Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep seeing pop-ups and links are redirected!


  • This topic is locked This topic is locked
8 replies to this topic

#1 Digiluke

Digiluke

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 20 March 2017 - 06:45 PM

Keep seeing pop-ups and links are redirected!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Servidor (administrator) on SERVIDOR-AD99AE (20-03-2017 18:37:11)
Running from C:\Documents and Settings\Servidor\Escritorio\Scans
Loaded Profiles: Servidor (Available Profiles: Servidor & Administrador)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Español (alfabetización internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(VIA Technologies, Inc.) C:\WINDOWS\system32\KaraokeSer.exe
(Symantec Corporation) C:\Archivos de programa\Norton Security\Engine\22.9.0.71\NS.exe
(S3 Graphics, Inc.) C:\WINDOWS\system32\VTTimer.exe
(Safer-Networking Ltd.) C:\Archivos de programa\Spybot - Search & Destroy 2\SDFSSvc.exe
(Symantec Corporation) C:\Archivos de programa\Norton Security\Engine\22.9.0.71\NS.exe
(Safer-Networking Ltd.) C:\Archivos de programa\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Safer-Networking Ltd.) C:\Archivos de programa\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VTTimer] => C:\WINDOWS\system32\VTTimer.exe [53248 2006-09-21] (S3 Graphics, Inc.)
HKLM\...\Run: [VTTrayp] => C:\WINDOWS\system32\VTtrayp.exe [176128 2007-02-06] (S3 Graphics Co., Ltd.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065384 2011-12-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [HDAudDeck] => C:\Archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe [41106032 2011-07-18] (VIA Technologies, Inc.)
HKLM\...\Run: [SDTray] => C:\Archivos de programa\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-854245398-162531612-725345543-1003\...\Run: [Google Update] => C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-854245398-162531612-725345543-1003\...\MountPoints2: {7e15bab5-a116-11e1-9d2e-00e04d5300cb} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL drive\usbchk.exe
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Archivos de programa\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Archivos de programa\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Archivos de programa\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3ECA736E-6A30-4A79-8345-A74670018D93}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3ECA736E-6A30-4A79-8345-A74670018D93}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{92158F7D-3619-4FD2-9BE9-EB54C2690EC1}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-854245398-162531612-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-854245398-162531612-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-854245398-162531612-725345543-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={576B95DA-D85C-4E88-84A6-853D46EE66F4}&mid=0128cd68e60247d2bc74d1a90bb7e938-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0217tb&pr=fr&d=2016-12-05 15:18:03&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Archivos de programa\Norton Security\Engine\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Archivos de programa\Norton Security\Engine\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
Handler: linkscanner - No CLSID Value - 
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll [2013-09-25] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon [2017-03-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin: Adobe Reader -> C:\Archivos de programa\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-854245398-162531612-725345543-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-854245398-162531612-725345543-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.google.com.mx/?gfe_rd=cr&ei=QBnQWMK7CY308AfE65nIBw&gws_rd=ssl,cr"
CHR Profile: C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\User Data\Default [2017-03-20]
CHR Extension: (YouTube) - C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Norton Security Toolbar) - C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-03-20]
CHR Extension: (Búsqueda de Google) - C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Text Mode) - C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\cpodgodbgfoljdgnjbediocncehmjpkm [2016-11-16]
CHR Extension: (Norton Identity Safe) - C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-03-20]
CHR Extension: (Text Mode) - C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\jeopiejnomkpnibcfcfiblpnobonnifa [2016-11-08]
CHR Extension: (Text Mode) - C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\lfkdmjceganiofapomcoimgapojgobdm [2016-10-08]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-17]
