Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

3BA.tmp


  • Please log in to reply

#1
rj2012

rj2012

    New Member

  • Member
  • Pip
  • 5 posts
How can I remove this virus?
  • 0

Advertisements


#2
rj2012

rj2012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL logfile created on: 05/03/2012 08:34:38 a.m. - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Elsy\Mis documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000180A | Country: Panamá | Language: ESA | Date Format: MM/dd/yyyy

1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.36% Memory free
3.84 Gb Paging File | 3.37 Gb Available in Paging File | 87.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 53.71 Gb Total Space | 39.02 Gb Free Space | 72.65% Space Free | Partition Type: NTFS
Drive D: | 22.61 Gb Total Space | 22.38 Gb Free Space | 98.99% Space Free | Partition Type: NTFS

Computer Name: STEVIE-314N0FSN | User Name: Elsy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/03 08:34:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elsy\Mis documentos\Downloads\OTL.exe
PRC - [2012/04/28 01:07:02 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Elsy\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
PRC - [2012/03/24 12:18:48 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Elsy\Configuración local\Datos de programa\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2011/09/24 16:03:42 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/09/22 13:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET Smart Security\egui.exe
PRC - [2011/06/15 03:40:48 | 000,088,688 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\KaraokeSer.exe
PRC - [2011/06/09 14:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
PRC - [2008/04/14 04:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/28 01:07:01 | 000,444,400 | ---- | M] () -- C:\Documents and Settings\Elsy\Configuración local\Datos de programa\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/28 01:06:59 | 003,915,248 | ---- | M] () -- C:\Documents and Settings\Elsy\Configuración local\Datos de programa\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/28 01:05:34 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Elsy\Configuración local\Datos de programa\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/28 01:05:33 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Elsy\Configuración local\Datos de programa\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/28 01:05:32 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\Elsy\Configuración local\Datos de programa\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012/04/28 00:09:18 | 008,743,584 | ---- | M] () -- C:\Documents and Settings\Elsy\Configuración local\Datos de programa\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
MOD - [2009/02/27 19:35:50 | 000,311,296 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\pdfshell.ESP
MOD - [2009/01/18 16:50:02 | 000,417,792 | ---- | M] () -- C:\Archivos de programa\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2008/04/14 04:48:26 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Archivos de programa\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Archivos de programa\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/24 16:03:42 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2011/06/15 03:40:48 | 000,088,688 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\WINDOWS\system32\KaraokeSer.exe -- (KaraokeService)
SRV - [2011/03/10 23:49:53 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/10/26 16:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 11:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/08/09 15:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/09 10:37:28 | 000,039,824 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2011/08/04 10:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2011/08/04 10:20:38 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2011/08/04 10:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/06/15 03:40:50 | 002,801,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2011/06/15 03:40:50 | 002,801,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (HdAudAddService)
DRV - [2011/06/13 11:03:54 | 000,306,664 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/26 21:29:34 | 001,656,960 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (AMBFilt)
DRV - [2009/02/12 12:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dddsk.sys -- (ElRawDisk)
DRV - [2008/12/02 20:56:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (MonFilt)
DRV - [2007/09/20 10:07:40 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/09/20 10:07:38 | 000,053,632 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...rsearch&AF=8747
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Archivos de programa\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Archivos de programa\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Elsy\Configuración local\Datos de programa\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Elsy\Configuración local\Datos de programa\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Archivos de programa\AVG\AVG10\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Archivos de programa\AVG\AVG10\Toolbar\Firefox\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Archivos de programa\ESET\ESET Smart Security\Mozilla Thunderbird [2011/12/09 14:19:34 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://search.avg.co...e}&iy=&ychte=us
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Elsy\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Elsy\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Elsy\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Elsy\Configuraci\u00F3n local\Datos de programa\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Archivos de programa\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Archivos de programa\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Archivos de programa\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Archivos de programa\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Archivos de programa\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: YouTube = C:\Documents and Settings\Elsy\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Elsy\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Elsy\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2001/09/28 11:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Archivos de programa\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Elsy\Menú Inicio\Programas\Inicio\_uninst_38233408.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54713405-7246-43C5-8BAC-5A4CC7B1155A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54713405-7246-43C5-8BAC-5A4CC7B1155A}: NameServer = 201.225.225.226,201.224.83.242
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAD619B9-E5F1-430D-BF84-1E95300145B8}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Archivos de programa\vShare\vshare_toolbar.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Elsy\Datos de programa\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elsy\Datos de programa\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/01 12:52:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/26 15:20:26 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Elsy\Escritorio\iexplore.exe
[2012/05/03 08:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elsy\Mis documentos\Downloads
[2012/04/19 16:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Skype
[2012/04/19 16:50:38 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Skype
[2012/04/19 16:50:37 | 000,000,000 | R--D | C] -- C:\Archivos de programa\Skype
[2012/04/17 06:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\boost_interprocess
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/03 08:23:00 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1078081533-839522115-1003UA.job
[2012/05/03 08:01:02 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/03 06:21:20 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/02 11:23:00 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1078081533-839522115-1003Core.job
[2012/05/01 11:26:10 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\Elsy\Escritorio\Google Chrome.lnk
[2012/04/26 16:15:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/20 14:53:31 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Skype.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/19 16:50:38 | 000,002,307 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Skype.lnk
[2012/01/09 18:47:15 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Elsy\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/11 00:24:37 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/08/10 08:50:35 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2011/08/10 08:50:35 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[2011/08/10 07:32:46 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2011/08/10 07:25:03 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/10/09 10:56:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/20 11:53:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/01 13:38:51 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/01 13:30:36 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/01 13:06:09 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/09/01 12:46:03 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

< End of report >

Edited by rj2012, 03 May 2012 - 07:39 AM.

  • 0

#3
rj2012

rj2012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ESET smart security 5 does not work to remove this virus. I delete the file from the download folder but it keeps coming back.
  • 0

#4
rj2012

rj2012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
And now I see this trojan B885.tmp in the download folder..
  • 0

#5
rj2012

rj2012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
And even more


B8E9.tmp B8F2.tmp B8F8.tmp B901.tmp B944.tmp

Edited by rj2012, 03 May 2012 - 08:23 AM.

  • 0

#6
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP