicio\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43 926896 ----a-w- c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSK DLMSession]
2012-07-23 17:32 1632216 ----a-w- c:\archivos de programa\Archivos comunes\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2013-01-26 07:08 4480768 ----a-w- c:\documents and settings\Yo\Configuración local\Datos de programa\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\archivos de programa\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HWP]
2009-06-26 10:17 86016 ----a-w- c:\archivos de programa\Archivos comunes\Portrait Displays\Shared\DT_Startup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FPTools]
2008-10-12 02:30 2703360 ----a-w- c:\archivos de programa\LTT\FingerLogon\FingerLogon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2013-04-16 15:10 19662744 ----a-w- c:\archivos de programa\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 06:00 33648 ----a-w- c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive 9 application]
2012-12-11 15:14 480768 ----a-w- c:\archivos de programa\Mediafour\MacDrive 9\MacDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-07-24 18:06 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
2009-08-20 14:08 850544 ----a-w- c:\archivos de programa\Portrait Displays\Pivot Software\wpCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2008-04-29 16:21 49928 ----a-w- c:\archivos de programa\Protector Suite QL\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 16:50 18642024 ----a-r- c:\archivos de programa\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2013-04-27 10:31 4555776 ----a-w- c:\archivos de programa\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-04-27 10:31 1105408 ----a-w- c:\archivos de programa\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-17 21:41 39408 ----a-w- c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-08-31 15:57 273528 ----a-w- c:\archivos de programa\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [03/12/2012 10:15 243920]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [03/12/2012 10:15 29904]
R0 MDRAID;MacDrive RAID Bus Driver;c:\windows\system32\drivers\MDRAID.SYS [05/01/2013 01:41 154864]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/11/2008 02:23 685816]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [23/05/2010 13:38 57800]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [10/01/2013 15:08 122240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/01/2013 15:08 105784]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\archivos de programa\ArcGIS\License10.0\bin\lmgrd.exe [05/11/2008 23:59 1500424]
R2 Autodesk Content Service;Autodesk Content Service;c:\archivos de programa\Autodesk\Content Service\Connect.Service.ContentService.exe [02/02/2011 15:08 18656]
R2 ekrn;ESET Service;c:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe [21/03/2013 15:19 1341664]
R2 MacDrive9Service;MacDrive 9 service;c:\archivos de programa\Mediafour\MacDrive 9\MacDrive9Service.exe [11/12/2012 16:16 162816]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\archivos de programa\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [13/09/2012 02:01 196112]
R2 PdiService;Portrait Displays SDK Service;c:\archivos de programa\Archivos comunes\Portrait Displays\Drivers\pdisrvc.exe [23/10/2010 19:52 109168]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [07/12/2008 00:32 1373480]
R3 bpenum;Intel® Wireless WiMax Link Enumerator;c:\windows\system32\drivers\bpenum.sys [21/03/2008 02:22 163456]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [12/10/2008 01:01 81296]
S2 SkypeUpdate;Skype Updater;c:\archivos de programa\Skype\Updater\Updater.exe [28/02/2013 17:45 161384]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [16/09/2012 23:50 25728]
S3 cnnctfy2MP;cnnctfy2MP;c:\windows\system32\DRIVERS\cnnctfy2.sys --> c:\windows\system32\DRIVERS\cnnctfy2.sys [?]
S3 LTT_ENCRYPT_WATCHING;Lightuning Encrypt Watching Service;c:\windows\system32\EncryptWatchingService.exe -service --> c:\windows\system32\EncryptWatchingService.exe -service [?]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [16/09/2012 23:50 9216]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [06/05/2009 14:09 47360]
S3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\drivers\RtsUCcid.sys [06/09/2012 17:51 50720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [06/09/2012 17:51 181280]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [08/09/2008 17:26 12288]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [16/09/2012 23:50 106752]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 01:41 1642448 ----a-w- c:\archivos de programa\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-18 03:57]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-01-06 01:56]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-01-06 01:56]
.
2013-05-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1003.job
- c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2011-08-11 13:22]
.
2013-05-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1005.job
- c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2011-08-11 13:22]
.
2013-04-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1003.job
- c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2011-08-11 13:22]
.
2013-04-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1005.job
- c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2011-08-11 13:22]
.
2013-05-08 c:\windows\Tasks\RKLauncher.job
- c:\archivos de programa\ARCHIVOS DE INSTALACION\rklauncher\RKLauncher.exe [2008-10-13 17:23]
.
2013-05-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
IE: Convertir a Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir destino de vínculo en archivo Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir selección a Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir vínculos seleccionados a Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Enlace de descarga usando Mega Manager... - c:\archivos de programa\Megaupload\Mega Manager\mm_file.htm
IE: Enviar a &Bluetooth - c:\archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar a Bluetooth - c:\archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{36A378CF-F67B-465E-834F-EDBF3D391190} - {36A378CF-F67B-465E-834F-EDBF3D391190} - c:\documents and settings\Yo\Configuración local\Datos de programa\Razoss\Application\IE.dll
TCP: DhcpNameServer = 10.122.192.1
DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www5.aeat.es/es13/h/cactivex.cab
FF - ProfilePath - c:\documents and settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\
FF - prefs.js: browser.search.defaulturl - www.Google.com
FF - ExtSQL: 2013-05-07 01:31; ffxtlbr@delta.com; c:\documents and settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: 2013-05-07 01:32; lrcspal@xinghao.net; c:\archivos de programa\XingHaoLyrics\FF
FF - ExtSQL: 2013-05-07 01:32; crossriderapp12749@crossrider.com; c:\documents and settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\extensions\crossriderapp12749@crossrider.com
FF - ExtSQL: !HIDDEN! 2009-09-02 23:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{51073A91-D8F4-4A97-8D08-CACF6E88D5B5} - c:\documents and settings\Yo\Configuración local\Datos de programa\Razoss\Application\IE.dll
MSConfigStartUp-Acrobat Assistant 8 - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\archivos de programa\Adobe\Reader 10.0\Reader\Reader_sl.exe
MSConfigStartUp-ADSLNetTools - c:\archivos de programa\ADSLNet\Navigation Tools\ADSLNetTools.exe
MSConfigStartUp-APSDaemon - c:\archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-chromium - c:\documents and settings\Yo\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
MSConfigStartUp-Connectify - c:\archivos de programa\Connectify\Connectify.exe
MSConfigStartUp-Getting started with MacDrive 8 - c:\archivos de programa\Mediafour\MacDrive 8\MDGetStarted.exe
MSConfigStartUp-PC Suite Tray - c:\archivos de programa\Nokia\Nokia PC Suite 7\PCSuite.exe
MSConfigStartUp-ROC_ROC_NT - c:\archivos de programa\AVG Secure Search\ROC_ROC_NT.exe
MSConfigStartUp-ROC_roc_ssl_v12 - c:\archivos de programa\AVG Secure Search\ROC_roc_ssl_v12.exe
MSConfigStartUp-vProt - c:\archivos de programa\AVG Secure Search\vprot.exe
MSConfigStartUp-WinampAgent - c:\archivos de programa\Winamp\winampa.exe
AddRemove-Call of Duty - c:\archiv~1\CALLOF~1\Uninstall\Unwise.exe
AddRemove-Coupon Caddy - c:\archivos de programa\Coupon Caddy\Uninstall.exe
AddRemove-Python 2.4.1 - c:\python24\\Python24\UNWISE.EXE
AddRemove-SP_431c0bbe - c:\archivos de programa\SaveByClick\uninstall.exe
AddRemove-{61E2D0C3-F075-4739-A5D2-B857BA01F235} - c:\docume~1\ALLUSE~1\DATOSD~1\INSTAL~2\{61E2D~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-08 05:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\SYN070B\4&ff861e6&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
   00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
   00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c019\6&15ca5e13&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1048)
c:\windows\system32\psqlpwd.dll
c:\archivos de programa\Protector Suite QL\homefus2.dll
c:\archivos de programa\Protector Suite QL\infql2.dll
c:\archivos de programa\Protector Suite QL\homepass.dll
c:\archivos de programa\Protector Suite QL\bio.dll
c:\archivos de programa\Protector Suite QL\qlbase.dll
.
- - - - - - - > 'lsass.exe'(1104)
c:\windows\system32\psqlpwd.dll
c:\archivos de programa\Protector Suite QL\homefus2.dll
c:\archivos de programa\Protector Suite QL\infql2.dll
.
Completion time: 2013-05-08  05:03:17
ComboFix-quarantined-files.txt  2013-05-08 04:03
.
Pre-Run: 12,304,916,480 bytes libres
Post-Run: 12,913,246,208 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 62408C40180285952B886AD553C3438F
 