CHR Extension: (Gmail) - C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Secure Web Plus) - C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\ppcnmcjliojgkpgnoiddfpmncpmcekkh [2016-09-21]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Archivos de programa\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx [2017-03-20]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: chrome.exe - C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome - C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 KaraokeService; C:\WINDOWS\system32\KaraokeSer.exe [88688 2011-07-12] (VIA Technologies, Inc.)
S2 LiveUpdateSvc; C:\Archivos de programa\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
S3 Microsoft Office Groove Audit Service; C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 NS; C:\Archivos de programa\Norton Security\Engine\22.9.0.71\NS.exe [288520 2017-02-20] (Symantec Corporation)
S3 odserv; C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
R2 SDScannerService; C:\Archivos de programa\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Archivos de programa\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Archivos de programa\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 BHDrvx86; C:\Archivos de programa\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20170317.001\BHDrvx86.sys [1334424 2017-03-17] (Symantec Corporation)
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NS\1609000.047\ccSetx86.sys [137888 2017-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Archivos de programa\Archivos comunes\Symantec Shared\EENGINE\eeCtrl.sys [388768 2017-03-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Archivos de programa\Archivos comunes\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [124576 2017-03-20] (Symantec Corporation)
S3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [46592 2009-06-16] (VIA Technologies, Inc.              )
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2016-10-17] (REALiX™)
R3 IDSxpx86; C:\Archivos de programa\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20170317.002\IDSxpx86.sys [718032 2017-03-17] (Symantec Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 SRTSP; C:\WINDOWS\system32\drivers\NS\1609000.047\SRTSP.SYS [617120 2017-02-20] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NS\1609000.047\SRTSPX.SYS [41120 2017-02-20] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NS\1609000.047\SYMEFASI.SYS [1348256 2017-02-20] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [89296 2017-03-20] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NS\1609000.047\Ironx86.SYS [232600 2017-02-20] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\system32\drivers\NS\1609000.047\SYMTDI.SYS [382008 2017-02-20] (Symantec Corporation)
S3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [281856 2007-03-22] (Copyright © VIA/S3 Graphics Co, Ltd.)
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2805744 2011-07-12] (VIA Technologies, Inc.)
S0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2016-10-17] (VIA Technologies, Inc.)
S0 xfilt; C:\WINDOWS\System32\DRIVERS\xfilt.sys [23192 2016-10-17] (VIA Technologies, Inc.)
S4 IntelIde; no ImagePath
S3 NAVENG; \??\C:\Archivos de programa\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20170320.008\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Archivos de programa\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20170320.008\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-20 18:33 - 2017-03-20 18:35 - 00000000 ____D C:\FRST
2017-03-20 18:32 - 2017-03-20 18:37 - 00000000 ____D C:\Documents and Settings\Servidor\Escritorio\Scans
2017-03-20 18:01 - 2017-03-20 18:26 - 00000246 _____ C:\WINDOWS\ntbtlog.txt
2017-03-20 17:38 - 2017-03-20 17:49 - 00000000 ____D C:\Documents and Settings\Servidor\Configuración local\Datos de programa\NPE
2017-03-20 17:04 - 2017-03-20 17:35 - 00000000 ____D C:\Archivos de programa\Archivos comunes\Symantec Shared
2017-03-20 17:04 - 2017-03-20 17:04 - 00089296 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2017-03-20 17:04 - 2017-03-20 17:04 - 00008262 _____ C:\WINDOWS\system32\Drivers\SYMEVENT.CAT
2017-03-20 17:04 - 2017-03-20 17:04 - 00001937 _____ C:\Documents and Settings\All Users\Escritorio\Norton Security.LNK
2017-03-20 17:04 - 2017-03-20 17:04 - 00000000 ____D C:\Archivos de programa\Symantec
2017-03-20 17:03 - 2017-03-20 17:04 - 00000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\Norton Security
2017-03-20 17:03 - 2017-03-20 17:03 - 00000000 ____D C:\WINDOWS\system32\Drivers\NS
2017-03-20 17:03 - 2017-03-20 17:03 - 00000000 ____D C:\Archivos de programa\Norton Security
2017-03-20 17:02 - 2017-03-20 17:02 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\NortonInstaller
