Jump to content

I got search.certified-toolbar


sachs

Recommended Posts

Hi friendly, everybody. Please help me to delete it. Thanks and regards. NOTE: I am not using Avira but Avast.

OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit

Processor: Intel® Atom CPU N270 @ 1.60GHz, x86 Family 6 Model 28 Stepping 2

Processor Count: 2

RAM: 2039 Mb

Graphics Card: Mobile Intel® 945 Express Chipset Family, 128 Mb

Hard Drives: C: Total - 152616 MB, Free - 112246 MB;

Motherboard: Hewlett-Packard, 1468

Antivirus: Avira Desktop, Updated: Yes, On-Demand Scanner: Enabled

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2

Run by Juan Merello-Galasso at 16:57:02 on 2013-02-10

Microsoft Windows XP Home Edition 5.1.2600.3.1252.52.3082.18.2039.1274 [GMT -3:00]

.

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ================

.

C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\archivos de programa\idt\wdm\STacSV.exe

C:\WINDOWS\Explorer.EXE

c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Archivos de programa\BillP Studios\WinPatrol\winpatrol.exe

C:\Archivos de programa\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\qmc.exe

C:\Archivos de programa\Java\jre7\bin\jqs.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Archivos de programa\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k bthsvcs

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzuzytDyE0C0EyDzyyCtBtC0B0Bzz0AtAtAyBtN0D0TzutBtDtCtCtDzztCyE&cr=266032843

uInternet Connection Wizard,ShellNext = iexplore

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\archivos de programa\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\archivos de programa\avast software\avast\aswWebRepIE.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\archivos de programa\java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\archivos de programa\avast software\avast\aswWebRepIE.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Adobe ARM] "c:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"

mRun: [WinPatrol] c:\archivos de programa\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [avast] "c:\archivos de programa\avast software\avast\avastUI.exe" /nogui

mRun: [DWQueuedReporting] "c:\archiv~1\archiv~1\micros~1\dw\dwtrig20.exe" -t

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\juanme~1\menini~1\progra~1\inicio\erunta~1.lnk - c:\archivos de programa\erunt\AUTOBACK.EXE

StartupFolder: c:\docume~1\juanme~1\menini~1\progra~1\inicio\quickm~1.lnk - c:\windows\qmc.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~4\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271463677156

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{5B8E9DFC-8611-4223-80CD-4FFFD955C9BC} : DHCPNameServer = 192.168.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\archivos de programa\archivos comunes\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\archivos de programa\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\juan merello-galasso\datos de programa\mozilla\firefox\profiles\c43nwsd9.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.cl/

FF - plugin: c:\archivos de programa\adobe\reader 10.0\reader\air\nppdf32(2).dll

FF - plugin: c:\archivos de programa\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\archivos de programa\adobe\reader 10.0\reader\browser\nppdf32(2).dll

FF - plugin: c:\archivos de programa\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\archivos de programa\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\archivos de programa\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - ExtSQL: 2013-01-16 11:21; {66E978CD-981F-47DF-AC42-E3CF417C1467}; c:\documents and settings\juan merello-galasso\datos de programa\mozilla\firefox\profiles\c43nwsd9.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi

FF - ExtSQL: 2013-01-16 11:21; {39952c40-5197-11da-8cd6-0800200c9a66}; c:\documents and settings\juan merello-galasso\datos de programa\mozilla\firefox\profiles\c43nwsd9.default\extensions\{39952c40-5197-11da-8cd6-0800200c9a66}.xpi

FF - ExtSQL: 2013-01-17 13:20; CNT@ednovak.net; c:\documents and settings\juan merello-galasso\datos de programa\mozilla\firefox\profiles\c43nwsd9.default\extensions\CNT@ednovak.net.xpi

FF - ExtSQL: 2013-01-17 20:50; status4evar@caligonstudios.com; c:\documents and settings\juan merello-galasso\datos de programa\mozilla\firefox\profiles\c43nwsd9.default\extensions\status4evar@caligonstudios.com.xpi

FF - ExtSQL: 2013-01-22 11:12; foxmarks@kei.com; c:\documents and settings\juan merello-galasso\datos de programa\mozilla\firefox\profiles\c43nwsd9.default\extensions\foxmarks@kei.com

FF - ExtSQL: 2013-01-26 13:07; {a3a5c777-f583-4fef-9380-ab4add1bc2a8}; c:\documents and settings\juan merello-galasso\datos de programa\mozilla\firefox\profiles\c43nwsd9.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi

FF - ExtSQL: 2013-01-26 20:43; {dd3d7613-0246-469d-bc65-2a3cc1668adc}; c:\documents and settings\juan merello-galasso\datos de programa\mozilla\firefox\profiles\c43nwsd9.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi

FF - ExtSQL: 2013-02-03 17:48; wrc@avast.com; c:\archivos de programa\avast software\avast\webrep\FF

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.zonealarm.autoRvrt - false

FF - user.js: extensions.zonealarm_i.newTab - false

FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base&Lan={dfltLng}&gu=321fefb5e3dd4c6985a2e23758768e58&tu=10SE0006J2A21U0&sku=&tstsId=&ver=&&q=

FF - user.js: extensions.zonealarm.id - 14f8a33700000000000018a905da8a49

FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}

FF - user.js: extensions.zonealarm.instlDay - 15731

FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16

FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16

FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1619:56:57

FF - user.js: extensions.zonealarm.prtnrId - checkpoint

FF - user.js: extensions.zonealarm.prdct - zonealarm

FF - user.js: extensions.zonealarm.aflt - 1750

FF - user.js: extensions.zonealarm_i.smplGrp - NoFF

FF - user.js: extensions.zonealarm.tlbrId - base

FF - user.js: extensions.zonealarm.instlRef - ZLN116563496751059-1750

FF - user.js: extensions.zonealarm.dfltLng - en

FF - user.js: extensions.zonealarm.excTlbr - false

FF - user.js: extensions.zonealarm.admin - false

.

============= SERVICES / DRIVERS ===============

.

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-11-20 21488]

R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-11-20 15856]

R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [2009-7-2 103792]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-2-3 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-2-3 361032]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-11-20 25584]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-11-2 101112]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-2-3 21256]

R2 avast! Antivirus;avast! Antivirus;c:\archivos de programa\avast software\avast\AvastSvc.exe [2013-2-3 44808]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-11-20 113664]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-9-4 62576]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-1-16 193640]

S2 SkypeUpdate;Skype Updater;c:\archivos de programa\skype\updater\Updater.exe [2012-7-13 160944]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\archivos de programa\lavasoft\ad-aware\kernexplorer.sys --> c:\archivos de programa\lavasoft\ad-aware\KernExplorer.sys [?]

S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANMp50.sys [2012-8-26 36408]

S3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANSp50.sys [2012-8-26 35384]

S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\archivos de programa\roxio\backontrack\disaster recovery\saibsvc.exe --> c:\archivos de programa\roxio\backontrack\disaster recovery\SaibSVC.exe [?]

S4 BOTService;BOTService;"c:\archivos de programa\roxio\backontrack\instant restore\botservice.exe" --> c:\archivos de programa\roxio\backontrack\instant restore\BOTService.exe [?]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]

ShellExec: BitComet.exe: open="c:\archivos de programa\bitcomet\BitComet.exe"

.

=============== Created Last 30 ================

.

2013-02-03 20:43:36 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-02-03 20:42:57 41224 ----a-w- c:\windows\avastSS.scr

2013-02-03 19:51:08 -------- d-----w- c:\documents and settings\juan merello-galasso\datos de programa\DriverCure

2013-02-03 19:51:07 -------- d-----w- c:\documents and settings\juan merello-galasso\datos de programa\ParetoLogic

2013-02-03 19:50:46 -------- d-----w- c:\documents and settings\all users\datos de programa\ParetoLogic

2013-02-03 14:48:21 6991832 ----a-w- c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{32301680-2eef-4bee-ab90-098a191b3609}\mpengine.dll

2013-02-02 21:46:46 -------- d-----w- C:\VundoFix Backups

2013-01-26 22:56:28 -------- d-----w- c:\documents and settings\all users\datos de programa\CheckPoint

2013-01-17 15:48:51 6991832 ----a-w- c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-01-16 15:38:07 -------- d-----w- c:\archivos de programa\Atheros

2013-01-16 02:18:16 -------- d-----w- c:\windows\system32\wbem\repository\FS

2013-01-16 02:18:16 -------- d-----w- c:\windows\system32\wbem\Repository

2013-01-16 02:16:34 -------- d-----w- c:\archivos de programa\Microsoft Security Client

2013-01-16 02:15:49 -------- d-----w- c:\archivos de programa\Mozilla Firefox(3)

2013-01-16 02:15:49 -------- d-----w- c:\archivos de programa\Mozilla Firefox(2)

2013-01-16 02:15:41 -------- d-----w- c:\archivos de programa\Mozilla Maintenance Service

2013-01-16 02:10:51 -------- d-----w- c:\archivos de programa\Mozilla Firefox(2)(2)

2013-01-16 01:14:30 -------- d-----w- C:\Puppy.exe9477P

2013-01-16 00:50:46 -------- d-----w- c:\archivos de programa\Microsoft Security Client(2)

2013-01-15 23:32:25 -------- d-----w- c:\archivos de programa\PC Speed Maximizer

2013-01-14 20:36:18 -------- d-----w- c:\archivos de programa\File Scout

2013-01-14 20:09:15 15360 ----a-w- c:\windows\Launcher.exe

2013-01-14 20:09:06 -------- d-----w- c:\archivos de programa\Protected Search

2013-01-14 20:07:36 -------- d-----w- c:\documents and settings\juan merello-galasso\configuración local\datos de programa\DownTango

2013-01-14 20:07:15 -------- d-----w- c:\documents and settings\juan merello-galasso\configuración local\datos de programa\SimplyTech

2013-01-14 20:06:44 -------- d-----w- c:\archivos de programa\Red Sky

.

==================== Find3M ====================

.

2013-02-10 19:07:36 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-10 19:07:36 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 19:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-28 14:22:51 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-28 14:22:45 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-28 14:22:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-28 14:22:44 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-13 11:55:04 1866496 ----a-w- c:\windows\system32\win32k.sys

2011-09-30 13:28:04 2346904 ----a-w- c:\archivos de programa\ESETSmartInstaller_1.exe

2011-09-30 13:28:04 2346904 ----a-w- c:\archivos de programa\ESETSmartInstaller.exe

2010-10-02 09:03:44 189920 ----a-w- c:\archivos de programa\Windows Installer CleanUp Utility.exe

2010-09-27 17:28:36 307032 ----a-w- c:\archivos de programa\Toolbox.exe

2010-03-23 13:05:20 581120 ----a-w- c:\archivos de programa\lame.exe

2008-11-10 20:25:50 244592 ----a-w- c:\archivos de programa\ZoomIt.exe

2008-06-23 12:50:14 534016 ----a-w- c:\archivos de programa\FireTune.exe

2007-02-12 20:31:26 1111552 ----a-w- c:\archivos de programa\FSCapture.exe

2005-10-20 15:04:08 38912 ----a-w- c:\archivos de programa\AUTOBACK.EXE

2005-10-20 15:03:08 140288 ----a-w- c:\archivos de programa\NTREGOPT.EXE

2005-10-20 15:02:28 163328 ----a-w- c:\archivos de programa\ERDNT.E_E

2005-10-20 15:00:28 157696 ----a-w- c:\archivos de programa\ERUNT.EXE

2005-01-21 22:08:12 2384669 ----a-w- c:\archivos de programa\WinAVI_Video_Capture.exe

.

============= FINISH: 16:58:03.37 ===============

.# AdwCleaner v2.112 - Fichero creado el 10/02/2013 a 16:52:50

# Actualizado el 10/02/2013 por Xplode

# Sistema operativo : Microsoft Windows XP Service Pack 3 (32 bits)

# Usuario : Juan Merello-Galasso - JUAN

# Modo de inicio : Normal

# Ejecutado desde : C:\MyDownloadFiles\adwcleaner.exe

# Opción [búsqueda]

***** [servicios] *****

***** [Ficheros / Carpetas] *****

Carpeta Presente : C:\Archivos de programa\Ask.com

Carpeta Presente : C:\Archivos de programa\Conduit

Carpeta Presente : C:\Archivos de programa\file scout

Carpeta Presente : C:\Archivos de programa\Fluendo

Carpeta Presente : C:\Archivos de programa\Protected Search

Carpeta Presente : C:\Documents and Settings\Administrador\Configuración local\Datos de programa\FreeCompressor Air

Carpeta Presente : C:\Documents and Settings\All Users\Datos de programa\Babylon

Carpeta Presente : C:\Documents and Settings\All Users\Datos de programa\boost_interprocess

Carpeta Presente : C:\Documents and Settings\All Users\Datos de programa\InstallMate

Carpeta Presente : C:\Documents and Settings\All Users\Datos de programa\SweetIM

Carpeta Presente : C:\Documents and Settings\All Users\Menú Inicio\Programas\PriceGong

Carpeta Presente : C:\Documents and Settings\Juan Merello-Galasso\Configuración local\Datos de programa\AskToolbar

Carpeta Presente : C:\Documents and Settings\Juan Merello-Galasso\Configuración local\Datos de programa\Babylon

Carpeta Presente : C:\Documents and Settings\Juan Merello-Galasso\Configuración local\Datos de programa\Conduit

Carpeta Presente : C:\Documents and Settings\Juan Merello-Galasso\Configuración local\Datos de programa\DownTango

Carpeta Presente : C:\Documents and Settings\Juan Merello-Galasso\Configuración local\Datos de programa\FreeCompressor Air

Carpeta Presente : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\AskToolbar

Carpeta Presente : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Babylon

Carpeta Presente : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Complitly

Carpeta Presente : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\FreeCompressor