 

.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:22 PM

Posted 08 May 2013 - 07:22 AM



Hello mgarciaovejero

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mgarciaovejero

mgarciaovejero
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 08 May 2013 - 07:59 PM

Hello Gringo, 

 

Here I am posting the OTL scan output,

 

Thanks

 

 

 

OTL logfile created on: 09/05/2013 01:04:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Yo\Mis documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: Reino Unido | Language: ENG | Date Format: dd/MM/yyyy
 
2.99 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 68.80% Memory free
3.81 Gb Paging File | 2.87 Gb Available in Paging File | 75.14% Paging File free
Paging file location(s): C:\pagefile.sys 1000 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 78.88 Gb Total Space | 11.89 Gb Free Space | 15.07% Space Free | Partition Type: NTFS
Drive E: | 219.21 Gb Total Space | 4.85 Gb Free Space | 2.21% Space Free | Partition Type: NTFS
 
Computer Name: MIGUEL | User Name: Yo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Yo\Mis documentos\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Archivos de programa\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Archivos de programa\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Documents and Settings\Yo\Datos de programa\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Archivos de programa\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Archivos de programa\Mediafour\MacDrive 9\MacDrive9Service.exe (Mediafour Corporation)
PRC - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
PRC - C:\Archivos de programa\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Archivos de programa\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Archivos de programa\Autodesk\Content Service\Connect.Service.ContentService.exe ()
PRC - C:\Archivos de programa\ArcGIS\License10.0\bin\ARCGIS.exe (ESRI)
PRC - C:\Archivos de programa\Archivos comunes\Portrait Displays\Plugins\AM\dtsslsrv.exe ()
PRC - C:\Archivos de programa\Archivos comunes\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Archivos de programa\Archivos comunes\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Archivos de programa\ArcGIS\License10.0\bin\lmgrd.exe (Acresso Software Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Archivos de programa\ARCHIVOS DE INSTALACION\rklauncher\RKLauncher.exe (RaduKing)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Archivos de programa\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()
MOD - C:\Archivos de programa\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
MOD - C:\Archivos de programa\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Archivos de programa\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\ad9facc364268611cc4ca65f77caeddd\System.WorkflowServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\51c60db370e050d9cdcac17060aaac53\System.ServiceModel.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\149f2dcb9c9706e592d1980a945850c2\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dbf07cb14b4dcc210cdf8b5d90a12a56\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\76a5d670ce969c0c65a905b7303d4bbf\System.ServiceModel.Routing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c3831eb95ccf3904bab81a97a9b08ed3\System.ServiceModel.Channels.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\52481fccddb053768631c640d5059d4b\System.ServiceModel.Activities.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9eac876f58a3ebca8878b8654efdc817\System.IdentityModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\dd9dbf82e44454689976a49a9e4ddb6d\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\92cccedc7cda413ff6fc6492cb256b58\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll ()
MOD - C:\Archivos de programa\Autodesk\Content Service\Connect.Service.ContentService.exe ()
MOD - C:\Archivos de programa\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Archivos de programa\Archivos comunes\Portrait Displays\Plugins\AM\dtsslsrv.exe ()
MOD - C:\Archivos de programa\Archivos comunes\Portrait Displays\Shared\DTSRVC.exe ()
MOD - C:\Archivos de programa\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Archivos de programa\ARCHIVOS DE INSTALACION\rklauncher\docklets\RecycleBin\RecycleBin.dll ()
MOD - C:\Archivos de programa\Archivos comunes\Portrait Displays\Plugins\AM\qt-mt332.dll ()
MOD - C:\Archivos de programa\Archivos comunes\Portrait Displays\Plugins\AM\libeay32.dll ()
MOD - C:\Archivos de programa\Archivos comunes\Portrait Displays\Plugins\AM\ssleay32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ekrn) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Archivos de programa\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MacDrive9Service) -- C:\Archivos de programa\Mediafour\MacDrive 9\MacDrive9Service.exe (Mediafour Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (JavaQuickStarterService) -- C:\Archivos de programa\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (NitroReaderDriverReadSpool2) -- C:\Archivos de programa\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (Autodesk Content Service) -- C:\Archivos de programa\Autodesk\Content Service\Connect.Service.ContentService.exe ()
SRV - (Asset Management Daemon) -- C:\Archivos de programa\Archivos comunes\Portrait Displays\Plugins\AM\dtsslsrv.exe ()
SRV - (DTSRVC) -- C:\Archivos de programa\Archivos comunes\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (PdiService) -- C:\Archivos de programa\Archivos comunes\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (Autodesk Licensing Service) -- C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (ArcGIS License Manager) -- C:\Archivos de programa\ArcGIS\License10.0\bin\lmgrd.exe (Acresso Software Inc.)
SRV - (LTT_ENCRYPT_WATCHING) -- C:\WINDOWS\system32\EncryptWatchingService.exe ()
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (odserv) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
SRV - (IDriverT) -- C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (WDC_SAM) -- system32\DRIVERS\wdcsam.sys File not found
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (cnnctfy2MP) -- system32\DRIVERS\cnnctfy2.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\Yo\CONFIG~1\Temp\catchme.sys File not found
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (MDPMGRNT) -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS (Mediafour Corporation)
DRV - (MDFSYSNT) -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS (Mediafour Corporation)
DRV - (MDRAID) -- C:\WINDOWS\system32\drivers\MDRAID.SYS (Mediafour Corporation)
DRV - (CBDisk) -- C:\WINDOWS\system32\drivers\CBDisk.sys (EldoS Corporation)
DRV - (zghsmdm) -- C:\WINDOWS\system32\drivers\zghsmdm.sys (ZTE Incorporated)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\androidusb.sys (Google Inc)
DRV - (massfilter_hs) -- C:\WINDOWS\system32\drivers\massfilter_hs.sys (HandSet Incorporated)
DRV - (RSUSBCCID) -- C:\WINDOWS\system32\drivers\RtsUCcid.sys (Realtek Semiconductor Corp.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Pivot) -- C:\WINDOWS\system32\drivers\pivot.sys (Portrait Displays, Inc.)
DRV - (pivotmou) -- C:\WINDOWS\system32\drivers\pivotmou.sys (Portrait Displays, Inc.)
DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (Spyder3) -- C:\WINDOWS\system32\drivers\Spyder3.sys ()
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (bpenum) -- C:\WINDOWS\system32\drivers\bpenum.sys (Intel Corporation)
DRV - (NETw5x32) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (imagesrv) -- C:\WINDOWS\system32\drivers\imagesrv.sys (Ahead Software AG)
DRV - (imagedrv) -- C:\WINDOWS\system32\drivers\imagedrv.sys (Ahead Software AG)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{51073A91-D8F4-4A97-8D08-CACF6E88D5B5}: "URL" = http://search.razoss.com/#q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2000478354-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2000478354-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2000478354-261903793-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2000478354-261903793-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-2000478354-261903793-725345543-1003\..\SearchScopes\{51073A91-D8F4-4A97-8D08-CACF6E88D5B5}: "URL" = http://search.razoss.com/#q={searchTerms}
IE - HKU\S-1-5-21-2000478354-261903793-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_esES320
IE - HKU\S-1-5-21-2000478354-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2000478354-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "www.Google.com"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.7896
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Archivos de programa\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Archivos de programa\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Archivos de programa\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Archivos de programa\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\archivos de programa\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\archivos de programa\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\archivos de programa\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Archivos de programa\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Archivos de programa\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Archivos de programa\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Archivos de programa\DivX\DivX Plus Web Player\firefox\html5video [2011/05/29 16:48:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Archivos de programa\DivX\DivX Plus Web Player\firefox\wpa [2011/05/29 16:48:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2013/05/08 03:52:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2013/04/27 00:47:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Archivos de programa\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/05/07 23:27:25 | 000,000,000 | ---D | M]
 
[2013/03/04 04:54:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yo\Datos de programa\Mozilla\Extensions
[2013/05/08 03:52:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\extensions
[2013/05/05 00:43:38 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/03/04 04:52:27 | 002,163,784 | ---- | M] () (No name found) -- C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\extensions\firebug@software.joehewitt.com.xpi
[2011/09/27 19:41:41 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2011/09/27 19:41:41 | 000,164,858 | ---- | M] () (No name found) -- C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
[2011/09/27 19:41:42 | 000,033,693 | ---- | M] () (No name found) -- C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\extensions\{8965bb4b-c2ca-2b84-6b49-7afb2760518c}.xpi
[2013/04/19 09:02:39 | 000,014,248 | ---- | M] () (No name found) -- C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2013/04/26 22:13:21 | 001,360,815 | ---- | M] () (No name found) -- C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/02/15 09:40:03 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/27 00:37:52 | 000,004,632 | ---- | M] () -- C:\Documents and Settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\searchplugins\ff_search.xml
[2013/04/27 00:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2013/04/27 00:47:09 | 000,000,000 | ---D | M] (Skype extension) -- C:\Archivos de programa\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\ARCHIVOS DE PROGRAMA\XINGHAOLYRICS\FF
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\YO\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\TTELS9CK.DEFAULT\EXTENSIONS\CROSSRIDERAPP12749@CROSSRIDER.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\YO\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\TTELS9CK.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM
[2013/04/27 00:47:20 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2013/04/27 00:47:17 | 000,002,465 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2013/04/27 00:47:17 | 000,004,095 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\drae.xml
[2013/04/27 00:47:17 | 000,001,356 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-es.xml
[2013/04/27 00:47:17 | 000,002,086 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\twitter.xml
[2013/04/27 00:47:17 | 000,001,391 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-es.xml
[2013/04/27 00:47:17 | 000,001,315 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-es.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Archivos de programa\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Archivos de programa\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Archivos de programa\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Archivos de programa\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Archivos de programa\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npwmsdrm.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Archivos de programa\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Archivos de programa\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Archivos de programa\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Archivos de programa\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Archivos de programa\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Archivos de programa\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Archivos de programa\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Archivos de programa\VideoLAN\VLC\npvlc.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Archivos de programa\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\archivos de programa\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\archivos de programa\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: \u2605 Chrome Extensions = C:\Documents and Settings\Yo\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\bmbpbbnadaecbckmojfinokdnaegcafp\22.3.1229.79_0\
CHR - Extension: DivX HiQ = C:\Documents and Settings\Yo\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_1\
CHR - Extension: Viderio = C:\Documents and Settings\Yo\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\ifdhgolccnkcbgpclpngdpjfahlnalig\2.1_1\
CHR - Extension: Link Protection = C:\Documents and Settings\Yo\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\jddfbanchahcmceflmmjecaodnbfglcf\1.0.3_1\
CHR - Extension: Skype Extension = C:\Documents and Settings\Yo\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\
CHR - Extension: \u003Cvideo\u003E de HTML5 de DivX Plus Web Player = C:\Documents and Settings\Yo\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_1\
 