2017-03-20 17:02 - 2017-03-20 17:02 - 00000000 ____D C:\Archivos de programa\NortonInstaller
2017-03-20 17:01 - 2017-03-20 17:31 - 00000000 ____D C:\Documents and Settings\Servidor\Menú Inicio\Programas\Norton
2017-03-20 16:53 - 2017-03-20 17:31 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\Norton
2017-03-20 13:35 - 2017-03-20 13:35 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2017-03-20 13:28 - 2017-03-20 13:28 - 00000000 ____D C:\Documents and Settings\Administrador\Configuración local\Datos de programa\MFAData
2017-03-20 13:26 - 2017-03-20 13:26 - 00000000 ____D C:\Documents and Settings\Administrador\Configuración local\Datos de programa\CEF
2017-03-20 13:25 - 2017-03-20 13:28 - 00000000 ____D C:\Documents and Settings\Administrador\Configuración local\Datos de programa\AvgSetupLog
2017-03-20 13:25 - 2017-03-20 13:25 - 00000000 ____D C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Avg
2017-03-20 13:12 - 2017-03-20 13:33 - 00000192 ___SH C:\Documents and Settings\Administrador\ntuser.ini
2017-03-20 13:12 - 2017-03-20 13:32 - 00000000 ____D C:\Documents and Settings\Administrador\Configuración local\Temp
2017-03-20 13:12 - 2017-03-20 13:28 - 00000000 ___HD C:\Documents and Settings\Administrador\Configuración local\Datos de programa
2017-03-20 13:12 - 2017-03-20 13:12 - 00000000 __SHD C:\Documents and Settings\Administrador\IETldCache
2017-03-20 13:12 - 2017-03-20 13:12 - 00000000 ___HD C:\Documents and Settings\Administrador\Configuración local
2017-03-20 13:12 - 2017-03-20 13:12 - 00000000 ____D C:\Documents and Settings\Administrador
2017-03-20 13:12 - 2013-01-31 10:32 - 00000000 __RHD C:\Documents and Settings\Administrador\Datos de programa
2017-03-20 13:12 - 2013-01-31 10:32 - 00000000 ____D C:\Documents and Settings\Administrador\Datos de programa\TuneUp Software
2017-03-20 13:12 - 2012-05-24 03:02 - 00000000 ____D C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft Help
2017-03-20 13:12 - 2012-05-18 10:27 - 00000000 __SHD C:\Documents and Settings\Administrador\Configuración local\Historial
2017-03-20 13:12 - 2012-05-18 10:27 - 00000000 __SHD C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet
2017-03-20 13:12 - 2012-05-18 10:27 - 00000000 ___RD C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio
2017-03-20 13:12 - 2012-05-18 10:27 - 00000000 ___RD C:\Documents and Settings\Administrador\Menú Inicio
2017-03-20 13:12 - 2012-05-18 10:27 - 00000000 ___HD C:\Documents and Settings\Administrador\Reciente
2017-03-20 13:12 - 2012-05-18 10:27 - 00000000 ___HD C:\Documents and Settings\Administrador\Impresoras
2017-03-20 13:12 - 2012-05-18 10:27 - 00000000 ___HD C:\Documents and Settings\Administrador\Entorno de red
2017-03-20 13:12 - 2012-05-18 10:27 - 00000000 ____D C:\Documents and Settings\Administrador\Mis documentos
2017-03-20 13:12 - 2012-05-18 10:27 - 00000000 ____D C:\Documents and Settings\Administrador\Favoritos
2017-03-20 13:12 - 2012-05-18 10:27 - 00000000 ____D C:\Documents and Settings\Administrador\Escritorio
2017-03-20 13:12 - 2012-05-17 16:36 - 00001599 _____ C:\Documents and Settings\Administrador\Menú Inicio\Programas\Asistencia remota.lnk
2017-03-20 13:12 - 2012-05-17 16:36 - 00000827 _____ C:\Documents and Settings\Administrador\Menú Inicio\Programas\Reproductor de Windows Media.lnk
2017-03-20 13:12 - 2012-05-17 16:36 - 00000000 ___RD C:\Documents and Settings\Administrador\Menú Inicio\Programas\Accesorios
2017-03-20 13:12 - 2012-05-17 16:36 - 00000000 ___RD C:\Documents and Settings\Administrador\Menú Inicio\Programas
2017-03-20 13:12 - 2012-05-17 16:32 - 00000000 ___HD C:\Documents and Settings\Administrador\Plantillas
2017-03-20 13:01 - 2017-03-20 13:01 - 00454233 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170320-130144.backup
2017-03-20 13:01 - 2016-10-22 14:41 - 00000865 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170320-130132.backup
2017-03-20 12:30 - 2017-03-20 12:30 - 00000000 ____D C:\Documents and Settings\LocalService\Menú Inicio\Programas
2017-03-20 12:30 - 2017-03-20 12:30 - 00000000 ____D C:\Documents and Settings\LocalService\Menú Inicio
2017-03-20 12:30 - 2017-03-20 12:30 - 00000000 ____D C:\Archivos de programa\Archivos comunes\AV
2017-03-20 12:26 - 2017-03-20 17:41 - 00000658 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-03-20 12:26 - 2017-03-20 12:26 - 00000630 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-03-20 12:26 - 2017-03-20 12:26 - 00000460 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-03-20 12:25 - 2017-03-20 17:35 - 00000000 ____D C:\Archivos de programa\Spybot - Search & Destroy 2