Carpeta Presente : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Iminent

Carpeta Presente : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\moovida-1

Carpeta Presente : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\Searchqutoolbar

Carpeta Presente : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Searchqutoolbar

Carpeta Presente : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\vghd

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Acceso directo a 7zFM.exe.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Acceso directo a firefox.exe.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Acceso directo a freemergemp3.exe.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Acceso directo a FSCapture.exe.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Acceso directo a msicuu.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Acceso directo a SIWPortable.exe.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Acceso directo a Skype.exe.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Acceso directo a TCPOptimizer.exe.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Acceso directo a TweakUI 2.1.exe.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Acceso directo a USB Disk Ejector 1.1.2.0 Portable.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Acceso directo a VundoFix.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Acceso directo a WindowsXP-KB942288-v3-x86.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Acceso directo a WindowsXP-KB942288-v3-x86[2].lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Acceso directo a ZoomIt.exe.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\AdministradorDisposi.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Audacity.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Auslogics Disk Defrag.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Auslogics Duplicate File Finder.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Autoplay Repair.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Bloc de notas.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Bootdefrag.lnk ( arg. : -r -t 0 hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Burrrn (2).lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Calculadora.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Iniciar el explorador Internet Explorer.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\IrfanView 4.28 (2).lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\IrfanView.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials (2).lnk ( arg. : -ScParameter=8 hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk ( arg. : -ScParameter=8 hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\PotPlayer.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Recuva.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Search Everything.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Servicioc.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\SpeedFan.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Stanby.lnk ( arg. : powrprof.dll,SetSuspendState hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\TreeSize Free.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\VisorEventos.lnk ( arg. : /s hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk ( arg. : /prefetch:1 hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Windows Movie Maker.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Menú Inicio\Programas\Accesorios\Herramientas del sistema\Internet Explorer (sin complementos).lnk ( arg. : -extoff hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Infected : C:\Documents and Settings\Juan Merello-Galasso\Menú Inicio\Programas\Internet Explorer.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=3196)

Fichero Presente : C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\07nwi6wq.default\searchplugins\Web Search.xml

Fichero Presente : C:\user.js

Fichero Presente : C:\WINDOWS\Tasks\Protected Search.job

***** [Registro] *****

Clave Presente : HKCU\Software\APN PIP

Clave Presente : HKCU\Software\AppDataLow\Software\Conduit

Clave Presente : HKCU\Software\Ask&Record

Clave Presente : HKCU\Software\Complitly

Clave Presente : HKCU\Software\Conduit

Clave Presente : HKCU\Software\ConduitSearchScopes

Clave Presente : HKCU\Software\DataMngr_Toolbar

Clave Presente : HKCU\Software\facemoods.com

Clave Presente : HKCU\Software\FreeCompressor

Clave Presente : HKCU\Software\Headlight

Clave Presente : HKCU\Software\IGearSettings

Clave Presente : HKCU\Software\Iminent

Clave Presente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

Clave Presente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Clave Presente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Clave Presente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Clave Presente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Clave Presente : HKCU\Software\Softonic

Clave Presente : HKCU\Software\TBSB01620

Clave Presente : HKLM\Software\Babylon

Clave Presente : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Clave Presente : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Clave Presente : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}

Clave Presente : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Clave Presente : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Clave Presente : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Clave Presente : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Clave Presente : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}

Clave Presente : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}

Clave Presente : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Clave Presente : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Clave Presente : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Clave Presente : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL

Clave Presente : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Clave Presente : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Clave Presente : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Clave Presente : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Clave Presente : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Clave Presente : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL

Clave Presente : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Clave Presente : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Clave Presente : HKLM\SOFTWARE\Classes\b

Clave Presente : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Clave Presente : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Clave Presente : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Clave Presente : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}

Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}

Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}

Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}

Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Clave Presente : HKLM\SOFTWARE\Classes\Conduit.Engine

Clave Presente : HKLM\SOFTWARE\Classes\escort.escortIEPane

Clave Presente : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Clave Presente : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Clave Presente : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Clave Presente : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Clave Presente : HKLM\SOFTWARE\Classes\esrv.escrtSrvc

Clave Presente : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1

Clave Presente : HKLM\SOFTWARE\Classes\facemoods.xtrnl

Clave Presente : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1

Clave Presente : HKLM\SOFTWARE\Classes\facemoodsApp.appCore

Clave Presente : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Clave Presente : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}

Clave Presente : HKLM\SOFTWARE\Classes\Prod.cap

Clave Presente : HKLM\SOFTWARE\Classes\Toolbar.CT1060933

Clave Presente : HKLM\SOFTWARE\Classes\Toolbar.CT2431232

Clave Presente : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}

Clave Presente : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}

Clave Presente : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Clave Presente : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Clave Presente : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}

Clave Presente : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Clave Presente : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Clave Presente : HKLM\Software\Conduit

Clave Presente : HKLM\Software\facemoods.com

Clave Presente : HKLM\Software\FreeCompressor

Clave Presente : HKLM\Software\Freeze.com

Clave Presente : HKLM\Software\Iminent

Clave Presente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Clave Presente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Clave Presente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Clave Presente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Clave Presente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

Clave Presente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}

Clave Presente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1EF93620-4B15-4DB4-B0EA-889E2F187081}

Clave Presente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1

Clave Presente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Complitly_is1

Clave Presente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods

Clave Presente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong

Clave Presente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service

Clave Presente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ForceRenive

Clave Presente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

Clave Presente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

Clave Presente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1EF93620-4B15-4DB4-B0EA-889E2F187081}

Clave Presente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Clave Presente : HKLM\Software\PIP

Clave Presente : HKLM\Software\SimplyGen

Clave Presente : HKU\S-1-5-21-2359764000-2142377074-2693712990-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

Clave Presente : HKU\S-1-5-21-2359764000-2142377074-2693712990-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Clave Presente : HKU\S-1-5-21-2359764000-2142377074-2693712990-1005\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Clave Presente : HKU\S-1-5-21-2359764000-2142377074-2693712990-1005\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Clave Presente : HKU\S-1-5-21-2359764000-2142377074-2693712990-1005\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Valor Presente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Valor Presente : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [freecompressor@spointer.com]

***** [Navegadores] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?af=110395&tt=290312_bexdll&babsrc=nt_ss&mntrid=14f8a33700000000000018a905da8a49

-\\ Mozilla Firefox v18.0.2 (es-CL)

Fichero : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\prefs.js

Presente : user_pref("BlockSite.locations", "hxxp://www.theexgirlfriends.com/|||hxxp://search.certified-toolbar[...]

Presente : user_pref("extensions.ntk.HISTORY", "[{\"title\":\"Google\",\"icon\":{\"spec\":\"moz-anno:favicon:ht[...]

Presente : user_pref("extensions.ntk.recentClosedPers", "hxxp://www.systweak.com/registrycleaner/softonic/?utm_[...]

Presente : user_pref("extensions.ntk.thumbsUrls", "hxxps://www.google.cl/;hxxp://search.certified-toolbar.com/?[...]

Fichero : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\ek09lm6s.default-1358293645906\prefs.js

[OK] El fichero no contiene ninguna entrada ilegítima.

Fichero : C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\07nwi6wq.default\prefs.js

Presente : user_pref("browser.search.defaultenginename", "Web Search");

Presente : user_pref("browser.search.defaultengine", "Web Search");

Presente : user_pref("browser.search.selectedEngine", "Web Search");

Presente : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=41460&home=true&tid=31[...]

Presente : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=41460&tid=3196&bs=true&q=");

Presente : user_pref("browser.search.order.1", "Web Search");

-\\ Google Chrome v24.0.1312.57

Fichero : C:\Documents and Settings\Juan Merello-Galasso\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Preferences

Presente [l.50] : keyword = "search.iminent.com",

Presente [l.53] : search_url = "hxxp://search.iminent.com/?appId=AC5FFCC4-EE55-4799-9EDE-EB9993BF8276&ref=toolbox&q={searchTerms}",

*************************

AdwCleaner[R1].txt - [28202 octets] - [10/02/2013 16:52:50]

########## EOF - C:\AdwCleaner[R1].txt - [28263 octets] ##########

MB = No threats.

Link to post
Share on other sites

  • Replies 94
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

I know you have run some of these on your own but I still want you to run them again - I would like to see how the second run comes out

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

I want you to run this tool now - http://www.bleepingcomputer.com/download/shortcut-cleaner/

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Thanks a lor, Gringo. I want to tell you that in other forum, a while ago, I was hardly admonished for sending a consult without including from the beginning, the scanners I sent you. Please, forgive me. I will perform your instructions and send again a message ith results. <Thanks and regards.

Link to post
Share on other sites

Sorry if I seem idiot, but where is the watch button and when? Please forgive me. Thanks

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.57

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

avast! Free Antivirus

`````````Anti-malware/Other Utilities Check:`````````

WinPatrol

Malwarebytes Anti-Malware versión 1.70.0.1100

CCleaner

Java 6 Update 33

Java 7 Update 9

Java version out of Date!

Adobe Flash Player 11.5.502.149

Adobe Reader 10.1.5 Adobe Reader out of Date!

Mozilla Firefox (18.0.2)

Google Chrome 24.0.1312.56

Google Chrome 24.0.1312.57

````````Process Check: objlist.exe by Laurent````````

WinPatrol winpatrol.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastUI.exe