O1 HOSTS File: ([2013/05/08 05:01:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Archivos de programa\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Archivos de programa\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2000478354-261903793-725345543-1003\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\archivos de programa\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Archivos de programa\Archivos comunes\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Archivos de programa\Archivos comunes\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1003..\Run: [Spotify Web Helper] C:\Archivos de programa\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Documents and Settings\Yo\Menú Inicio\Programas\Inicio\Dropbox.lnk = C:\Documents and Settings\Yo\Datos de programa\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2000478354-261903793-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2000478354-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Convertir destino de vínculo en archivo Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Convertir selección a Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Convertir vínculos seleccionados a Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Enlace de descarga usando Mega Manager... - C:\Archivos de programa\Megaupload\Mega Manager\mm_file.htm File not found
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Enviar a Bluetooth - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Toggle Razoss Bar - {36A378CF-F67B-465E-834F-EDBF3D391190} - C:\Documents and Settings\Yo\Configuración local\Datos de programa\Razoss\Application\IE.dll File not found
O9 - Extra 'Tools' menuitem : Razoss Bar - {36A378CF-F67B-465E-834F-EDBF3D391190} - C:\Documents and Settings\Yo\Configuración local\Datos de programa\Razoss\Application\IE.dll File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www5.aeat.es/es13/h/cactivex.cab (AeatCtl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.122.192.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EF6E01E-6171-48DC-9D0B-4C3CD4E2277F}: DhcpNameServer = 10.122.192.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/01/27 06:06:09 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/10/11 22:14:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/08 04:47:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/05/08 04:44:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/05/08 04:44:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/05/08 04:44:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/05/08 04:44:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/05/08 04:44:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/08 04:44:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/05/08 04:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yo\Escritorio\RK_Quarantine
[2013/05/08 03:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yo\Escritorio\virus cleaning
[2013/05/07 23:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yo\Configuración local\Datos de programa\ESET
[2013/05/07 23:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\ESET
[2013/05/07 23:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\ESET
[2013/05/07 23:27:02 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ESET
[2013/05/07 01:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Macromedia
[2013/05/07 01:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Adobe
[2013/05/07 01:43:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Yo\IETldCache
[2013/05/07 01:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\PCHealth
[2013/05/07 01:38:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/05/07 01:36:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/05/07 01:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yo\Configuración local\Datos de programa\Updater12749
[2013/05/07 01:32:28 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Coupon Caddy
[2013/05/06 22:00:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Yo\Recent
[2013/04/27 00:47:08 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Mozilla Firefox
[2009/05/06 14:09:59 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Yo\Datos de programa\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/09 01:05:12 | 000,129,536 | ---- | M] () -- C:\Documents and Settings\Yo\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/09 00:57:15 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/09 00:46:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2013/05/09 00:41:01 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/09 00:30:00 | 000,189,842 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/05/09 00:29:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2013/05/09 00:29:33 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1003.job
[2013/05/09 00:29:32 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/09 00:29:29 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1005.job
[2013/05/09 00:29:04 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\RKLauncher.job
[2013/05/09 00:28:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/09 00:28:44 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/08 05:01:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/05/08 04:48:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/05/07 23:27:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/07 02:14:59 | 001,462,272 | ---- | M] () -- C:\Documents and Settings\Yo\Configuración local\Datos de programa\filesync.metadata
[2013/05/07 02:14:50 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Yo\Escritorio\SyncToy 2.0.lnk
[2013/05/07 01:38:36 | 004,265,236 | ---- | M] () -- C:\Documents and Settings\Yo\Escritorio\MASTERPLAN.dwg
[2013/05/07 01:31:14 | 004,020,220 | ---- | M] () -- C:\Documents and Settings\Yo\Escritorio\MASTERPLAN.bak
[2013/05/06 10:08:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/06 01:38:24 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/04 17:04:29 | 001,275,288 | ---- | M] () -- C:\Documents and Settings\Yo\Escritorio\VUELO PERU.pdf
[2013/04/27 02:48:13 | 000,000,043 | ---- | M] () -- C:\Documents and Settings\Yo\Escritorio\z.gif
[2013/04/26 02:44:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1003.job
[2013/04/23 22:03:28 | 001,179,101 | ---- | M] () -- C:\Documents and Settings\Yo\Escritorio\zombies_walking_dead_graveyard_cemetery_cemetary_desktop_3600x1600_hd-wallpaper-557248.jpg
[2013/04/23 21:34:54 | 020,305,599 | ---- | M] () -- C:\Documents and Settings\Yo\Escritorio\FINAL HAND IN reduced.pdf
[2013/04/20 01:51:50 | 000,433,869 | ---- | M] () -- C:\Documents and Settings\Yo\Escritorio\mgarcia.jpg
[2013/04/15 00:52:54 | 004,545,498 | ---- | M] () -- C:\Documents and Settings\Yo\Escritorio\MASTERPLAN FINAL.jpg
[2013/04/15 00:30:29 | 111,566,219 | ---- | M] () -- C:\Documents and Settings\Yo\Escritorio\MASTERPLAN FINAL.psd
[2013/04/14 13:46:53 | 059,727,871 | ---- | M] () -- C:\Documents and Settings\Yo\Escritorio\MASTERPLAN.psd
[2013/04/13 10:30:05 | 000,564,144 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2013/04/13 10:30:05 | 000,496,292 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/13 10:30:05 | 000,107,850 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2013/04/13 10:30:05 | 000,084,776 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/10 02:41:55 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Google Chrome.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/08 04:48:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/05/08 04:48:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/05/08 04:44:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/08 04:44:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/08 04:44:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/08 04:44:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/08 04:44:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/07 00:49:30 | 004,020,220 | ---- | C] () -- C:\Documents and Settings\Yo\Escritorio\MASTERPLAN.bak
[2013/05/07 00:42:47 | 004,265,236 | ---- | C] () -- C:\Documents and Settings\Yo\Escritorio\MASTERPLAN.dwg
[2013/05/04 17:04:23 | 001,275,288 | ---- | C] () -- C:\Documents and Settings\Yo\Escritorio\VUELO PERU.pdf
[2013/04/27 02:48:12 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Yo\Escritorio\z.gif
[2013/04/23 22:03:28 | 001,179,101 | ---- | C] () -- C:\Documents and Settings\Yo\Escritorio\zombies_walking_dead_graveyard_cemetery_cemetary_desktop_3600x1600_hd-wallpaper-557248.jpg
[2013/04/23 21:34:55 | 020,305,599 | ---- | C] () -- C:\Documents and Settings\Yo\Escritorio\FINAL HAND IN reduced.pdf
[2013/04/20 01:51:47 | 000,433,869 | ---- | C] () -- C:\Documents and Settings\Yo\Escritorio\mgarcia.jpg
[2013/04/15 00:52:45 | 004,545,498 | ---- | C] () -- C:\Documents and Settings\Yo\Escritorio\MASTERPLAN FINAL.jpg
[2013/04/15 00:30:19 | 111,566,219 | ---- | C] () -- C:\Documents and Settings\Yo\Escritorio\MASTERPLAN FINAL.psd
[2013/04/14 07:25:42 | 059,727,871 | ---- | C] () -- C:\Documents and Settings\Yo\Escritorio\MASTERPLAN.psd
[2013/04/04 19:31:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/26 05:53:41 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\All Users\.bf45c81f8dc8abfeecf09.dat
[2012/11/27 05:12:24 | 001,354,162 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\WPFFontCache_v0400-S-1-5-21-2000478354-261903793-725345543-1003-0.dat
[2012/11/25 05:08:46 | 000,467,386 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\WPFFontCache_v0400-System.dat
[2012/11/24 21:02:30 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\Microsoft.SqlServer.Compact.351.32.bc
[2012/10/28 23:58:41 | 000,001,296 | ---- | C] () -- C:\Documents and Settings\Yo\Configuración local\Datos de programa\recently-used.xbel
[2012/09/27 00:37:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\CCPDF_redmonnt.dll
[2012/09/16 23:50:00 | 000,578,611 | ---- | C] () -- C:\WINDOWS\adb.exe
[2012/09/12 01:52:35 | 000,038,480 | ---- | C] () -- C:\Documents and Settings\Yo\Datos de programa\Valores separados por comas (Windows).ADR
[2012/02/19 18:02:19 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll
[2011/12/29 19:58:47 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/11/14 22:49:44 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\bwmedia.dll
[2011/11/06 20:10:16 | 001,273,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
[2011/07/10 02:14:31 | 000,002,299 | ---- | C] () -- C:\Documents and Settings\Yo\Datos de programa\ASSDraw3.cfg
[2010/10/08 18:46:32 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Yo\Configuración local\Datos de programa\PUTTY.RND
[2010/09/12 12:00:44 | 001,462,272 | ---- | C] () -- C:\Documents and Settings\Yo\Configuración local\Datos de programa\filesync.metadata
[2009/05/06 14:09:59 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Yo\Datos de programa\pcouffin.cat
[2009/05/06 14:09:59 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Yo\Datos de programa\pcouffin.inf
[2009/01/19 22:49:48 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Yo\default.pls
[2008/11/13 15:42:44 | 000,129,536 | ---- | C] () -- C:\Documents and Settings\Yo\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/06 22:29:18 | 013,502,621 | ---- | C] () -- C:\Archivos de programa\cjxp33se.zip
[2008/10/17 21:59:37 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Yo\Datos de programa\PnkBstrK.sys
 
========== ZeroAccess Check ==========
 
[2008/10/22 01:51:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/09/25 06:36:28 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 11:52:53 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:48:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >
 

 



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:22 PM

Posted 08 May 2013 - 08:16 PM


Hello mgarciaovejero

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png text box.
    :OTL
    IE - HKLM\..\SearchScopes\{51073A91-D8F4-4A97-8D08-CACF6E88D5B5}: "URL" = http://search.razoss.com/#q={searchTerms} <http://search.razoss.com/> 
    IE - HKU\S-1-5-21-2000478354-261903793-725345543-1003\..\SearchScopes\{51073A91-D8F4-4A97-8D08-CACF6E88D5B5}: "URL" = http://search.razoss.com/#q={searchTerms} <http://search.razoss.com/> 
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\YO\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\TTELS9CK.DEFAULT\EXTENSIONS\CROSSRIDERAPP12749@CROSSRIDER.COM
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mgarciaovejero

mgarciaovejero
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 08 May 2013 - 09:14 PM

Hello Gringo

 

Done, please see the report right after these lines. How does it look? Is the laptop badly infected?