2017-03-20 12:25 - 2017-03-20 13:00 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2017-03-20 12:25 - 2017-03-20 12:30 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2017-03-20 12:25 - 2017-03-20 12:25 - 00001905 _____ C:\Documents and Settings\All Users\Menú Inicio\Programas\Spybot-S&D Start Center.lnk
2017-03-20 12:25 - 2017-03-20 12:25 - 00001899 _____ C:\Documents and Settings\All Users\Escritorio\Spybot-S&D Start Center.lnk
2017-03-20 12:25 - 2017-03-20 12:25 - 00000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\Spybot - Search & Destroy 2
2017-03-20 12:25 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-20 18:37 - 2012-05-17 16:39 - 00000000 ____D C:\Documents and Settings\Servidor\Configuración local\Temp
2017-03-20 18:33 - 2012-05-18 15:11 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-162531612-725345543-1003UA.job
2017-03-20 18:32 - 2012-05-17 16:39 - 00000000 ____D C:\Documents and Settings\Servidor\Escritorio
2017-03-20 17:49 - 2012-05-18 11:25 - 00000245 _____ C:\boot.ini
2017-03-20 17:49 - 2012-05-18 10:26 - 00000000 __RHD C:\Documents and Settings\All Users\Datos de programa
2017-03-20 17:41 - 2014-03-22 07:58 - 00000228 _____ C:\WINDOWS\Tasks\Notificación de inicio de sesión de fin de servicio de Microsoft Windows XP.job
2017-03-20 17:41 - 2012-05-17 16:39 - 00031796 _____ C:\WINDOWS\SchedLgU.Txt
2017-03-20 17:41 - 2012-05-17 16:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-20 17:40 - 2012-06-08 11:56 - 00000838 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-20 17:40 - 2012-05-17 16:39 - 00000192 ___SH C:\Documents and Settings\Servidor\ntuser.ini
2017-03-20 17:38 - 2012-05-17 16:39 - 00000000 ___HD C:\Documents and Settings\Servidor\Configuración local\Datos de programa
2017-03-20 17:04 - 2012-05-18 10:27 - 00000000 ___RD C:\Archivos de programa
2017-03-20 17:04 - 2012-05-18 10:27 - 00000000 ____D C:\Documents and Settings\All Users\Escritorio
2017-03-20 17:04 - 2012-05-18 10:27 - 00000000 ____D C:\Archivos de programa\Archivos comunes
2017-03-20 17:03 - 2012-05-18 10:27 - 00000000 ___RD C:\Documents and Settings\All Users\Menú Inicio\Programas
2017-03-20 17:01 - 2012-05-17 16:39 - 00000000 ___RD C:\Documents and Settings\Servidor\Menú Inicio\Programas
2017-03-20 16:53 - 2012-05-18 11:22 - 00000000 ___HD C:\WINDOWS\inf
2017-03-20 16:53 - 2012-05-18 10:27 - 00000000 ___RD C:\Documents and Settings\All Users\Documentos
2017-03-20 15:56 - 2012-05-17 17:13 - 00000000 ____D C:\CoVes 1.0
2017-03-20 14:33 - 2012-05-18 15:11 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-162531612-725345543-1003Core.job
2017-03-20 13:40 - 2012-05-17 16:39 - 00000000 __SHD C:\Documents and Settings\Servidor\Configuración local\Archivos temporales de Internet
2017-03-20 13:39 - 2012-05-17 16:39 - 00000000 ____D C:\Documents and Settings\Servidor
2017-03-20 13:38 - 2015-10-27 09:25 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\Avg
2017-03-20 13:38 - 2015-10-27 09:20 - 00000000 ____D C:\Documents and Settings\Servidor\Configuración local\Datos de programa\AvgSetupLog
2017-03-20 13:38 - 2012-05-17 17:04 - 00000000 ____D C:\Archivos de programa\AVG
2017-03-20 13:37 - 2012-05-17 16:39 - 00000000 __RHD C:\Documents and Settings\Servidor\Datos de programa
2017-03-20 13:35 - 2016-12-05 10:18 - 00000351 _____ C:\prefs.js
2017-03-20 13:35 - 2012-05-17 16:39 - 00000000 __SHD C:\Documents and Settings\LocalService
2017-03-20 13:34 - 2015-06-02 09:17 - 00000000 ____D C:\Documents and Settings\Servidor\Configuración local\Datos de programa\Avg
2017-03-20 13:34 - 2012-05-17 17:01 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\MFAData
2017-03-20 13:12 - 2012-05-18 10:26 - 00000000 ____D C:\Documents and Settings
2017-03-20 12:33 - 2016-10-17 12:49 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\ProductData
2017-03-20 09:09 - 2001-08-24 07:00 - 00002250 _____ C:\WINDOWS\system32\wpa.dbl
2017-03-15 17:01 - 2012-05-17 17:27 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2017-03-15 09:09 - 2016-10-11 12:29 - 00000150 _____ C:\WINDOWS\Reimage.ini
2017-03-14 16:30 - 2016-10-30 22:08 - 00002507 _____ C:\Documents and Settings\Servidor\Escritorio\Microsoft Office Word 2007.lnk
2017-03-13 08:51 - 2012-05-18 10:27 - 00781080 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-13 08:51 - 2001-08-24 07:00 - 00366162 _____ C:\WINDOWS\system32\perfh00A.dat
2017-03-13 08:51 - 2001-08-24 07:00 - 00052454 _____ C:\WINDOWS\system32\perfc00A.dat
2017-03-08 16:00 - 2014-03-22 07:58 - 00000222 _____ C:\WINDOWS\Tasks\Notificación mensual de fin de servicio de Microsoft Windows XP.job
2017-03-07 14:59 - 2012-05-17 16:39 - 00000000 ___RD C:\Documents and Settings\Servidor\Mis documentos
2017-03-03 13:35 - 2012-05-23 13:31 - 00166930 _____ C:\Documents and Settings\Servidor\Mis documentos\BALANCE DE FACTURAS.xlsx
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:39 PM