BillP Studios WinPatrol winpatrol.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 2%

````````````````````End of Log``````````````````````

# AdwCleaner v2.112 - Fichero creado el 11/02/2013 a 17:56:12

# Actualizado el 10/02/2013 por Xplode

# Sistema operativo : Microsoft Windows XP Service Pack 3 (32 bits)

# Usuario : Juan Merello-Galasso - JUAN

# Modo de inicio : Normal

# Ejecutado desde : E:\adwcleaner.exe

# Opción [supresión]

***** [servicios] *****

***** [Ficheros / Carpetas] *****

Carpeta Suprimido : C:\Archivos de programa\Ask.com

Carpeta Suprimido : C:\Archivos de programa\Conduit

Carpeta Suprimido : C:\Archivos de programa\file scout

Carpeta Suprimido : C:\Archivos de programa\Fluendo

Carpeta Suprimido : C:\Archivos de programa\Protected Search

Carpeta Suprimido : C:\Documents and Settings\Administrador\Configuración local\Datos de programa\FreeCompressor Air

Carpeta Suprimido : C:\Documents and Settings\All Users\Datos de programa\Babylon

Carpeta Suprimido : C:\Documents and Settings\All Users\Datos de programa\boost_interprocess

Carpeta Suprimido : C:\Documents and Settings\All Users\Datos de programa\InstallMate

Carpeta Suprimido : C:\Documents and Settings\All Users\Datos de programa\SweetIM

Carpeta Suprimido : C:\Documents and Settings\All Users\Menú Inicio\Programas\PriceGong

Carpeta Suprimido : C:\Documents and Settings\Juan Merello-Galasso\Configuración local\Datos de programa\AskToolbar

Carpeta Suprimido : C:\Documents and Settings\Juan Merello-Galasso\Configuración local\Datos de programa\Babylon

Carpeta Suprimido : C:\Documents and Settings\Juan Merello-Galasso\Configuración local\Datos de programa\Conduit

Carpeta Suprimido : C:\Documents and Settings\Juan Merello-Galasso\Configuración local\Datos de programa\DownTango

Carpeta Suprimido : C:\Documents and Settings\Juan Merello-Galasso\Configuración local\Datos de programa\FreeCompressor Air

Carpeta Suprimido : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\AskToolbar

Carpeta Suprimido : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Babylon

Carpeta Suprimido : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Complitly

Carpeta Suprimido : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\FreeCompressor

Carpeta Suprimido : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Iminent

Carpeta Suprimido : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\moovida-1

Carpeta Suprimido : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\Searchqutoolbar

Carpeta Suprimido : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Searchqutoolbar

Carpeta Suprimido : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\vghd

Fichero Suprimido : C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\07nwi6wq.default\searchplugins\Web Search.xml

Fichero Suprimido : C:\user.js

Fichero Suprimido : C:\WINDOWS\Tasks\Protected Search.job

***** [Registro] *****

Clave Supprimida : HKCU\Software\APN PIP

Clave Supprimida : HKCU\Software\AppDataLow\Software\Conduit

Clave Supprimida : HKCU\Software\Ask&Record

Clave Supprimida : HKCU\Software\Complitly

Clave Supprimida : HKCU\Software\Conduit

Clave Supprimida : HKCU\Software\ConduitSearchScopes

Clave Supprimida : HKCU\Software\DataMngr_Toolbar

Clave Supprimida : HKCU\Software\facemoods.com

Clave Supprimida : HKCU\Software\FreeCompressor

Clave Supprimida : HKCU\Software\Headlight

Clave Supprimida : HKCU\Software\IGearSettings

Clave Supprimida : HKCU\Software\Iminent

Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Clave Supprimida : HKCU\Software\Softonic

Clave Supprimida : HKCU\Software\TBSB01620

Clave Supprimida : HKLM\Software\Babylon

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Clave Supprimida : HKLM\SOFTWARE\Classes\b

Clave Supprimida : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Clave Supprimida : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Clave Supprimida : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Clave Supprimida : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}

Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}

Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}

Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}

Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Clave Supprimida : HKLM\SOFTWARE\Classes\Conduit.Engine

Clave Supprimida : HKLM\SOFTWARE\Classes\escort.escortIEPane

Clave Supprimida : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Clave Supprimida : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Clave Supprimida : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Clave Supprimida : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Clave Supprimida : HKLM\SOFTWARE\Classes\esrv.escrtSrvc

Clave Supprimida : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1

Clave Supprimida : HKLM\SOFTWARE\Classes\facemoods.xtrnl

Clave Supprimida : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1

Clave Supprimida : HKLM\SOFTWARE\Classes\facemoodsApp.appCore

Clave Supprimida : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}

Clave Supprimida : HKLM\SOFTWARE\Classes\Prod.cap

Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar.CT1060933

Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar.CT2431232

Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}

Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}

Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}

Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Clave Supprimida : HKLM\Software\Conduit

Clave Supprimida : HKLM\Software\facemoods.com

Clave Supprimida : HKLM\Software\FreeCompressor

Clave Supprimida : HKLM\Software\Freeze.com

Clave Supprimida : HKLM\Software\Iminent

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1EF93620-4B15-4DB4-B0EA-889E2F187081}

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Complitly_is1

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ForceRenive

Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1EF93620-4B15-4DB4-B0EA-889E2F187081}

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Clave Supprimida : HKLM\Software\PIP

Clave Supprimida : HKLM\Software\SimplyGen

Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Valor Supprimida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [freecompressor@spointer.com]

***** [Navegadores] *****

-\\ Internet Explorer v8.0.6001.18702

Sustituido : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?af=110395&tt=290312_bexdll&babsrc=nt_ss&mntrid=14f8a33700000000000018a905da8a49 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (es-CL)

Fichero : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\prefs.js

C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\user.js ... Suprimido !

Supprimida : user_pref("BlockSite.locations", "hxxp://www.theexgirlfriends.com/|||hxxp://search.certified-toolbar[...]

Supprimida : user_pref("extensions.ntk.HISTORY", "[{\"title\":\"Google\",\"icon\":{\"spec\":\"moz-anno:favicon:ht[...]

Supprimida : user_pref("extensions.ntk.recentClosedPers", "hxxp://www.systweak.com/registrycleaner/softonic/?utm_[...]

Supprimida : user_pref("extensions.ntk.thumbsUrls", "hxxps://www.google.cl/;hxxp://search.certified-toolbar.com/?[...]

Fichero : C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\ek09lm6s.default-1358293645906\prefs.js

[OK] El fichero no contiene ninguna entrada ilegítima.

Fichero : C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\07nwi6wq.default\prefs.js

Supprimida : user_pref("browser.search.defaultenginename", "Web Search");

Supprimida : user_pref("browser.search.defaultengine", "Web Search");

Supprimida : user_pref("browser.search.selectedEngine", "Web Search");

Supprimida : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=41460&home=true&tid=31[...]

Supprimida : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=41460&tid=3196&bs=true&q=");

Supprimida : user_pref("browser.search.order.1", "Web Search");

-\\ Google Chrome v24.0.1312.57

Fichero : C:\Documents and Settings\Juan Merello-Galasso\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Preferences

Supprimida [l.50] : keyword = "search.iminent.com",

Supprimida [l.53] : search_url = "hxxp://search.iminent.com/?appId=AC5FFCC4-EE55-4799-9EDE-EB9993BF8276&ref=toolb[...]

*************************

AdwCleaner[R1].txt - [28333 octets] - [10/02/2013 16:52:50]

AdwCleaner[s1].txt - [17532 octets] - [11/02/2013 17:56:12]

########## EOF - C:\AdwCleaner[s1].txt - [17593 octets] ##########

RogueKiller V8.5.0 [Feb 9 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Juan Merello-Galasso [Admin rights]

Mode : Scan -- Date : 02/11/2013 18:14:16

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[TASK][sUSP PATH] Juan Merello-Galasso3.job : C:\Archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe "C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Nero\Nero BackItUp 5\Files\Juan Merello-Galasso3.nji" -> FOUND

[TASK][sUSP PATH] Juan Merello-Galasso2.job : C:\Archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe "C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Nero\Nero BackItUp 5\Files\Juan Merello-Galasso2.nji" -> FOUND

[TASK][sUSP PATH] Juan Merello-Galasso.job : C:\Archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe "C:\Documents and Settings\Juan Merello-Galasso\Datos de programa\Nero\Nero BackItUp 5\Files\Juan Merello-Galasso.nji" -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVT-60ZCT1 +++++

--- User ---

[MBR] 6c5541cfb4c77707a8bb39e7949c728d

[bSP] ec2e8b71641647ad28ff60df09235ea6 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152616 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SD Card +++++

--- User ---

[MBR] fa6d13ad7179118f4fed64408274dacd

[bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 135 | Size: 1884 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_02112013_02d1814.txt >>

RKreport[1]_S_02112013_02d1814.txt

Link to post
Share on other sites

It has changed in the last day or so - so now it is follow this topic

Link to post
Share on other sites

It has changed in the last day or so - so now it is follow this topic

Yeah, but it's concealed in more Reply Options at the bottom... I checked this on, only. Regards and thanks
Link to post
Share on other sites

Furefox starting page with certified.search-tool stopped. There are still undesireable pop web pages behind. I think that recovering Firefox start page is amazing. (for the success). Regards and thanks

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Also disappeared the abnormal page when opening Word. Very nice! Many thanks

Link to post
Share on other sites

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.


  • Link 1
    Link 2
    Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"


  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Do you think it will be necessary? PC is functionning as new, every time I open or use applications and XP functions. I will run ComboFix. I have runned it before... Regards

Link to post
Share on other sites

I cannot get rid of Avira last traces; so I was allerted by Combofix but couldn' do anything.

ComboFix 13-02-07.02 - Juan Merello-Galasso 11/02/2013 21:28:30.5.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.52.3082.18.2039.1352 [GMT -3:00]

Running from: c:\documents and settings\Juan Merello-Galasso\Escritorio\Combofix\Puppy.exe.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

C:\Puppy(2).exe

c:\puppy(2).exe\023.dat

c:\puppy(2).exe\023v.dat

c:\puppy(2).exe\023w7.dat

c:\puppy(2).exe\AppDataFile.cfx

c:\puppy(2).exe\AppDataFolder.cfx

c:\puppy(2).exe\appinit.bad

c:\puppy(2).exe\asp.str

c:\puppy(2).exe\ATTRIB.3XE

c:\puppy(2).exe\badclsid.c

c:\puppy(2).exe\BFE.dat

c:\puppy(2).exe\c.mrk

c:\puppy(2).exe\catchme.3XE

c:\puppy(2).exe\CF11592.3XE

c:\puppy(2).exe\clsid.c

c:\puppy(2).exe\ComboFix-Download.3XE

c:\puppy(2).exe\Creg.dat

c:\puppy(2).exe\CregC.dat

c:\puppy(2).exe\CSCRIPT.3XE

c:\puppy(2).exe\d-delA.dat

c:\puppy(2).exe\dd.3XE

c:\puppy(2).exe\ddsDo.sed

c:\puppy(2).exe\DesktopFile.cfx

c:\puppy(2).exe\DisclaimED.dat

c:\puppy(2).exe\DPF.str

c:\puppy(2).exe\dumphive.3XE

c:\puppy(2).exe\embedded.sed

c:\puppy(2).exe\ERDNT.e_e

c:\puppy(2).exe\ERDNTDOS.LOC

c:\puppy(2).exe\ERDNTWIN.LOC

c:\puppy(2).exe\ERUNT.3XE

c:\puppy(2).exe\erunt.dat

c:\puppy(2).exe\ERUNT.LOC

c:\puppy(2).exe\extract.3XE

c:\puppy(2).exe\FavoriteFolder.cfx

c:\puppy(2).exe\FavoritesFile.cfx

c:\puppy(2).exe\FileKill.3XE

c:\puppy(2).exe\Fin.dat

c:\puppy(2).exe\ForeignWht

c:\puppy(2).exe\grep.3XE

c:\puppy(2).exe\gsar.3XE

c:\puppy(2).exe\handle.3XE

c:\puppy(2).exe\hidec.3XE

c:\puppy(2).exe\image001.gif

c:\puppy(2).exe\Imefile.dat

c:\puppy(2).exe\iphlpsvc.vista.dat

c:\puppy(2).exe\iphlpsvc.w7.dat

c:\puppy(2).exe\kmd.dat

c:\puppy(2).exe\LocalAppDataFile.cfx

c:\puppy(2).exe\LocalAppDataFolder.cfx

c:\puppy(2).exe\LocalService.dat

c:\puppy(2).exe\LocalServiceNetworkRestricted.dat

c:\puppy(2).exe\LocalSettingsFile.cfx

c:\puppy(2).exe\LocalSystemNetworkRestricted.dat

c:\puppy(2).exe\mbr.3XE

c:\puppy(2).exe\mbr.chk

c:\puppy(2).exe\MDWht.dat

c:\puppy(2).exe\MpsSvc.dat

c:\puppy(2).exe\mtee.3XE

c:\puppy(2).exe\mynul.dat

c:\puppy(2).exe\N_(2)\10576

c:\puppy(2).exe\N_(2)\12067

c:\puppy(2).exe\N_(2)\21361

c:\puppy(2).exe\N_(2)\25105

c:\puppy(2).exe\N_(2)\2576

c:\puppy(2).exe\N_(2)\25908

c:\puppy(2).exe\N_(2)\Path$

c:\puppy(2).exe\ndis_combofix.dat

c:\puppy(2).exe\netsvc.bad.dat

c:\puppy(2).exe\netsvc.dat

c:\puppy(2).exe\NetworkService.dat

c:\puppy(2).exe\NirCmd.3XE

c:\puppy(2).exe\NirCmdC.3XE

c:\puppy(2).exe\NIRKMD.3XE

c:\puppy(2).exe\NlsLanguageDefault

c:\puppy(2).exe\NULL

c:\puppy(2).exe\pausep.3XE

c:\puppy(2).exe\PersonalFile.cfx

c:\puppy(2).exe\PersonalFolder.cfx

c:\puppy(2).exe\pev.3XE

c:\puppy(2).exe\pevb.3XE

c:\puppy(2).exe\PING.3XE

c:\puppy(2).exe\Policies.dat

c:\puppy(2).exe\powp.dat

c:\puppy(2).exe\ProfilesFile.cfx

c:\puppy(2).exe\ProfilesFolder.cfx