 

Computer is doing fine apparently, but when OTL was about to reboot the laptop my antivirus (ESET) poped up a warning about a possible threat in a file located in c:\windows, didn't have time to copy the whole warning and after re-starting it hasn't been shown again, maybe wasn't nothing serious.

 

Otherwise everything runs smoothly.

 

Thanks again

 

 

 

 

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{51073A91-D8F4-4A97-8D08-CACF6E88D5B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51073A91-D8F4-4A97-8D08-CACF6E88D5B5}\ not found.
Registry key HKEY_USERS\S-1-5-21-2000478354-261903793-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{51073A91-D8F4-4A97-8D08-CACF6E88D5B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51073A91-D8F4-4A97-8D08-CACF6E88D5B5}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Configuración IP de Windows
Se vació con éxito la caché de resolución de DNS.
C:\Documents and Settings\Yo\Mis documentos\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Yo\Mis documentos\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: Carola
->Java cache emptied: 0 bytes
 
User: Default User
 
User: Invitado
 
User: LocalService
 
User: NetworkService
 
User: Yo
->Java cache emptied: 86587015 bytes
 
Total Java Files Cleaned = 83.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Carola
->Flash cache emptied: 43337 bytes
 
User: Default User
->Flash cache emptied: 41 bytes
 
User: Invitado
->Flash cache emptied: 651 bytes
 
User: LocalService
 
User: NetworkService
->Flash cache emptied: 1629 bytes
 
User: Yo
->Flash cache emptied: 17816 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05092013_025509
 

 



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:22 PM

Posted 08 May 2013 - 09:23 PM


Hello mgarciaovejero


things have been looking good really - picking up things here and there but mostly dross


At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mgarciaovejero

mgarciaovejero
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 08 May 2013 - 09:49 PM

Hi, 

After running the script (no problems at all) everything seems to be fine. 

Here is the report

 

 

ComboFix 13-05-07.02 - Yo 09/05/2013   3:34.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.34.3082.18.3067.2281 [GMT 1:00]
Running from: c:\documents and settings\Yo\Escritorio\ComboFix.exe
Command switches used :: c:\documents and settings\Yo\Escritorio\CFScript.txt
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-09 to 2013-05-09  )))))))))))))))))))))))))))))))
.
.
2013-05-09 02:05 . 2013-05-09 02:05 -------- d-sh--w- c:\documents and settings\Yo\PrivacIE
2013-05-09 01:55 . 2013-05-09 01:55 -------- d-----w- C:\_OTL
2013-05-07 22:32 . 2013-05-07 22:32 -------- d-----w- c:\documents and settings\Yo\Configuración local\Datos de programa\ESET
2013-05-07 22:31 . 2013-05-07 22:31 -------- d-----w- c:\windows\system32\config\systemprofile\Configuración local\Datos de programa\ESET
2013-05-07 22:27 . 2013-05-07 22:27 -------- d-----w- c:\documents and settings\All Users\Datos de programa\ESET
2013-05-07 22:27 . 2013-05-07 22:27 -------- d-----w- c:\archivos de programa\ESET
2013-05-07 00:51 . 2013-05-07 00:51 -------- d-----r- c:\documents and settings\NetworkService\Favoritos
2013-05-07 00:49 . 2013-05-07 00:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-05-07 00:44 . 2013-05-07 00:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-05-07 00:43 . 2013-05-07 00:43 -------- d-sh--w- c:\documents and settings\Yo\IETldCache
2013-05-07 00:38 . 2013-05-07 00:38 -------- d-----w- c:\documents and settings\LocalService\Configuración local\Datos de programa\PCHealth
2013-05-07 00:36 . 2013-05-07 00:41 -------- dc-h--w- c:\windows\ie8
2013-05-07 00:32 . 2013-05-07 22:32 -------- d-----w- c:\documents and settings\Yo\Configuración local\Datos de programa\Updater12749
2013-05-07 00:32 . 2013-05-08 00:51 -------- d-----w- c:\archivos de programa\Coupon Caddy
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 03:57 . 2013-02-06 20:23 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 03:57 . 2013-02-06 20:23 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 03:57 . 2013-03-13 03:57 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-04-26 23:47 . 2013-04-26 23:47 263064 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Yo\Datos de programa\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Yo\Datos de programa\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Yo\Datos de programa\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Yo\Datos de programa\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 15:10 576976 ----a-w- c:\archivos de programa\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 15:10 576976 ----a-w- c:\archivos de programa\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 15:10 576976 ----a-w- c:\archivos de programa\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 15:10 576976 ----a-w- c:\archivos de programa\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MacDriveVolumeIcon]
@="{6B21AF46-EE37-40D0-A707-C06C17D06CE9}"
[HKEY_CLASSES_ROOT\CLSID\{6B21AF46-EE37-40D0-A707-C06C17D06CE9}]
2012-11-28 11:29 222720 ----a-w- c:\archivos de programa\Mediafour\MacDrive 9\MDVolumeIcons.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MacDriveVolumeIconReadOnly]
@="{E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}"
[HKEY_CLASSES_ROOT\CLSID\{E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}]
2012-11-28 11:29 222720 ----a-w- c:\archivos de programa\Mediafour\MacDrive 9\MDVolumeIcons.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-04-29 16:55 4232968 ----a-w- c:\archivos de programa\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-04-29 16:55 4232968 ----a-w- c:\archivos de programa\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-17 39408]
"Spotify Web Helper"="c:\archivos de programa\Spotify\Data\SpotifyWebHelper.exe" [2013-04-27 1105408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-24 16871936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-24 13537280]
"TkBellExe"="c:\archivos de programa\real\realplayer\update\realsched.exe" [2011-08-31 273528]
"egui"="c:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 5078504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
c:\documents and settings\Yo\Menú Inicio\Programas\Inicio\
Dropbox.lnk - c:\documents and settings\Yo\Datos de programa\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-04-29 16:43 96008 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^BTTray.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Inicio rápido de Adobe Acrobat.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Acrobat.lnk
backup=c:\windows\pss\Inicio rápido de Adobe Acrobat.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Spyder3Utility.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Spyder3Utility.lnk
backup=c:\windows\pss\Spyder3Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Winter Fun Wallpaper Changer.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Winter Fun Wallpaper Changer.lnk
backup=c:\windows\pss\Winter Fun Wallpaper Changer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Yo^Menú Inicio^Programas^Inicio^Dropbox.lnk]
path=c:\documents and settings\Yo\Menú Inicio\Programas\Inicio\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Yo^Menú Inicio^Programas^Inicio^MagicDisc.lnk]
path=c:\documents and settings\Yo\Menú Inicio\Programas\Inicio\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43 926896 ----a-w- c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSK DLMSession]
2012-07-23 17:32 1632216 ----a-w- c:\archivos de programa\Archivos comunes\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2013-01-26 07:08 4480768 ----a-w- c:\documents and settings\Yo\Configuración local\Datos de programa\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\archivos de programa\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HWP]
2009-06-26 10:17 86016 ----a-w- c:\archivos de programa\Archivos comunes\Portrait Displays\Shared\DT_Startup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FPTools]
2008-10-12 02:30 2703360 ----a-w- c:\archivos de programa\LTT\FingerLogon\FingerLogon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2013-04-16 15:10 19662744 ----a-w- c:\archivos de programa\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 06:00 33648 ----a-w- c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive 9 application]
2012-12-11 15:14 480768 ----a-w- c:\archivos de programa\Mediafour\MacDrive 9\MacDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-07-24 18:06 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
2009-08-20 14:08 850544 ----a-w- c:\archivos de programa\Portrait Displays\Pivot Software\wpCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2008-04-29 16:21 49928 ----a-w- c:\archivos de programa\Protector Suite QL\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 16:50 18642024 ----a-r- c:\archivos de programa\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2013-04-27 10:31 4555776 ----a-w- c:\archivos de programa\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-04-27 10:31 1105408 ----a-w- c:\archivos de programa\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-17 21:41 39408 ----a-w- c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-08-31 15:57 273528 ----a-w- c:\archivos de programa\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Yo\\Datos de programa\\Dropbox\\bin\\Dropbox.exe"=
.
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [03/12/2012 10:15 243920]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [03/12/2012 10:15 29904]
R0 MDRAID;MacDrive RAID Bus Driver;c:\windows\system32\drivers\MDRAID.SYS [05/01/2013 01:41 154864]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/11/2008 02:23 685816]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [23/05/2010 13:38 57800]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [10/01/2013 15:08 122240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/01/2013 15:08 105784]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\archivos de programa\ArcGIS\License10.0\bin\lmgrd.exe [05/11/2008 23:59 1500424]
R2 Autodesk Content Service;Autodesk Content Service;c:\archivos de programa\Autodesk\Content Service\Connect.Service.ContentService.exe [02/02/2011 15:08 18656]
R2 ekrn;ESET Service;c:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe [21/03/2013 15:19 1341664]
R2 MacDrive9Service;MacDrive 9 service;c:\archivos de programa\Mediafour\MacDrive 9\MacDrive9Service.exe [11/12/2012 16:16 162816]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\archivos de programa\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [13/09/2012 02:01 196112]
R2 PdiService;Portrait Displays SDK Service;c:\archivos de programa\Archivos comunes\Portrait Displays\Drivers\pdisrvc.exe [23/10/2010 19:52 109168]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [07/12/2008 00:32 1373480]
R3 bpenum;Intel® Wireless WiMax Link Enumerator;c:\windows\system32\drivers\bpenum.sys [21/03/2008 02:22 163456]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [12/10/2008 01:01 81296]
S2 SkypeUpdate;Skype Updater;c:\archivos de programa\Skype\Updater\Updater.exe [28/02/2013 17:45 161384]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [16/09/2012 23:50 25728]
S3 cnnctfy2MP;cnnctfy2MP;c:\windows\system32\DRIVERS\cnnctfy2.sys --> c:\windows\system32\DRIVERS\cnnctfy2.sys [?]
S3 LTT_ENCRYPT_WATCHING;Lightuning Encrypt Watching Service;c:\windows\system32\EncryptWatchingService.exe -service --> c:\windows\system32\EncryptWatchingService.exe -service [?]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [16/09/2012 23:50 9216]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [06/05/2009 14:09 47360]
S3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\drivers\RtsUCcid.sys [06/09/2012 17:51 50720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [06/09/2012 17:51 181280]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [08/09/2008 17:26 12288]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [16/09/2012 23:50 106752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 01:41 1642448 ----a-w- c:\archivos de programa\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-18 03:57]
.
2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-01-06 01:56]
.
2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-01-06 01:56]
.
2013-05-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1003.job
- c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2011-08-11 13:22]
.
2013-05-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1005.job
- c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2011-08-11 13:22]
.
2013-04-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1003.job
- c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2011-08-11 13:22]
.
2013-04-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1005.job
- c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2011-08-11 13:22]
.
2013-05-09 c:\windows\Tasks\RKLauncher.job
- c:\archivos de programa\ARCHIVOS DE INSTALACION\rklauncher\RKLauncher.exe [2008-10-13 17:23]
.
2013-05-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
IE: Convertir a Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir destino de vínculo en archivo Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir selección a Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir vínculos seleccionados a Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Enlace de descarga usando Mega Manager... - c:\archivos de programa\Megaupload\Mega Manager\mm_file.htm
IE: Enviar a &Bluetooth - c:\archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar a Bluetooth - c:\archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{36A378CF-F67B-465E-834F-EDBF3D391190} - {36A378CF-F67B-465E-834F-EDBF3D391190} - c:\documents and settings\Yo\Configuración local\Datos de programa\Razoss\Application\IE.dll
TCP: DhcpNameServer = 10.122.192.1
DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www5.aeat.es/es13/h/cactivex.cab
FF - ProfilePath - c:\documents and settings\Yo\Datos de programa\Mozilla\Firefox\Profiles\ttels9ck.default\
FF - prefs.js: browser.search.defaulturl - www.Google.com
FF - ExtSQL: !HIDDEN! 2009-09-02 23:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-09 03:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\SYN070B\4&ff861e6&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
   00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
   00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c019\6&15ca5e13&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1040)
c:\windows\system32\psqlpwd.dll
c:\archivos de programa\Protector Suite QL\homefus2.dll
c:\archivos de programa\Protector Suite QL\infql2.dll
c:\archivos de programa\Protector Suite QL\homepass.dll
c:\archivos de programa\Protector Suite QL\bio.dll
c:\archivos de programa\Protector Suite QL\qlbase.dll
.
- - - - - - - > 'lsass.exe'(1096)
c:\windows\system32\psqlpwd.dll
c:\archivos de programa\Protector Suite QL\homefus2.dll
c:\archivos de programa\Protector Suite QL\infql2.dll
.
- - - - - - - > 'explorer.exe'(3976)
c:\windows\system32\AcSignIcon.dll
c:\documents and settings\Yo\Datos de programa\Dropbox\bin\DropboxExt.17.dll
c:\archivos de programa\Google\Drive\googledrivesync32.dll
c:\archivos de programa\Google\Drive\Microsoft.VC90.CRT\MSVCP90.dll
c:\archivos de programa\Google\Drive\Microsoft.VC90.CRT\MSVCR90.dll
c:\archivos de programa\Autodesk\Inventor Fusion 2012\AcSignCore16.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-05-09  03:45:11
ComboFix-quarantined-files.txt  2013-05-09 02:45
ComboFix2.txt  2013-05-08 04:03
.
Pre-Run: 12,888,838,144 bytes libres
Post-Run: 12,889,329,664 bytes libres
.
- - End Of File - - 3D4EF0847921E7BB931F2603A1CEE424