Posted 21 March 2017 - 08:33 AM

Hi DigiLuke,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

Thank you for your patience,

 

packetanalyzer



#3 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:39 PM

Posted 27 March 2017 - 02:27 PM

Hi DigiLuke,

 

Welcome to Bleeping Computer and thank you for posting your FRST log. You can call me packetanalyzer and I will be helping you with your removing malware from your computer. Please take a moment to review the following.

Please read my instructions completely and follow them closely.

Please do not run any tools unless and until I ask you to do so.

Please only run the tools I ask you to run.

If you have any questions at any point, please stop and ask me before you try to complete the step.

Please refrain from using your computer for any purpose other than us working together to clean malware from it until I have notified you your computer is clean.

Please be patient as most of us at Bleeping Computer are volunteers and your logs take
 time to closely analyze. If you do not hear back from me in 48 hours, please feel free to send me a PM.

If I do not hear from you within 3 days after any post, this thread will be closed.

 
Now we are going to get started.

 

 

Windows XP

 

Unfortunately, your computer is running Windows XP which is not longer supported. That means your computer is not getting security patches and because of that is more vulnerable to being infected. I would recommend upgrading to a supported Operating System that gets security updates.

 

Please do the following:

 

 

++++ Step 1 Confirm Your Anti-Virus ++++
 
It appears you may have more than one anti-virus program installed. Having more than one anti-virus program on your computer installed can cause problems including false positives and computer crashes.
 
Please make sure that you have only one anti-virus program installed on your computer. Your FRST log indicates you may have Symantec Norton Security, AVG AntiVirus Free Edition, and IObit Malware Fighter installed.

 

Please choose one of these to keep. The others please perform the steps below to remove.

 

To uninstall one of the anti-virus programs please:

  1. Press the windows key + r on your keyboard at the same time (his will open Run)
  2. In the Run window type control appwiz.cpl
  3. Press Enter
  4. Select the anti-virus program you want to uninstall (if listed) and click Uninstall
  5. Follow the steps in the uninstallation wizard
  6. Restart your computer


#4 Digiluke

Digiluke
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 30 March 2017 - 12:44 PM

Hi, I have left only Symantec Norton Security, and removed all the others. After installing and running Norton Security and removing the others (I had just installed Norton the day I posted the log), the pop-up windows have not come back for some reason, although supposedly Norton did not find any virus or threat.



#5 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:39 PM

Posted 31 March 2017 - 08:21 AM

Hi DigiLuke,
 
That is very good to hear. If you don't mind, let's get a new FRST log so we can look through it and determine if there are indications anything else needs removed.
 

++++ Step 4 Create an FRST Log ++++

We need to run a scan using FRST to collect some information from your computer. Once we have this information we can analyze it and determine what we need to do next.

++++ Step 5 Share Your Logs ++++

  • When FRST completes the scan, please paste the contents of FRST.txt in your post.


#6 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:39 PM

Posted 03 April 2017 - 08:24 AM

Hi DigiLuke,

 

Do you still need help? If so, please reply to the last post. If not, we will close this thread so we can assist other people.

 

Thank you,

 

packetanalyzer



#7 Digiluke

Digiluke
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 03 April 2017 - 11:50 AM

Hi, yes I would still like for you to review my FRST log again, I just haven't had time these couple days to run it. I will run it this evening and send in the results. Thanks for your patience.



#8 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:39 PM

Posted 06 April 2017 - 08:50 AM

Hi DigiLuke,

 

Do you still need help? If so, please reply with your new FRST log file. If not, we will close this thread so we can assist other people.

 

Thank you,

 

packetanalyzer



#9 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,397 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:39 AM

Posted 09 April 2017 - 01:23 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users