c:\puppy(2).exe\ProgramsFile.cfx

c:\puppy(2).exe\ProgramsFolder.cfx

c:\puppy(2).exe\Purity.dat

c:\puppy(2).exe\PV.3XE

c:\puppy(2).exe\RCLink.dat

c:\puppy(2).exe\REGDACL.sed

c:\puppy(2).exe\RegDo.sed

c:\puppy(2).exe\region.dat

c:\puppy(2).exe\Resident.txt

c:\puppy(2).exe\rmbr.3XE

c:\puppy(2).exe\rogues.dat

c:\puppy(2).exe\ROUTE.3XE

c:\puppy(2).exe\run2.sed

c:\puppy(2).exe\Rust.str

c:\puppy(2).exe\s0rt.3XE

c:\puppy(2).exe\safeboot.dat

c:\puppy(2).exe\safeboot.def.dat

c:\puppy(2).exe\sed.3XE

c:\puppy(2).exe\setpath.3XE

c:\puppy(2).exe\ShAccess.dat

c:\puppy(2).exe\sqlite3.3XE

c:\puppy(2).exe\srizbi.md5

c:\puppy(2).exe\Start_dat

c:\puppy(2).exe\StartMenuFile.cfx

c:\puppy(2).exe\StartMenuFolder.cfx

c:\puppy(2).exe\StartUpFile.cfx

c:\puppy(2).exe\svc_wht.dat

c:\puppy(2).exe\svchost.dat

c:\puppy(2).exe\svchost.vista.x64.dat

c:\puppy(2).exe\swreg.3XE

c:\puppy(2).exe\swsc.3XE

c:\puppy(2).exe\swxcacls.3XE

c:\puppy(2).exe\system_ini.dat

c:\puppy(2).exe\tail.3XE

c:\puppy(2).exe\TemplatesFile.cfx

c:\puppy(2).exe\TemplatesFolder.cfx

c:\puppy(2).exe\toolbar.sed

c:\puppy(2).exe\VInfo

c:\puppy(2).exe\VInfo2

c:\puppy(2).exe\VINFO3

c:\puppy(2).exe\Vipev.dat

c:\puppy(2).exe\vistaMcode.dat

c:\puppy(2).exe\vun.dat

c:\puppy(2).exe\w7Mcode.dat

c:\puppy(2).exe\XP.mac

c:\puppy(2).exe\xpmcode.dat

c:\puppy(2).exe\xpreg.dat

c:\puppy(2).exe\zDomain.dat

c:\puppy(2).exe\zhsvc.dat

c:\puppy(2).exe\zip.3XE

C:\Puppy.exe

c:\puppy.exe\ActiveDrv.vbs

c:\puppy.exe\Assoc.cmd

c:\puppy.exe\Auto-RC.cmd

c:\puppy.exe\av.cmd

c:\puppy.exe\av.vbs

c:\puppy.exe\AWF.cmd

c:\puppy.exe\Boot-Rk.cmd

c:\puppy.exe\Boot.bat

c:\puppy.exe\BootDrv.vbs

c:\puppy.exe\c.bat

c:\puppy.exe\Catch-sub.cmd

c:\puppy.exe\CCS.bat

c:\puppy.exe\CF-Script.cmd

c:\puppy.exe\CHCP.bat

c:\puppy.exe\Combobatch.bat

c:\puppy.exe\Create.cmd

c:\puppy.exe\CregC.cmd

c:\puppy.exe\DelClsid.bat

c:\puppy.exe\desktop.ini

c:\puppy.exe\DrvRun.vbs

c:\puppy.exe\Exe.reg

c:\puppy.exe\FD-SV.cmd

c:\puppy.exe\ffdefstr.dll

c:\puppy.exe\ffext.pif

c:\puppy.exe\files.pif

c:\puppy.exe\FIND3M.bat

c:\puppy.exe\FIXLSP.bat

c:\puppy.exe\FIXLSP64.cmd

c:\puppy.exe\FKMGen.cmd

c:\puppy.exe\GetHive.cmd

c:\puppy.exe\history.bat

c:\puppy.exe\hwid.pif

c:\puppy.exe\iexplore.exe

c:\puppy.exe\Install-RC.cmd

c:\puppy.exe\Juan Merello-Galasso.user.cf

c:\puppy.exe\katch.cmd

c:\puppy.exe\Kill-All.cmd

c:\puppy.exe\KNetSvcs.vbs

c:\puppy.exe\Lang.bat

c:\puppy.exe\List-B.bat

c:\puppy.exe\List-C.bat

c:\puppy.exe\List-D.bat

c:\puppy.exe\List.bat

c:\puppy.exe\lnkread.vbs

c:\puppy.exe\md5sum.pif

c:\puppy.exe\MoveIt.bat

c:\puppy.exe\ncmd.com

c:\puppy.exe\ND_.bat

c:\puppy.exe\ND_64.bat

c:\puppy.exe\NircmdB.exe

c:\puppy.exe\NT-OS.cmd

c:\puppy.exe\OSid.vbs

c:\puppy.exe\PEV.exe

c:\puppy.exe\Prep.inf

c:\puppy.exe\pv.com

c:\puppy.exe\rar_sfx.cmd

c:\puppy.exe\RegScan.cmd

c:\puppy.exe\restore_pt.vbs

c:\puppy.exe\Rkey.cmd

c:\puppy.exe\SetEnvmt.bat

c:\puppy.exe\setpath_N.cmd

c:\puppy.exe\SF.exe

c:\puppy.exe\sfx.cmd

c:\puppy.exe\SnapShot.cmd

c:\puppy.exe\SRestore.cmd

c:\puppy.exe\SuppScan.cmd

c:\puppy.exe\SvcDrv.vbs

c:\puppy.exe\Update-CF.cmd

c:\puppy.exe\VBR.pif

c:\puppy.exe\VerCF.bat

c:\puppy.exe\w_sock.dll

c:\puppy.exe\Wmi_rem.vbs

c:\puppy.exe\XPSBoot.reg

C:\RECYCLER(2)

c:\recycler(2)\S-1-5-21-2359764000-2142377074-2693712990-1005(2)\Dc6.part

c:\recycler(2)\S-1-5-21-2359764000-2142377074-2693712990-1005(2)\INFO2

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2013-01-12 to 2013-02-12 )))))))))))))))))))))))))))))))

.

.

2013-02-03 20:43 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-02-03 20:43 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-02-03 20:43 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-02-03 20:43 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-02-03 20:43 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-02-03 20:43 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2013-02-03 20:43 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2013-02-03 20:43 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2013-02-03 20:42 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr

2013-02-03 20:42 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe

2013-02-03 19:51 . 2013-02-03 19:51 -------- d-----w- c:\documents and settings\Juan Merello-Galasso\Datos de programa\DriverCure

2013-02-03 19:51 . 2013-02-03 19:51 -------- d-----w- c:\documents and settings\Juan Merello-Galasso\Datos de programa\ParetoLogic

2013-02-03 19:50 . 2013-02-03 19:53 -------- d-----w- c:\documents and settings\All Users\Datos de programa\ParetoLogic

2013-02-03 14:48 . 2013-01-07 23:57 6991832 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{32301680-2EEF-4BEE-AB90-098A191B3609}\mpengine.dll

2013-02-02 21:46 . 2013-02-02 21:46 -------- d-----w- C:\VundoFix Backups

2013-01-26 23:07 . 2013-01-26 23:08 -------- d-----w- c:\archivos de programa\ERUNT

2013-01-26 22:56 . 2013-01-26 22:56 -------- d-----w- c:\documents and settings\All Users\Datos de programa\CheckPoint

2013-01-17 15:48 . 2013-01-07 23:57 6991832 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-16 15:38 . 2013-01-16 15:38 -------- d-----w- c:\archivos de programa\Atheros

2013-01-16 02:18 . 2013-01-16 02:18 -------- d-----w- c:\windows\system32\wbem\Repository

2013-01-16 02:16 . 2013-02-03 19:45 -------- d-----w- c:\archivos de programa\Microsoft Security Client

2013-01-16 02:15 . 2013-02-06 14:35 -------- d-----w- c:\archivos de programa\Mozilla Maintenance Service

2013-01-16 01:14 . 2013-01-16 02:15 -------- d-----w- C:\Puppy.exe9477P

2013-01-15 23:32 . 2013-01-16 02:16 -------- d-----w- c:\archivos de programa\PC Speed Maximizer

2013-01-14 20:09 . 2013-01-03 10:18 15360 ----a-w- c:\windows\Launcher.exe

2013-01-14 20:07 . 2013-01-14 20:09 -------- d-----w- c:\documents and settings\Juan Merello

2013-01-14 20:07 . 2013-01-14 20:07 -------- d-----w- c:\documents and settings\Juan Merello-Galasso\Configuración local\Datos de programa\SimplyTech

2013-01-14 20:06 . 2013-01-14 20:10 -------- d-----w- c:\archivos de programa\Red Sky

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-10 19:07 . 2012-07-26 19:21 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-10 19:07 . 2012-01-11 00:11 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-30 10:53 . 2012-05-04 00:33 232336 ------w- c:\windows\system32\MpSigStub.exe

2012-12-16 12:23 . 2011-02-15 12:56 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 19:49 . 2012-10-18 19:37 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-28 14:22 . 2012-11-28 14:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-28 14:22 . 2012-08-11 23:50 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-28 14:22 . 2012-05-15 19:25 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-28 14:22 . 2010-05-27 12:31 746984 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-30 13:28 . 2012-08-15 17:22 2346904 ----a-w- c:\archivos de programa\ESETSmartInstaller_1.exe

2011-09-30 13:28 . 2012-08-15 17:22 2346904 ----a-w- c:\archivos de programa\ESETSmartInstaller.exe

2010-10-02 09:03 . 2010-10-20 02:36 189920 ----a-w- c:\archivos de programa\Windows Installer CleanUp Utility.exe

2010-09-27 17:28 . 2010-09-27 17:28 307032 ----a-w- c:\archivos de programa\Toolbox.exe

2010-03-23 13:05 . 2010-11-27 16:17 581120 ----a-w- c:\archivos de programa\lame.exe

2008-11-10 20:25 . 2008-11-10 20:25 244592 ----a-w- c:\archivos de programa\ZoomIt.exe

2008-06-23 12:50 . 2010-09-08 12:48 534016 ----a-w- c:\archivos de programa\FireTune.exe

2007-02-12 20:31 . 2012-04-05 14:22 1111552 ----a-w- c:\archivos de programa\FSCapture.exe

2005-10-20 15:04 . 2005-10-20 15:04 38912 ----a-w- c:\archivos de programa\AUTOBACK.EXE

2005-10-20 15:03 . 2005-10-20 15:03 140288 ----a-w- c:\archivos de programa\NTREGOPT.EXE

2005-10-20 15:02 . 2005-10-20 15:02 163328 ----a-w- c:\archivos de programa\ERDNT.E_E

2005-10-20 15:00 . 2005-10-20 15:00 157696 ----a-w- c:\archivos de programa\ERUNT.EXE

2005-01-21 22:08 . 2010-06-26 22:17 2384669 ----a-w- c:\archivos de programa\WinAVI_Video_Capture.exe

2013-02-06 12:41 . 2013-02-06 12:41 262552 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\archivos de programa\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"WinPatrol"="c:\archivos de programa\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-20 363752]

"avast"="c:\archivos de programa\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

c:\documents and settings\Juan Merello-Galasso\Menú Inicio\Programas\Inicio\

ERUNT AutoBackup.lnk - c:\archivos de programa\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

QuickMonth Calendar.lnk - c:\windows\qmc.exe [2010-4-1 429003]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35 946352 ----a-w- c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-05-10 05:41 49208 ----a-w- c:\archivos de programa\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2009-06-04 22:03 186904 ----a-w- c:\archivos de programa\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Archivos de programa\\Archivos comunes\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Archivos de programa\\Daum\\PotPlayer\\PotPlayerMini.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Archivos de programa\\Applian Technologies\\Applian FLV and Media Player\\amp.exe"=

"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"20998:TCP"= 20998:TCP:BitComet 20998 TCP

"20998:UDP"= 20998:UDP:BitComet 20998 UDP

.

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [20/11/2009 02:36 p.m. 21488]

R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [20/11/2009 02:36 p.m. 15856]

R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [02/07/2009 02:10 a.m. 103792]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [03/02/2013 05:43 p.m. 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/02/2013 05:43 p.m. 361032]

R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [20/11/2009 02:36 p.m. 25584]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [02/11/2010 08:06 p.m. 101112]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/02/2013 05:43 p.m. 21256]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [20/11/2009 02:23 p.m. 113664]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/09/2009 06:46 p.m. 62576]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [16/01/2012 02:44 p.m. 193640]

S2 SkypeUpdate;Skype Updater;c:\archivos de programa\Skype\Updater\Updater.exe [13/07/2012 02:28 p.m. 160944]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\archivos de programa\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\archivos de programa\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANMp50.sys [26/08/2012 01:20 p.m. 36408]

S3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANSp50.sys [26/08/2012 01:20 p.m. 35384]

S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\archivos de programa\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe --> c:\archivos de programa\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [?]

S4 BOTService;BOTService;"c:\archivos de programa\Roxio\BackOnTrack\Instant Restore\BOTService.exe" --> c:\archivos de programa\Roxio\BackOnTrack\Instant Restore\BOTService.exe [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-02-02 22:14 1607120 ----a-w- c:\archivos de programa\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 19:07]

.

2013-02-11 c:\windows\Tasks\avast! Emergency Update.job

- c:\archivos de programa\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-03 22:50]

.

2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-10-04 00:22]

.

2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-10-04 00:22]

.

2012-02-09 c:\windows\Tasks\Juan Merello-Galasso NBAgent.job

- c:\archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2010-06-08 06:45]

.

2012-01-29 c:\windows\Tasks\Juan Merello-Galasso.job

- c:\archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2010-06-08 06:45]

.

2012-01-29 c:\windows\Tasks\Juan Merello-Galasso2.job

- c:\archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2010-06-08 06:45]

.

2012-02-09 c:\windows\Tasks\Juan Merello-Galasso3.job

- c:\archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2010-06-08 06:45]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzuzytDyE0C0EyDzyyCtBtC0B0Bzz0AtAtAyBtN0D0TzutBtDtCtCtDzztCyE&cr=266032843

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.cl/

FF - ExtSQL: 2013-01-16 11:21; {66E978CD-981F-47DF-AC42-E3CF417C1467}; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi

FF - ExtSQL: 2013-01-16 11:21; {39952c40-5197-11da-8cd6-0800200c9a66}; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\{39952c40-5197-11da-8cd6-0800200c9a66}.xpi

FF - ExtSQL: 2013-01-17 13:20; CNT@ednovak.net; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\CNT@ednovak.net.xpi

FF - ExtSQL: 2013-01-17 20:50; status4evar@caligonstudios.com; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\status4evar@caligonstudios.com.xpi

FF - ExtSQL: 2013-01-22 11:12; foxmarks@kei.com; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\foxmarks@kei.com

FF - ExtSQL: 2013-01-26 13:07; {a3a5c777-f583-4fef-9380-ab4add1bc2a8}; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi

FF - ExtSQL: 2013-01-26 20:43; {dd3d7613-0246-469d-bc65-2a3cc1668adc}; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi

FF - ExtSQL: 2013-02-03 17:48; wrc@avast.com; c:\archivos de programa\AVAST Software\Avast\WebRep\FF

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539} - c:\docume~1\ALLUSE~1\DATOSD~1\INSTAL~2\{A62F9~1\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-02-11 21:39

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

C:\avast! sandbox

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]

"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"A0C0710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Completion time: 2013-02-11 21:42:45