 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:22 PM

Posted 08 May 2013 - 10:08 PM


Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.These logs are looking allot better. But we still have some work to do.


uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job
  • Programs to remove

    • BitTorrent
      Delta Chrome Toolbar
      Delta toolbar
      Java 7 Update 7
      Java™ 6 Update 21
      Java™ 6 Update 7
      SanctionedMedia
      SaveByClick
      Searchqu Toolbar



  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :
  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mgarciaovejero

mgarciaovejero
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 08 May 2013 - 11:02 PM

Hello again,

 

No problems during the scanning, here you may find the reports,

 

Thanks a lot!

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:58:07, on 09/05/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\ARCHIVOS DE INSTALACION\rklauncher\RKLauncher.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Archivos de programa\ArcGIS\License10.0\bin\lmgrd.exe
C:\Archivos de programa\ArcGIS\License10.0\bin\lmgrd.exe
C:\Archivos de programa\ArcGIS\License10.0\bin\ARCGIS.exe
C:\Archivos de programa\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Archivos de programa\Mediafour\MacDrive 9\MacDrive9Service.exe
C:\Archivos de programa\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Archivos comunes\Portrait Displays\Drivers\pdisrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Archivos de programa\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\Spotify\Data\SpotifyWebHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
C:\Archivos de programa\Google\Chrome\Application\chrome.exe
C:\Archivos de programa\Google\Chrome\Application\chrome.exe
C:\Archivos de programa\Google\Chrome\Application\chrome.exe
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Documents and Settings\Yo\Mis documentos\Downloads\HijackThis.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (file missing)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Archivos de programa\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Archivos de programa\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\archivos de programa\real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Archivos de programa\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARCHIV~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Yo\Datos de programa\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir vínculos seleccionados a Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enlace de descarga usando Mega Manager... - C:\Archivos de programa\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar a Bluetooth - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Toggle Razoss Bar - {36A378CF-F67B-465E-834F-EDBF3D391190} - C:\Documents and Settings\Yo\Configuración local\Datos de programa\Razoss\Application\IE.dll (file missing)
O9 - Extra 'Tools' menuitem: Razoss Bar - {36A378CF-F67B-465E-834F-EDBF3D391190} - C:\Documents and Settings\Yo\Configuración local\Datos de programa\Razoss\Application\IE.dll (file missing)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www5.aeat.es/es13/h/cactivex.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: ArcGIS License Manager - Acresso Software Inc. - C:\Archivos de programa\ArcGIS\License10.0\bin\lmgrd.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Archivos de programa\Archivos comunes\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Archivos de programa\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Archivos de programa\Archivos comunes\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Lightuning Encrypt Watching Service (LTT_ENCRYPT_WATCHING) - Unknown owner - C:\WINDOWS\system32\EncryptWatchingService.exe
O23 - Service: MacDrive 9 service (MacDrive9Service) - Mediafour Corporation - C:\Archivos de programa\Mediafour\MacDrive 9\MacDrive9Service.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Archivos de programa\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Archivos de programa\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Archivos de programa\Archivos comunes\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Archivos de programa\Skype\Updater\Updater.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
 
--
End of file - 15108 bytes
 

 

 

 

 

 

Malwarebytes Anti-Malware (Versión de Prueba) 1.75.0.1300
www.malwarebytes.org
 
Versión de la Base de Datos: v2013.05.09.01
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Yo :: MIGUEL [administrador]
 
Protección: Habilitado
 
09/05/2013 04:47:01
mbam-log-2013-05-09 (04-47-01).txt
 
Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 298783
Tiempo transcurrido: 8 minuto(s), 55 segundo(s)
 
Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)
 
Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)
 
Claves del Registro Detectados: 2
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> En cuarentena y eliminado con éxito.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> En cuarentena y eliminado con éxito.
 
Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)
 
Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)
 
Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)
 
Archivos Detectados: 0
(No se han detectado elementos maliciosos)
 
fin)
 

 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:22 PM

Posted 08 May 2013 - 11:45 PM


Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [TkBellExe] "C:\archivos de programa\real\realplayer\update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Archivos de programa\Spotify\Data\SpotifyWebHelper.exe"
      O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Yo\Datos de programa\Dropbox\bin\Dropbox.exe


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:22 PM

Posted 12 May 2013 - 12:22 PM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users