ComboFix-quarantined-files.txt 2013-02-12 00:42

.

Pre-Run: 118,796,234,752 bytes libres

Post-Run: 119,166,976,000 bytes libres

.

- - End Of File - - F5BE9C96E3EBC293A7A8F839E44A3DBA

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

Hi, gringo! Sorry but I am not receiving messages for new answers.

Forgive me again, but I do not know a word about CF Script. I thought it was a new tool but it isn't.

As a matter of facts PC is functioning in such a good way that seems to be e miracle. Obviously, I have not used every application. The unique almost stupid detail is that Avira continues to appear as activated.

I ask myself which tool, appart of Gringo's talent cured the PC; or everyone as astructure. I am shocked...

CF seems to be a big deal to install... Or I am radically wrong.

I appreciate your opinion

Regards and a lot of thanks

Link to post
Share on other sites

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

The below report was gotten in a few seconds only. I was with just my wallpaper for a while until I started PC several times. I was perplex.

I still have the residual Avira problem.

PC seems to be functioning better than new..., before this last Combofix

Thanks and regards

ComboFix 13-02-07.02 - Juan Merello-Galasso 11/02/2013 21:28:30.5.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.52.3082.18.2039.1352 [GMT -3:00]

Running from: c:\documents and settings\Juan Merello-Galasso\Escritorio\Combofix\Puppy.exe.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

C:\Puppy(2).exe

c:\puppy(2).exe\023.dat

c:\puppy(2).exe\023v.dat

c:\puppy(2).exe\023w7.dat

c:\puppy(2).exe\AppDataFile.cfx

c:\puppy(2).exe\AppDataFolder.cfx

c:\puppy(2).exe\appinit.bad

c:\puppy(2).exe\asp.str

c:\puppy(2).exe\ATTRIB.3XE

c:\puppy(2).exe\badclsid.c

c:\puppy(2).exe\BFE.dat

c:\puppy(2).exe\c.mrk

c:\puppy(2).exe\catchme.3XE

c:\puppy(2).exe\CF11592.3XE

c:\puppy(2).exe\clsid.c

c:\puppy(2).exe\ComboFix-Download.3XE

c:\puppy(2).exe\Creg.dat

c:\puppy(2).exe\CregC.dat

c:\puppy(2).exe\CSCRIPT.3XE

c:\puppy(2).exe\d-delA.dat

c:\puppy(2).exe\dd.3XE

c:\puppy(2).exe\ddsDo.sed

c:\puppy(2).exe\DesktopFile.cfx

c:\puppy(2).exe\DisclaimED.dat

c:\puppy(2).exe\DPF.str

c:\puppy(2).exe\dumphive.3XE

c:\puppy(2).exe\embedded.sed

c:\puppy(2).exe\ERDNT.e_e

c:\puppy(2).exe\ERDNTDOS.LOC

c:\puppy(2).exe\ERDNTWIN.LOC

c:\puppy(2).exe\ERUNT.3XE

c:\puppy(2).exe\erunt.dat

c:\puppy(2).exe\ERUNT.LOC

c:\puppy(2).exe\extract.3XE

c:\puppy(2).exe\FavoriteFolder.cfx

c:\puppy(2).exe\FavoritesFile.cfx

c:\puppy(2).exe\FileKill.3XE

c:\puppy(2).exe\Fin.dat

c:\puppy(2).exe\ForeignWht

c:\puppy(2).exe\grep.3XE

c:\puppy(2).exe\gsar.3XE

c:\puppy(2).exe\handle.3XE

c:\puppy(2).exe\hidec.3XE

c:\puppy(2).exe\image001.gif

c:\puppy(2).exe\Imefile.dat

c:\puppy(2).exe\iphlpsvc.vista.dat

c:\puppy(2).exe\iphlpsvc.w7.dat

c:\puppy(2).exe\kmd.dat

c:\puppy(2).exe\LocalAppDataFile.cfx

c:\puppy(2).exe\LocalAppDataFolder.cfx

c:\puppy(2).exe\LocalService.dat

c:\puppy(2).exe\LocalServiceNetworkRestricted.dat

c:\puppy(2).exe\LocalSettingsFile.cfx

c:\puppy(2).exe\LocalSystemNetworkRestricted.dat

c:\puppy(2).exe\mbr.3XE

c:\puppy(2).exe\mbr.chk

c:\puppy(2).exe\MDWht.dat

c:\puppy(2).exe\MpsSvc.dat

c:\puppy(2).exe\mtee.3XE

c:\puppy(2).exe\mynul.dat

c:\puppy(2).exe\N_(2)\10576

c:\puppy(2).exe\N_(2)\12067

c:\puppy(2).exe\N_(2)\21361

c:\puppy(2).exe\N_(2)\25105

c:\puppy(2).exe\N_(2)\2576

c:\puppy(2).exe\N_(2)\25908

c:\puppy(2).exe\N_(2)\Path$

c:\puppy(2).exe\ndis_combofix.dat

c:\puppy(2).exe\netsvc.bad.dat

c:\puppy(2).exe\netsvc.dat

c:\puppy(2).exe\NetworkService.dat

c:\puppy(2).exe\NirCmd.3XE

c:\puppy(2).exe\NirCmdC.3XE

c:\puppy(2).exe\NIRKMD.3XE

c:\puppy(2).exe\NlsLanguageDefault

c:\puppy(2).exe\NULL

c:\puppy(2).exe\pausep.3XE

c:\puppy(2).exe\PersonalFile.cfx

c:\puppy(2).exe\PersonalFolder.cfx

c:\puppy(2).exe\pev.3XE

c:\puppy(2).exe\pevb.3XE

c:\puppy(2).exe\PING.3XE

c:\puppy(2).exe\Policies.dat

c:\puppy(2).exe\powp.dat

c:\puppy(2).exe\ProfilesFile.cfx

c:\puppy(2).exe\ProfilesFolder.cfx

c:\puppy(2).exe\ProgramsFile.cfx

c:\puppy(2).exe\ProgramsFolder.cfx

c:\puppy(2).exe\Purity.dat

c:\puppy(2).exe\PV.3XE

c:\puppy(2).exe\RCLink.dat

c:\puppy(2).exe\REGDACL.sed

c:\puppy(2).exe\RegDo.sed

c:\puppy(2).exe\region.dat

c:\puppy(2).exe\Resident.txt

c:\puppy(2).exe\rmbr.3XE

c:\puppy(2).exe\rogues.dat

c:\puppy(2).exe\ROUTE.3XE

c:\puppy(2).exe\run2.sed

c:\puppy(2).exe\Rust.str

c:\puppy(2).exe\s0rt.3XE

c:\puppy(2).exe\safeboot.dat

c:\puppy(2).exe\safeboot.def.dat

c:\puppy(2).exe\sed.3XE

c:\puppy(2).exe\setpath.3XE

c:\puppy(2).exe\ShAccess.dat

c:\puppy(2).exe\sqlite3.3XE

c:\puppy(2).exe\srizbi.md5

c:\puppy(2).exe\Start_dat

c:\puppy(2).exe\StartMenuFile.cfx

c:\puppy(2).exe\StartMenuFolder.cfx

c:\puppy(2).exe\StartUpFile.cfx

c:\puppy(2).exe\svc_wht.dat

c:\puppy(2).exe\svchost.dat

c:\puppy(2).exe\svchost.vista.x64.dat

c:\puppy(2).exe\swreg.3XE

c:\puppy(2).exe\swsc.3XE

c:\puppy(2).exe\swxcacls.3XE

c:\puppy(2).exe\system_ini.dat

c:\puppy(2).exe\tail.3XE

c:\puppy(2).exe\TemplatesFile.cfx

c:\puppy(2).exe\TemplatesFolder.cfx

c:\puppy(2).exe\toolbar.sed

c:\puppy(2).exe\VInfo

c:\puppy(2).exe\VInfo2

c:\puppy(2).exe\VINFO3

c:\puppy(2).exe\Vipev.dat

c:\puppy(2).exe\vistaMcode.dat

c:\puppy(2).exe\vun.dat

c:\puppy(2).exe\w7Mcode.dat

c:\puppy(2).exe\XP.mac

c:\puppy(2).exe\xpmcode.dat

c:\puppy(2).exe\xpreg.dat

c:\puppy(2).exe\zDomain.dat

c:\puppy(2).exe\zhsvc.dat

c:\puppy(2).exe\zip.3XE

C:\Puppy.exe

c:\puppy.exe\ActiveDrv.vbs

c:\puppy.exe\Assoc.cmd

c:\puppy.exe\Auto-RC.cmd

c:\puppy.exe\av.cmd

c:\puppy.exe\av.vbs

c:\puppy.exe\AWF.cmd

c:\puppy.exe\Boot-Rk.cmd

c:\puppy.exe\Boot.bat

c:\puppy.exe\BootDrv.vbs

c:\puppy.exe\c.bat

c:\puppy.exe\Catch-sub.cmd

c:\puppy.exe\CCS.bat

c:\puppy.exe\CF-Script.cmd

c:\puppy.exe\CHCP.bat

c:\puppy.exe\Combobatch.bat

c:\puppy.exe\Create.cmd

c:\puppy.exe\CregC.cmd

c:\puppy.exe\DelClsid.bat

c:\puppy.exe\desktop.ini

c:\puppy.exe\DrvRun.vbs

c:\puppy.exe\Exe.reg

c:\puppy.exe\FD-SV.cmd

c:\puppy.exe\ffdefstr.dll

c:\puppy.exe\ffext.pif

c:\puppy.exe\files.pif

c:\puppy.exe\FIND3M.bat

c:\puppy.exe\FIXLSP.bat

c:\puppy.exe\FIXLSP64.cmd

c:\puppy.exe\FKMGen.cmd

c:\puppy.exe\GetHive.cmd

c:\puppy.exe\history.bat

c:\puppy.exe\hwid.pif

c:\puppy.exe\iexplore.exe

c:\puppy.exe\Install-RC.cmd

c:\puppy.exe\Juan Merello-Galasso.user.cf

c:\puppy.exe\katch.cmd

c:\puppy.exe\Kill-All.cmd

c:\puppy.exe\KNetSvcs.vbs

c:\puppy.exe\Lang.bat

c:\puppy.exe\List-B.bat

c:\puppy.exe\List-C.bat

c:\puppy.exe\List-D.bat

c:\puppy.exe\List.bat

c:\puppy.exe\lnkread.vbs

c:\puppy.exe\md5sum.pif

c:\puppy.exe\MoveIt.bat

c:\puppy.exe\ncmd.com

c:\puppy.exe\ND_.bat

c:\puppy.exe\ND_64.bat

c:\puppy.exe\NircmdB.exe

c:\puppy.exe\NT-OS.cmd

c:\puppy.exe\OSid.vbs

c:\puppy.exe\PEV.exe

c:\puppy.exe\Prep.inf

c:\puppy.exe\pv.com

c:\puppy.exe\rar_sfx.cmd

c:\puppy.exe\RegScan.cmd

c:\puppy.exe\restore_pt.vbs

c:\puppy.exe\Rkey.cmd

c:\puppy.exe\SetEnvmt.bat

c:\puppy.exe\setpath_N.cmd

c:\puppy.exe\SF.exe

c:\puppy.exe\sfx.cmd

c:\puppy.exe\SnapShot.cmd

c:\puppy.exe\SRestore.cmd

c:\puppy.exe\SuppScan.cmd

c:\puppy.exe\SvcDrv.vbs

c:\puppy.exe\Update-CF.cmd

c:\puppy.exe\VBR.pif

c:\puppy.exe\VerCF.bat

c:\puppy.exe\w_sock.dll

c:\puppy.exe\Wmi_rem.vbs

c:\puppy.exe\XPSBoot.reg

C:\RECYCLER(2)

c:\recycler(2)\S-1-5-21-2359764000-2142377074-2693712990-1005(2)\Dc6.part

c:\recycler(2)\S-1-5-21-2359764000-2142377074-2693712990-1005(2)\INFO2

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2013-01-12 to 2013-02-12 )))))))))))))))))))))))))))))))

.

.

2013-02-03 20:43 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-02-03 20:43 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-02-03 20:43 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-02-03 20:43 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-02-03 20:43 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-02-03 20:43 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2013-02-03 20:43 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2013-02-03 20:43 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2013-02-03 20:42 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr

2013-02-03 20:42 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe

2013-02-03 19:51 . 2013-02-03 19:51 -------- d-----w- c:\documents and settings\Juan Merello-Galasso\Datos de programa\DriverCure

2013-02-03 19:51 . 2013-02-03 19:51 -------- d-----w- c:\documents and settings\Juan Merello-Galasso\Datos de programa\ParetoLogic

2013-02-03 19:50 . 2013-02-03 19:53 -------- d-----w- c:\documents and settings\All Users\Datos de programa\ParetoLogic

2013-02-03 14:48 . 2013-01-07 23:57 6991832 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{32301680-2EEF-4BEE-AB90-098A191B3609}\mpengine.dll

2013-02-02 21:46 . 2013-02-02 21:46 -------- d-----w- C:\VundoFix Backups

2013-01-26 23:07 . 2013-01-26 23:08 -------- d-----w- c:\archivos de programa\ERUNT

2013-01-26 22:56 . 2013-01-26 22:56 -------- d-----w- c:\documents and settings\All Users\Datos de programa\CheckPoint

2013-01-17 15:48 . 2013-01-07 23:57 6991832 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-16 15:38 . 2013-01-16 15:38 -------- d-----w- c:\archivos de programa\Atheros

2013-01-16 02:18 . 2013-01-16 02:18 -------- d-----w- c:\windows\system32\wbem\Repository

2013-01-16 02:16 . 2013-02-03 19:45 -------- d-----w- c:\archivos de programa\Microsoft Security Client

2013-01-16 02:15 . 2013-02-06 14:35 -------- d-----w- c:\archivos de programa\Mozilla Maintenance Service

2013-01-16 01:14 . 2013-01-16 02:15 -------- d-----w- C:\Puppy.exe9477P

2013-01-15 23:32 . 2013-01-16 02:16 -------- d-----w- c:\archivos de programa\PC Speed Maximizer

2013-01-14 20:09 . 2013-01-03 10:18 15360 ----a-w- c:\windows\Launcher.exe

2013-01-14 20:07 . 2013-01-14 20:09 -------- d-----w- c:\documents and settings\Juan Merello

2013-01-14 20:07 . 2013-01-14 20:07 -------- d-----w- c:\documents and settings\Juan Merello-Galasso\Configuración local\Datos de programa\SimplyTech

2013-01-14 20:06 . 2013-01-14 20:10 -------- d-----w- c:\archivos de programa\Red Sky

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-10 19:07 . 2012-07-26 19:21 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-10 19:07 . 2012-01-11 00:11 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-30 10:53 . 2012-05-04 00:33 232336 ------w- c:\windows\system32\MpSigStub.exe

2012-12-16 12:23 . 2011-02-15 12:56 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 19:49 . 2012-10-18 19:37 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-28 14:22 . 2012-11-28 14:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-28 14:22 . 2012-08-11 23:50 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-28 14:22 . 2012-05-15 19:25 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-28 14:22 . 2010-05-27 12:31 746984 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-30 13:28 . 2012-08-15 17:22 2346904 ----a-w- c:\archivos de programa\ESETSmartInstaller_1.exe

2011-09-30 13:28 . 2012-08-15 17:22 2346904 ----a-w- c:\archivos de programa\ESETSmartInstaller.exe

2010-10-02 09:03 . 2010-10-20 02:36 189920 ----a-w- c:\archivos de programa\Windows Installer CleanUp Utility.exe

2010-09-27 17:28 . 2010-09-27 17:28 307032 ----a-w- c:\archivos de programa\Toolbox.exe

2010-03-23 13:05 . 2010-11-27 16:17 581120 ----a-w- c:\archivos de programa\lame.exe

2008-11-10 20:25 . 2008-11-10 20:25 244592 ----a-w- c:\archivos de programa\ZoomIt.exe

2008-06-23 12:50 . 2010-09-08 12:48 534016 ----a-w- c:\archivos de programa\FireTune.exe

2007-02-12 20:31 . 2012-04-05 14:22 1111552 ----a-w- c:\archivos de programa\FSCapture.exe

2005-10-20 15:04 . 2005-10-20 15:04 38912 ----a-w- c:\archivos de programa\AUTOBACK.EXE

2005-10-20 15:03 . 2005-10-20 15:03 140288 ----a-w- c:\archivos de programa\NTREGOPT.EXE

2005-10-20 15:02 . 2005-10-20 15:02 163328 ----a-w- c:\archivos de programa\ERDNT.E_E

2005-10-20 15:00 . 2005-10-20 15:00 157696 ----a-w- c:\archivos de programa\ERUNT.EXE

2005-01-21 22:08 . 2010-06-26 22:17 2384669 ----a-w- c:\archivos de programa\WinAVI_Video_Capture.exe

2013-02-06 12:41 . 2013-02-06 12:41 262552 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\archivos de programa\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"WinPatrol"="c:\archivos de programa\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-20 363752]

"avast"="c:\archivos de programa\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

c:\documents and settings\Juan Merello-Galasso\Menú Inicio\Programas\Inicio\

ERUNT AutoBackup.lnk - c:\archivos de programa\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

QuickMonth Calendar.lnk - c:\windows\qmc.exe [2010-4-1 429003]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35 946352 ----a-w- c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-05-10 05:41 49208 ----a-w- c:\archivos de programa\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2009-06-04 22:03 186904 ----a-w- c:\archivos de programa\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Archivos de programa\\Archivos comunes\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Archivos de programa\\Daum\\PotPlayer\\PotPlayerMini.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Archivos de programa\\Applian Technologies\\Applian FLV and Media Player\\amp.exe"=

"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"20998:TCP"= 20998:TCP:BitComet 20998 TCP

"20998:UDP"= 20998:UDP:BitComet 20998 UDP

.

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [20/11/2009 02:36 p.m. 21488]

R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [20/11/2009 02:36 p.m. 15856]

R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [02/07/2009 02:10 a.m. 103792]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [03/02/2013 05:43 p.m. 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/02/2013 05:43 p.m. 361032]

R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [20/11/2009 02:36 p.m. 25584]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [02/11/2010 08:06 p.m. 101112]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/02/2013 05:43 p.m. 21256]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [20/11/2009 02:23 p.m. 113664]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/09/2009 06:46 p.m. 62576]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [16/01/2012 02:44 p.m. 193640]

S2 SkypeUpdate;Skype Updater;c:\archivos de programa\Skype\Updater\Updater.exe [13/07/2012 02:28 p.m. 160944]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\archivos de programa\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\archivos de programa\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANMp50.sys [26/08/2012 01:20 p.m. 36408]

S3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANSp50.sys [26/08/2012 01:20 p.m. 35384]

S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\archivos de programa\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe --> c:\archivos de programa\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [?]

S4 BOTService;BOTService;"c:\archivos de programa\Roxio\BackOnTrack\Instant Restore\BOTService.exe" --> c:\archivos de programa\Roxio\BackOnTrack\Instant Restore\BOTService.exe [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-02-02 22:14 1607120 ----a-w- c:\archivos de programa\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 19:07]

.

2013-02-11 c:\windows\Tasks\avast! Emergency Update.job

- c:\archivos de programa\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-03 22:50]

.

2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-10-04 00:22]

.

2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-10-04 00:22]

.

2012-02-09 c:\windows\Tasks\Juan Merello-Galasso NBAgent.job

- c:\archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2010-06-08 06:45]

.

2012-01-29 c:\windows\Tasks\Juan Merello-Galasso.job

- c:\archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2010-06-08 06:45]

.

2012-01-29 c:\windows\Tasks\Juan Merello-Galasso2.job

- c:\archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2010-06-08 06:45]

.

2012-02-09 c:\windows\Tasks\Juan Merello-Galasso3.job

- c:\archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2010-06-08 06:45]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzuzytDyE0C0EyDzyyCtBtC0B0Bzz0AtAtAyBtN0D0TzutBtDtCtCtDzztCyE&cr=266032843

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.cl/

FF - ExtSQL: 2013-01-16 11:21; {66E978CD-981F-47DF-AC42-E3CF417C1467}; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi

FF - ExtSQL: 2013-01-16 11:21; {39952c40-5197-11da-8cd6-0800200c9a66}; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\{39952c40-5197-11da-8cd6-0800200c9a66}.xpi

FF - ExtSQL: 2013-01-17 13:20; CNT@ednovak.net; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\CNT@ednovak.net.xpi

FF - ExtSQL: 2013-01-17 20:50; status4evar@caligonstudios.com; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\status4evar@caligonstudios.com.xpi

FF - ExtSQL: 2013-01-22 11:12; foxmarks@kei.com; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\foxmarks@kei.com

FF - ExtSQL: 2013-01-26 13:07; {a3a5c777-f583-4fef-9380-ab4add1bc2a8}; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi

FF - ExtSQL: 2013-01-26 20:43; {dd3d7613-0246-469d-bc65-2a3cc1668adc}; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi

FF - ExtSQL: 2013-02-03 17:48; wrc@avast.com; c:\archivos de programa\AVAST Software\Avast\WebRep\FF

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539} - c:\docume~1\ALLUSE~1\DATOSD~1\INSTAL~2\{A62F9~1\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-02-11 21:39

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

C:\avast! sandbox

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]

"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"A0C0710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Completion time: 2013-02-11 21:42:45

ComboFix-quarantined-files.txt 2013-02-12 00:42

.

Pre-Run: 118,796,234,752 bytes libres

Post-Run: 119,166,976,000 bytes libres

.

- - End Of File - - F5BE9C96E3EBC293A7A8F839E44A3DBA

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it or you can upload it here and send me the link - http://www.2shared.com/

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit

2.Unzip the contents to a folder in a convenient location.

3.Open the folder where the contents were unzipped and run mbar.exe

4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6.Wait while the system shuts down and the cleanup process is performed.

7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

  • •Internet access
    •Windows Update
    •Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo

Link to post
Share on other sites

Forum continues no allerting for answers. Together with PC improvement desk icons started to blink again at starting some programs.

GO STRAIGHTLY TO ATTACHMENT, PLEASE.

Attachment goes with complete report

Malwarebytes rootkit: No maliciuos threads.

Everything seem functioning well.

Regards

TDSSKiller.2.8.16.0_12.02.2013_18.01.25_log.txt

Link to post
Share on other sites

  • Staff

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box


C:\Qoobox\Add-Remove Programs.txt

  • click ok

copy and paste the report into this topic for me to review

Gringo

Link to post
Share on other sites

Still forum is not sednding anything when new messages appear. Cheers

Acrobat.com

Actualización de seguridad para el Reproductor de Windows Media (KB2378111)

Actualización de seguridad para el Reproductor de Windows Media (KB952069)

Actualización de seguridad para el Reproductor de Windows Media (KB954155)

Actualización de seguridad para el Reproductor de Windows Media (KB968816)

Actualización de seguridad para el Reproductor de Windows Media (KB973540)

Actualización de seguridad para el Reproductor de Windows Media (KB978695)

Actualización de seguridad para el Reproductor de Windows Media 11 (KB954154)

Actualización de seguridad para Windows Internet Explorer 8 (KB2360131)

Actualización de seguridad para Windows Internet Explorer 8 (KB2416400)

Actualización de seguridad para Windows Internet Explorer 8 (KB2497640)

Actualización de seguridad para Windows Internet Explorer 8 (KB2510531)

Actualización de seguridad para Windows Internet Explorer 8 (KB2530548)

Actualización de seguridad para Windows Internet Explorer 8 (KB2544521)

Actualización de seguridad para Windows Internet Explorer 8 (KB2559049)

Actualización de seguridad para Windows Internet Explorer 8 (KB2618444)

Actualización de seguridad para Windows Internet Explorer 8 (KB2675157)

Actualización de seguridad para Windows Internet Explorer 8 (KB2699988)

Actualización de seguridad para Windows Internet Explorer 8 (KB2722913)

Actualización de seguridad para Windows Internet Explorer 8 (KB2744842)

Actualización de seguridad para Windows Internet Explorer 8 (KB2761465)

Actualización de seguridad para Windows Internet Explorer 8 (KB2799329)

Actualización de seguridad para Windows Internet Explorer 8 (KB971961)

Actualización de seguridad para Windows Internet Explorer 8 (KB981332)

Actualización de seguridad para Windows Internet Explorer 8 (KB982381)

Actualización de seguridad para Windows XP (KB2279986)

Actualización de seguridad para Windows XP (KB2296011)

Actualización de seguridad para Windows XP (KB2360937)

Actualización de seguridad para Windows XP (KB2387149)

Actualización de seguridad para Windows XP (KB2412687)

Actualización de seguridad para Windows XP (KB2419632)

Actualización de seguridad para Windows XP (KB2476490)

Actualización de seguridad para Windows XP (KB2479943)

Actualización de seguridad para Windows XP (KB2481109)

Actualización de seguridad para Windows XP (KB2485663)

Actualización de seguridad para Windows XP (KB2503658)

Actualización de seguridad para Windows XP (KB2503665)

Actualización de seguridad para Windows XP (KB2506212)

Actualización de seguridad para Windows XP (KB2506223)

Actualización de seguridad para Windows XP (KB2507618)

Actualización de seguridad para Windows XP (KB2507938)

Actualización de seguridad para Windows XP (KB2508272)

Actualización de seguridad para Windows XP (KB2508429)

Actualización de seguridad para Windows XP (KB2509553)

Actualización de seguridad para Windows XP (KB2511455)

Actualización de seguridad para Windows XP (KB2524375)

Actualización de seguridad para Windows XP (KB2535512)

Actualización de seguridad para Windows XP (KB2536276-v2)

Actualización de seguridad para Windows XP (KB2536276)

Actualización de seguridad para Windows XP (KB2544893)

Actualización de seguridad para Windows XP (KB2555917)

Actualización de seguridad para Windows XP (KB2562937)

Actualización de seguridad para Windows XP (KB2566454)

Actualización de seguridad para Windows XP (KB2567680)

Actualización de seguridad para Windows XP (KB2570222)

Actualización de seguridad para Windows XP (KB2570947)

Actualización de seguridad para Windows XP (KB2618451)

Actualización de seguridad para Windows XP (KB2619339)

Actualización de seguridad para Windows XP (KB2620712)

Actualización de seguridad para Windows XP (KB2624667)

Actualización de seguridad para Windows XP (KB2633171)

Actualización de seguridad para Windows XP (KB2639417)

Actualización de seguridad para Windows XP (KB2655992)

Actualización de seguridad para Windows XP (KB2659262)

Actualización de seguridad para Windows XP (KB2676562)

Actualización de seguridad para Windows XP (KB2685939)

Actualización de seguridad para Windows XP (KB2686509)

Actualización de seguridad para Windows XP (KB2691442)

Actualización de seguridad para Windows XP (KB2695962)

Actualización de seguridad para Windows XP (KB2698365)

Actualización de seguridad para Windows XP (KB2705219)

Actualización de seguridad para Windows XP (KB2707511)

Actualización de seguridad para Windows XP (KB2709162)

Actualización de seguridad para Windows XP (KB2712808)

Actualización de seguridad para Windows XP (KB2718523)

Actualización de seguridad para Windows XP (KB2719985)

Actualización de seguridad para Windows XP (KB2723135)

Actualización de seguridad para Windows XP (KB2727528)

Actualización de seguridad para Windows XP (KB2731847)

Actualización de seguridad para Windows XP (KB2753842-v2)

Actualización de seguridad para Windows XP (KB2757638)

Actualización de seguridad para Windows XP (KB2758857)

Actualización de seguridad para Windows XP (KB2761226)

Actualización de seguridad para Windows XP (KB2770660)

Actualización de seguridad para Windows XP (KB2779030)

Actualización de seguridad para Windows XP (KB923561)

Actualización de seguridad para Windows XP (KB941569)

Actualización de seguridad para Windows XP (KB946648)

Actualización de seguridad para Windows XP (KB950760)

Actualización de seguridad para Windows XP (KB950762)

Actualización de seguridad para Windows XP (KB950974)

Actualización de seguridad para Windows XP (KB951066)

Actualización de seguridad para Windows XP (KB951376-v2)

Actualización de seguridad para Windows XP (KB951748)

Actualización de seguridad para Windows XP (KB952004)

Actualización de seguridad para Windows XP (KB952954)

Actualización de seguridad para Windows XP (KB956572)

Actualización de seguridad para Windows XP (KB956744)

Actualización de seguridad para Windows XP (KB956802)

Actualización de seguridad para Windows XP (KB956803)

Actualización de seguridad para Windows XP (KB956844)

Actualización de seguridad para Windows XP (KB958644)

Actualización de seguridad para Windows XP (KB958869)

Actualización de seguridad para Windows XP (KB959426)

Actualización de seguridad para Windows XP (KB960803)

Actualización de seguridad para Windows XP (KB960859)

Actualización de seguridad para Windows XP (KB961501)

Actualización de seguridad para Windows XP (KB969059)

Actualización de seguridad para Windows XP (KB969947)

Actualización de seguridad para Windows XP (KB970238)

Actualización de seguridad para Windows XP (KB970430)

Actualización de seguridad para Windows XP (KB971468)

Actualización de seguridad para Windows XP (KB971657)

Actualización de seguridad para Windows XP (KB972270)

Actualización de seguridad para Windows XP (KB973354)

Actualización de seguridad para Windows XP (KB973507)

Actualización de seguridad para Windows XP (KB973869)

Actualización de seguridad para Windows XP (KB973904)

Actualización de seguridad para Windows XP (KB974112)

Actualización de seguridad para Windows XP (KB974318)

Actualización de seguridad para Windows XP (KB974392)

Actualización de seguridad para Windows XP (KB974571)

Actualización de seguridad para Windows XP (KB975025)

Actualización de seguridad para Windows XP (KB975467)

Actualización de seguridad para Windows XP (KB975560)

Actualización de seguridad para Windows XP (KB975561)

Actualización de seguridad para Windows XP (KB975562)

Actualización de seguridad para Windows XP (KB975713)

Actualización de seguridad para Windows XP (KB977816)

Actualización de seguridad para Windows XP (KB977914)

Actualización de seguridad para Windows XP (KB978037)

Actualización de seguridad para Windows XP (KB978262)

Actualización de seguridad para Windows XP (KB978338)

Actualización de seguridad para Windows XP (KB978542)

Actualización de seguridad para Windows XP (KB978601)

Actualización de seguridad para Windows XP (KB978706)

Actualización de seguridad para Windows XP (KB979309)

Actualización de seguridad para Windows XP (KB979482)

Actualización de seguridad para Windows XP (KB979559)

Actualización de seguridad para Windows XP (KB979683)

Actualización de seguridad para Windows XP (KB979687)

Actualización de seguridad para Windows XP (KB980195)

Actualización de seguridad para Windows XP (KB980218)

Actualización de seguridad para Windows XP (KB980232)

Actualización de seguridad para Windows XP (KB981957)

Actualización de seguridad para Windows XP (KB982132)

Actualización para Windows Internet Explorer 8 (KB976662)

Actualización para Windows Internet Explorer 8 (KB980182)

Actualización para Windows XP (KB2345886)

Actualización para Windows XP (KB2467659)

Actualización para Windows XP (KB2541763)

Actualización para Windows XP (KB2607712)

Actualización para Windows XP (KB2616676-v2)

Actualización para Windows XP (KB2718704)

Actualización para Windows XP (KB2736233)

Actualización para Windows XP (KB898461)

Actualización para Windows XP (KB951978)

Actualización para Windows XP (KB955759)

Actualización para Windows XP (KB967715)

Actualización para Windows XP (KB968389)

Actualización para Windows XP (KB971029)

Actualización para Windows XP (KB971737)

Actualización para Windows XP (KB973687)

Actualización para Windows XP (KB973815)

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.5) - Español

Amazon MP3 Downloader 1.0.15

Applian FLV and Media Player 3.1.1.12

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Atheros Driver Installation Program

Audacity 1.2.6

Auslogics Disk Defrag

avast! Free Antivirus

Ayuda VTR

CCleaner

ClassicsOnline

ClearType Tuning Control Panel Applet

Daum PotPlayer 1.5.28025

DivX Codec

ERUNT 1.1j

Everything 1.2.1.371

Fast Folder Eraser Free v2.6

FileASSASSIN

FileZilla Client 3.5.0

Free Merge MP3 3.2.1

Free PDF to Word Doc Converter v1.1

FTP Commander

Google Chrome

Google Update Helper

Hewlett-Packard ACLM.NET v1.1.0.0

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

HP BatteryCheck 2.10 A2

HP Product Detection

HP Update

HP User Guides 0165

HP Wireless Assistant

HpSdpAppCoreApp

Hyperion Download Manager

IDT Audio

ImgBurn

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

Java 7 Update 9

Java Auto Updater

Java 6 Update 33

LAME v3.98.3 for Audacity

LG CyberLink Power2Go

LG CyberLink PowerBackup

LG Power Tools

Malwarebytes Anti-Malware versión 1.70.0.1100

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ESN

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ESN

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 Language Pack - esn

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office File Validation Add-In

Microsoft Office FrontPage 2003

Microsoft Office Professional Edition 2003

Microsoft Office Suite Activation Assistant

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 18.0.2 (x86 es-CL)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

MyDefrag v4.3.1

Nero 7 Essentials

Nero BackItUp

Nero BackItUp and Burn

Nero BurnRights

Nero Express

Nero RescueAgent

neroxml

NTRplugin 1.2

Panda USB Vaccine 1.0.1.4

Paquete de idioma de Microsoft .NET Framework 3.5 - esn

QuickMonth Calendar 2.0

Realtek USB 2.0 Card Reader

RealUpgrade 1.0

Recuva

Revisión para el Reproductor de Windows Media 11 (KB939683)

Revisión para Windows XP (KB2570791)

Revisión para Windows XP (KB2633952)

Revisión para Windows XP (KB2779562)

Revisión para Windows XP (KB932716-v2)

Revisión para Windows XP (KB942288-v3)

Revisión para Windows XP (KB949764)

Revisión para Windows XP (KB952287)

Revisión para Windows XP (KB961118)

Revisión para Windows XP (KB979306)

Revisión para Windows XP (KB981793)

Revo Uninstaller 1.91

runtime

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

SizeMeNow

Skype Click to Call

Skype™ 5.10

SpeedFan (remove only)

TellJack

TreeSize Free V2.5

Tweak UI

Universal Music Downloader

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Utilidad de copia de seguridad de Windows

WebFldrs XP

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

WinPatrol

WinRAR 4.01 (32-bit)

Xirrus Wi-Fi Inspector

XML Paper Specification Shared Components Language Pack 1.0

Link to post
Share on other sites

Sysinfo continues to report Avira as the installed and enables AV as this:

OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit

Processor: Intel® Atom CPU N270 @ 1.60GHz, x86 Family 6 Model 28 Stepping 2

Processor Count: 2

RAM: 2039 Mb

Graphics Card: Mobile Intel® 945 Express Chipset Family, 128 Mb

Hard Drives: C: Total - 152616 MB, Free - 113414 MB;

Motherboard: Hewlett-Packard, 1468

Antivirus: Avira Desktop, Updated: Yes, On-Demand Scanner: Enabled

Regards

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

SecCenter::
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

Avira is still in the summary below. Friendly greetings.

OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit

Processor: Intel® Atom CPU N270 @ 1.60GHz, x86 Family 6 Model 28 Stepping 2

Processor Count: 2

RAM: 2039 Mb

Graphics Card: Mobile Intel® 945 Express Chipset Family, 128 Mb

Hard Drives: C: Total - 152616 MB, Free - 114492 MB;

Motherboard: Hewlett-Packard, 1468

Antivirus: Avira Desktop, Updated: Yes, On-Demand Scanner: Enabled

ComboFix 13-02-15.01 - Juan Merello-Galasso 15/02/2013 16:42:21.6.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.52.3082.18.2039.1595 [GMT -3:00]

Running from: c:\documents and settings\Juan Merello-Galasso\Escritorio\Combofix\Puppy.exe.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2013-01-15 to 2013-02-15 )))))))))))))))))))))))))))))))

.

.

2013-02-15 19:29 . 2013-02-15 19:39 -------- d-----w- C:\32788R22FWJFW

2013-02-13 22:49 . 2013-02-13 22:51 -------- d-----w- c:\archivos de programa\Email

2013-02-12 18:03 . 2013-02-12 18:03 -------- d-----w- c:\documents and settings\Juan Merello-Galasso\Datos de programa\Ufasoft

2013-02-12 01:01 . 2013-02-12 14:22 -------- d-----w- c:\archivos de programa\Perfect Uninstaller

2013-02-03 20:43 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-02-03 20:43 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-02-03 20:43 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-02-03 20:43 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-02-03 20:43 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-02-03 20:43 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2013-02-03 20:43 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2013-02-03 20:43 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2013-02-03 20:42 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr

2013-02-03 20:42 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe

2013-02-03 19:51 . 2013-02-03 19:51 -------- d-----w- c:\documents and settings\Juan Merello-Galasso\Datos de programa\DriverCure

2013-02-03 19:51 . 2013-02-03 19:51 -------- d-----w- c:\documents and settings\Juan Merello-Galasso\Datos de programa\ParetoLogic

2013-02-03 19:50 . 2013-02-03 19:53 -------- d-----w- c:\documents and settings\All Users\Datos de programa\ParetoLogic

2013-02-03 14:48 . 2013-01-07 23:57 6991832 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{32301680-2EEF-4BEE-AB90-098A191B3609}\mpengine.dll

2013-02-02 21:46 . 2013-02-02 21:46 -------- d-----w- C:\VundoFix Backups

2013-01-26 23:07 . 2013-01-26 23:08 -------- d-----w- c:\archivos de programa\ERUNT

2013-01-26 22:56 . 2013-01-26 22:56 -------- d-----w- c:\documents and settings\All Users\Datos de programa\CheckPoint

2013-01-17 15:48 . 2013-01-07 23:57 6991832 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-14 15:17 . 2012-07-26 19:21 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-14 15:17 . 2012-01-11 00:11 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-30 10:53 . 2012-05-04 00:33 232336 ------w- c:\windows\system32\MpSigStub.exe

2013-01-26 03:55 . 2008-04-15 12:00 552448 ------w- c:\windows\system32\oleaut32.dll

2013-01-07 07:25 . 2011-02-09 13:01 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 07:25 . 2011-02-09 13:01 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 10:09 . 2011-03-03 13:53 1867392 ----a-w- c:\windows\system32\win32k.sys

2013-01-03 10:18 . 2013-01-14 20:09 15360 ----a-w- c:\windows\Launcher.exe

2013-01-02 06:49 . 2010-02-05 18:26 1298432 ----a-w- c:\windows\system32\quartz.dll

2013-01-02 06:49 . 2008-04-15 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2012-12-26 20:21 . 2011-04-14 13:01 916480 ----a-w- c:\windows\system32\wininet.dll

2012-12-26 20:20 . 2011-04-14 13:01 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-12-26 20:20 . 2011-04-14 13:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-12-24 06:41 . 2011-04-14 13:01 385024 ----a-w- c:\windows\system32\html.iec

2012-12-16 12:23 . 2011-02-15 12:56 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 19:49 . 2012-10-18 19:37 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-28 14:22 . 2012-11-28 14:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-28 14:22 . 2012-08-11 23:50 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-28 14:22 . 2012-05-15 19:25 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-28 14:22 . 2010-05-27 12:31 746984 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-30 13:28 . 2012-08-15 17:22 2346904 ----a-w- c:\archivos de programa\ESETSmartInstaller_1.exe

2011-09-30 13:28 . 2012-08-15 17:22 2346904 ----a-w- c:\archivos de programa\ESETSmartInstaller.exe

2010-10-02 09:03 . 2010-10-20 02:36 189920 ----a-w- c:\archivos de programa\Windows Installer CleanUp Utility.exe

2010-09-27 17:28 . 2010-09-27 17:28 307032 ----a-w- c:\archivos de programa\Toolbox.exe

2010-03-23 13:05 . 2010-11-27 16:17 581120 ----a-w- c:\archivos de programa\lame.exe

2008-11-10 20:25 . 2008-11-10 20:25 244592 ----a-w- c:\archivos de programa\ZoomIt.exe

2008-06-23 12:50 . 2010-09-08 12:48 534016 ----a-w- c:\archivos de programa\FireTune.exe

2007-02-12 20:31 . 2012-04-05 14:22 1111552 ----a-w- c:\archivos de programa\FSCapture.exe

2005-10-20 15:04 . 2005-10-20 15:04 38912 ----a-w- c:\archivos de programa\AUTOBACK.EXE

2005-10-20 15:03 . 2005-10-20 15:03 140288 ----a-w- c:\archivos de programa\NTREGOPT.EXE

2005-10-20 15:02 . 2005-10-20 15:02 163328 ----a-w- c:\archivos de programa\ERDNT.E_E

2005-10-20 15:00 . 2005-10-20 15:00 157696 ----a-w- c:\archivos de programa\ERUNT.EXE

2005-01-21 22:08 . 2010-06-26 22:17 2384669 ----a-w- c:\archivos de programa\WinAVI_Video_Capture.exe

2013-02-06 12:41 . 2013-02-06 12:41 262552 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\archivos de programa\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"WinPatrol"="c:\archivos de programa\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-20 363752]

"avast"="c:\archivos de programa\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

c:\documents and settings\Juan Merello-Galasso\Menú Inicio\Programas\Inicio\

ERUNT AutoBackup.lnk - c:\archivos de programa\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

QuickMonth Calendar.lnk - c:\windows\qmc.exe [2010-4-1 429003]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35 946352 ----a-w- c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-05-10 05:41 49208 ----a-w- c:\archivos de programa\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2009-06-04 22:03 186904 ----a-w- c:\archivos de programa\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Archivos de programa\\Archivos comunes\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Archivos de programa\\Daum\\PotPlayer\\PotPlayerMini.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Archivos de programa\\Applian Technologies\\Applian FLV and Media Player\\amp.exe"=

"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"20998:TCP"= 20998:TCP:BitComet 20998 TCP

"20998:UDP"= 20998:UDP:BitComet 20998 UDP

.

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [20/11/2009 02:36 p.m. 21488]

R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [20/11/2009 02:36 p.m. 15856]

R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [02/07/2009 02:10 a.m. 103792]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [03/02/2013 05:43 p.m. 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/02/2013 05:43 p.m. 361032]

R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [20/11/2009 02:36 p.m. 25584]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [02/11/2010 08:06 p.m. 101112]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/02/2013 05:43 p.m. 21256]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [20/11/2009 02:23 p.m. 113664]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/09/2009 06:46 p.m. 62576]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [16/01/2012 02:44 p.m. 193640]

S2 SkypeUpdate;Skype Updater;c:\archivos de programa\Skype\Updater\Updater.exe [13/07/2012 02:28 p.m. 160944]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\archivos de programa\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\archivos de programa\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANMp50.sys [26/08/2012 01:20 p.m. 36408]

S3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANSp50.sys [26/08/2012 01:20 p.m. 35384]

S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\archivos de programa\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe --> c:\archivos de programa\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [?]

S4 BOTService;BOTService;"c:\archivos de programa\Roxio\BackOnTrack\Instant Restore\BOTService.exe" --> c:\archivos de programa\Roxio\BackOnTrack\Instant Restore\BOTService.exe [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-02-02 22:14 1607120 ----a-w- c:\archivos de programa\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 15:17]

.

2013-02-15 c:\windows\Tasks\avast! Emergency Update.job

- c:\archivos de programa\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-03 22:50]

.

2013-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-10-04 00:22]

.

2013-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-10-04 00:22]

.

2012-02-09 c:\windows\Tasks\Juan Merello-Galasso NBAgent.job

- c:\archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2010-06-08 06:45]

.

2012-01-29 c:\windows\Tasks\Juan Merello-Galasso.job

- c:\archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2010-06-08 06:45]

.

2012-01-29 c:\windows\Tasks\Juan Merello-Galasso2.job

- c:\archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2010-06-08 06:45]

.

2012-02-09 c:\windows\Tasks\Juan Merello-Galasso3.job

- c:\archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2010-06-08 06:45]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzuzytDyE0C0EyDzyyCtBtC0B0Bzz0AtAtAyBtN0D0TzutBtDtCtCtDzztCyE&cr=266032843

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.cl/

FF - ExtSQL: 2013-01-16 11:21; {66E978CD-981F-47DF-AC42-E3CF417C1467}; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi

FF - ExtSQL: 2013-01-16 11:21; {39952c40-5197-11da-8cd6-0800200c9a66}; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\{39952c40-5197-11da-8cd6-0800200c9a66}.xpi

FF - ExtSQL: 2013-01-17 13:20; CNT@ednovak.net; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\CNT@ednovak.net.xpi

FF - ExtSQL: 2013-01-17 20:50; status4evar@caligonstudios.com; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\status4evar@caligonstudios.com.xpi

FF - ExtSQL: 2013-01-22 11:12; foxmarks@kei.com; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\foxmarks@kei.com

FF - ExtSQL: 2013-01-26 13:07; {a3a5c777-f583-4fef-9380-ab4add1bc2a8}; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi

FF - ExtSQL: 2013-01-26 20:43; {dd3d7613-0246-469d-bc65-2a3cc1668adc}; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi

FF - ExtSQL: 2013-02-03 17:48; wrc@avast.com; c:\archivos de programa\AVAST Software\Avast\WebRep\FF

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-69396203.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-02-15 16:55

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

C:\avast! sandbox

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]

"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"A0C0710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2924)

c:\windows\system32\WININET.dll

c:\archivos de programa\BillP Studios\WinPatrol\PATROLPRO.DLL

c:\windows\system32\msi.dll

c:\archiv~1\WINDOW~1\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2013-02-15 16:59:24

ComboFix-quarantined-files.txt 2013-02-15 19:59

ComboFix2.txt 2013-02-12 00:42

.

Pre-Run: 119,640,797,184 bytes libres

Post-Run: 119,634,153,472 bytes libres

.

- - End Of File - - 276349B8292974738D14F51D8999FAAA

Link to post
Share on other sites

Well..., I thought the above report was the one. I will scan again and the below one is the new report. Undesired web pages continues to popup. Cheers and thanks

ComboFix 13-02-15.01 - Juan Merello-Galasso 17/02/2013 12:14:37.7.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.52.3082.18.2039.1549 [GMT -3:00]

Running from: c:\documents and settings\Juan Merello-Galasso\Escritorio\Combofix\Puppy.exe.exe

Command switches used :: E:\CFScript.text.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Puppy.exe

c:\puppy.exe\gsar.3XE

c:\puppy.exe\swreg.3XE

.

.

((((((((((((((((((((((((( Files Created from 2013-01-17 to 2013-02-17 )))))))))))))))))))))))))))))))

.

.

2013-02-17 13:36 . 2013-02-17 13:36 -------- d-----w- C:\cf0d5cb78570e5af2370c3d28b950ff9

2013-02-13 22:49 . 2013-02-13 22:51 -------- d-----w- c:\archivos de programa\Email

2013-02-12 18:03 . 2013-02-12 18:03 -------- d-----w- c:\documents and settings\Juan Merello-Galasso\Datos de programa\Ufasoft

2013-02-12 01:01 . 2013-02-12 14:22 -------- d-----w- c:\archivos de programa\Perfect Uninstaller

2013-02-03 20:43 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-02-03 20:43 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-02-03 20:43 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-02-03 20:43 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-02-03 20:43 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-02-03 20:43 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2013-02-03 20:43 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2013-02-03 20:43 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2013-02-03 20:42 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr

2013-02-03 20:42 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe

2013-02-03 19:51 . 2013-02-03 19:51 -------- d-----w- c:\documents and settings\Juan Merello-Galasso\Datos de programa\DriverCure

2013-02-03 19:51 . 2013-02-03 19:51 -------- d-----w- c:\documents and settings\Juan Merello-Galasso\Datos de programa\ParetoLogic

2013-02-03 19:50 . 2013-02-03 19:53 -------- d-----w- c:\documents and settings\All Users\Datos de programa\ParetoLogic

2013-02-03 14:48 . 2013-01-07 23:57 6991832 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{32301680-2EEF-4BEE-AB90-098A191B3609}\mpengine.dll

2013-02-02 21:46 . 2013-02-02 21:46 -------- d-----w- C:\VundoFix Backups

2013-01-26 23:07 . 2013-01-26 23:08 -------- d-----w- c:\archivos de programa\ERUNT

2013-01-26 22:56 . 2013-01-26 22:56 -------- d-----w- c:\documents and settings\All Users\Datos de programa\CheckPoint

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-14 15:17 . 2012-07-26 19:21 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-14 15:17 . 2012-01-11 00:11 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-30 10:53 . 2012-05-04 00:33 232336 ------w- c:\windows\system32\MpSigStub.exe

2013-01-26 03:55 . 2008-04-15 12:00 552448 ------w- c:\windows\system32\oleaut32.dll

2013-01-07 23:57 . 2013-01-17 15:48 6991832 ----a-w- c:\documents and settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-07 07:25 . 2011-02-09 13:01 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 07:25 . 2011-02-09 13:01 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 10:09 . 2011-03-03 13:53 1867392 ----a-w- c:\windows\system32\win32k.sys

2013-01-03 10:18 . 2013-01-14 20:09 15360 ----a-w- c:\windows\Launcher.exe

2013-01-02 06:49 . 2010-02-05 18:26 1298432 ----a-w- c:\windows\system32\quartz.dll

2013-01-02 06:49 . 2008-04-15 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2012-12-26 20:21 . 2011-04-14 13:01 916480 ----a-w- c:\windows\system32\wininet.dll

2012-12-26 20:20 . 2011-04-14 13:01 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-12-26 20:20 . 2011-04-14 13:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-12-24 06:41 . 2011-04-14 13:01 385024 ----a-w- c:\windows\system32\html.iec

2012-12-16 12:23 . 2011-02-15 12:56 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 19:49 . 2012-10-18 19:37 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-28 14:22 . 2012-11-28 14:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-28 14:22 . 2012-08-11 23:50 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-28 14:22 . 2012-05-15 19:25 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-28 14:22 . 2010-05-27 12:31 746984 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-30 13:28 . 2012-08-15 17:22 2346904 ----a-w- c:\archivos de programa\ESETSmartInstaller_1.exe

2011-09-30 13:28 . 2012-08-15 17:22 2346904 ----a-w- c:\archivos de programa\ESETSmartInstaller.exe

2010-10-02 09:03 . 2010-10-20 02:36 189920 ----a-w- c:\archivos de programa\Windows Installer CleanUp Utility.exe

2010-09-27 17:28 . 2010-09-27 17:28 307032 ----a-w- c:\archivos de programa\Toolbox.exe

2010-03-23 13:05 . 2010-11-27 16:17 581120 ----a-w- c:\archivos de programa\lame.exe

2008-11-10 20:25 . 2008-11-10 20:25 244592 ----a-w- c:\archivos de programa\ZoomIt.exe

2008-06-23 12:50 . 2010-09-08 12:48 534016 ----a-w- c:\archivos de programa\FireTune.exe

2007-02-12 20:31 . 2012-04-05 14:22 1111552 ----a-w- c:\archivos de programa\FSCapture.exe

2005-10-20 15:04 . 2005-10-20 15:04 38912 ----a-w- c:\archivos de programa\AUTOBACK.EXE

2005-10-20 15:03 . 2005-10-20 15:03 140288 ----a-w- c:\archivos de programa\NTREGOPT.EXE

2005-10-20 15:02 . 2005-10-20 15:02 163328 ----a-w- c:\archivos de programa\ERDNT.E_E

2005-10-20 15:00 . 2005-10-20 15:00 157696 ----a-w- c:\archivos de programa\ERUNT.EXE

2005-01-21 22:08 . 2010-06-26 22:17 2384669 ----a-w- c:\archivos de programa\WinAVI_Video_Capture.exe

2013-02-06 12:41 . 2013-02-06 12:41 262552 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\archivos de programa\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"WinPatrol"="c:\archivos de programa\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-20 363752]

"avast"="c:\archivos de programa\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

c:\documents and settings\Juan Merello-Galasso\Menú Inicio\Programas\Inicio\

ERUNT AutoBackup.lnk - c:\archivos de programa\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

QuickMonth Calendar.lnk - c:\windows\qmc.exe [2010-4-1 429003]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35 946352 ----a-w- c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-05-10 05:41 49208 ----a-w- c:\archivos de programa\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2009-06-04 22:03 186904 ----a-w- c:\archivos de programa\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Archivos de programa\\Archivos comunes\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Archivos de programa\\Daum\\PotPlayer\\PotPlayerMini.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Archivos de programa\\Applian Technologies\\Applian FLV and Media Player\\amp.exe"=

"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"20998:TCP"= 20998:TCP:BitComet 20998 TCP

"20998:UDP"= 20998:UDP:BitComet 20998 UDP

.

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [20/11/2009 02:36 p.m. 21488]

R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [20/11/2009 02:36 p.m. 15856]

R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [02/07/2009 02:10 a.m. 103792]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [03/02/2013 05:43 p.m. 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/02/2013 05:43 p.m. 361032]

R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [20/11/2009 02:36 p.m. 25584]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [02/11/2010 08:06 p.m. 101112]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/02/2013 05:43 p.m. 21256]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [20/11/2009 02:23 p.m. 113664]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/09/2009 06:46 p.m. 62576]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [16/01/2012 02:44 p.m. 193640]

S2 SkypeUpdate;Skype Updater;c:\archivos de programa\Skype\Updater\Updater.exe [13/07/2012 02:28 p.m. 160944]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\archivos de programa\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\archivos de programa\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANMp50.sys [26/08/2012 01:20 p.m. 36408]

S3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANSp50.sys [26/08/2012 01:20 p.m. 35384]

S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\archivos de programa\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe --> c:\archivos de programa\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [?]

S4 BOTService;BOTService;"c:\archivos de programa\Roxio\BackOnTrack\Instant Restore\BOTService.exe" --> c:\archivos de programa\Roxio\BackOnTrack\Instant Restore\BOTService.exe [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-02-02 22:14 1607120 ----a-w- c:\archivos de programa\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 15:17]

.

2013-02-17 c:\windows\Tasks\avast! Emergency Update.job

- c:\archivos de programa\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-03 22:50]

.

2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-10-04 00:22]

.

2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-10-04 00:22]

.

2012-02-09 c:\windows\Tasks\Juan Merello-Galasso NBAgent.job

- c:\archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2010-06-08 06:45]

.

2012-01-29 c:\windows\Tasks\Juan Merello-Galasso.job

- c:\archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2010-06-08 06:45]

.

2012-01-29 c:\windows\Tasks\Juan Merello-Galasso2.job

- c:\archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2010-06-08 06:45]

.

2012-02-09 c:\windows\Tasks\Juan Merello-Galasso3.job

- c:\archivos de programa\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2010-06-08 06:45]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzuzytDyE0C0EyDzyyCtBtC0B0Bzz0AtAtAyBtN0D0TzutBtDtCtCtDzztCyE&cr=266032843

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.cl/

FF - ExtSQL: 2013-01-16 11:21; {66E978CD-981F-47DF-AC42-E3CF417C1467}; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi

FF - ExtSQL: 2013-01-16 11:21; {39952c40-5197-11da-8cd6-0800200c9a66}; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\{39952c40-5197-11da-8cd6-0800200c9a66}.xpi

FF - ExtSQL: 2013-01-17 13:20; CNT@ednovak.net; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\CNT@ednovak.net.xpi

FF - ExtSQL: 2013-01-17 20:50; status4evar@caligonstudios.com; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\status4evar@caligonstudios.com.xpi

FF - ExtSQL: 2013-01-22 11:12; foxmarks@kei.com; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\foxmarks@kei.com

FF - ExtSQL: 2013-01-26 13:07; {a3a5c777-f583-4fef-9380-ab4add1bc2a8}; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi

FF - ExtSQL: 2013-01-26 20:43; {dd3d7613-0246-469d-bc65-2a3cc1668adc}; c:\documents and settings\Juan Merello-Galasso\Datos de programa\Mozilla\Firefox\Profiles\c43nwsd9.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi

FF - ExtSQL: 2013-02-03 17:48; wrc@avast.com; c:\archivos de programa\AVAST Software\Avast\WebRep\FF

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-02-17 12:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]

"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"A0C0710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Completion time: 2013-02-17 12:28:22

ComboFix-quarantined-files.txt 2013-02-17 15:28

ComboFix2.txt 2013-02-15 19:59

ComboFix3.txt 2013-02-12 00:42

.

Pre-Run: 118,886,326,272 bytes libres

Post-Run: 118,797,795,328 bytes libres

.

- - End Of File - - 24A39F9606C7E59886B21D0BA48FE6DA

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.