Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MyStart ByIncredibar start page [Solved]


  • This topic is locked This topic is locked

#16
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,131 posts
Hi Aranel,
Let's use OTL to remove the MyStart malware and his friends

We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    [emptytemp]
    :OTL
    IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
    IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    FF - prefs.js..browser.startup.homepage: "http://Mystart.incredibar.com/mb124"
    FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
    [2011/12/17 20:32:18 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]
    [2012/04/06 23:27:25 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]
    [2011/02/05 23:53:09 | 000,002,059 | ---- | M] () -- C:\Users\Gonzalo\AppData\Roaming\Mozilla\Firefox\Profiles\nhokb6bx.default\searchplugins\daemon-search.xml
    [2012/04/06 23:27:17 | 000,002,203 | ---- | M] () -- C:\Users\Gonzalo\AppData\Roaming\Mozilla\Firefox\Profiles\nhokb6bx.default\searchplugins\MyStart Search.xml
    O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
    [2012/05/14 19:11:49 | 000,000,020 | ---- | M] () -- C:\Windows\lö¿
    [2011/06/28 21:40:28 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?­) -- C:\Windows\SysWow64\绠­
    [2011/06/28 21:40:28 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?­) -- C:\Windows\SysWow64\绠­
    [2011/06/18 20:27:12 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?L) -- C:\Windows\SysWow64\泐Ľ
    [2011/06/18 20:27:12 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?L) -- C:\Windows\SysWow64\泐Ľ
    [2011/04/28 23:39:14 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\였ĸ
    [2011/04/28 23:39:14 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\였ĸ
    @Alternate Data Stream - 518 bytes -> C:\ProgramData\TEMP:05EE1EEF
    
    :Files
    ipconfig /flushdns /c
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


In your next reply I would like to see:
  • OTL fix log
  • OTL quick scan log

  • 0

Advertisements


#17
Aranel

Aranel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here you have what you asked for, after this repair it seems that Mystart isn´t in my computer anymore and my computer is working perfectly.
Thank you for helping my with this issue, and you will tell me if there is something more to fix in the OTL log.





All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: gonza
->Temp folder emptied: 0 bytes

User: Gonzalo
->Temp folder emptied: 161819883 bytes
->Temporary Internet Files folder emptied: 79538056 bytes
->Java cache emptied: 4875262 bytes
->FireFox cache emptied: 303268762 bytes
->Flash cache emptied: 8619 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1138412 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67908 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 525,00 mb

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "http://Mystart.incre...ibar.com/mb124" removed from browser.startup.homepage
Prefs.js: [email protected]:1.1.3 removed from extensions.enabledItems
C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]\content\imgs\mnRadio folder moved successfully.
C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]\content\imgs\flgs folder moved successfully.
C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]\content\imgs folder moved successfully.
C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected] folder moved successfully.
C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]\content\imgs\flgs folder moved successfully.
C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]\content\imgs folder moved successfully.
C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected] folder moved successfully.
C:\Users\Gonzalo\AppData\Roaming\Mozilla\Firefox\Profiles\nhokb6bx.default\searchplugins\daemon-search.xml moved successfully.
C:\Users\Gonzalo\AppData\Roaming\Mozilla\Firefox\Profiles\nhokb6bx.default\searchplugins\MyStart Search.xml moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
C:\Windows\lö¿ moved successfully.
C:\Windows\SysWOW64\绠­ moved successfully.
File C:\Windows\SysWow64\绠­ not found.
C:\Windows\SysWOW64\泐Ľ moved successfully.
File C:\Windows\SysWow64\泐Ľ not found.
C:\Windows\SysWOW64\였ĸ moved successfully.
File C:\Windows\SysWow64\였ĸ not found.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configuraci¢n IP de Windows
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
C:\Users\Gonzalo\Desktop\cmd.bat deleted successfully.
C:\Users\Gonzalo\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.43.2 log created on 05282012_101308

Files\Folders moved on Reboot...
C:\Users\Gonzalo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Gonzalo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NY3LIT9\ADSAdClient31[1].htm not found!
File\Folder C:\Users\Gonzalo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3EOSIZBY\default[1].htm not found!

Registry entries deleted on Reboot...






OTL logfile created on: 28/05/2012 10:19:27 - Run 2
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Gonzalo\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 67,71% Memory free
8,00 Gb Paging File | 6,39 Gb Available in Paging File | 79,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 103,12 Gb Free Space | 22,14% Space Free | Partition Type: NTFS

Computer Name: GONZALO-AMD | User Name: Gonzalo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/27 13:53:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Gonzalo\Desktop\OTL.exe
PRC - [2009/09/18 16:24:04 | 000,380,928 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2009/08/04 12:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe


========== Modules (No Company Name) ==========

MOD - [2009/09/18 16:23:24 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraEsp.dll
MOD - [2009/07/30 13:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 23:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/17 10:30:54 | 000,094,480 | ---- | M] (SANDBOXIE L.T.D) [Disabled | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/02 13:22:40 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/24 09:38:06 | 000,068,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/08/04 12:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/13 22:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 22:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 22:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/27 15:26:42 | 000,398,336 | ---- | M] (Ares Development Group) [Disabled | Stopped] -- C:\Program Files (x86)\Ares\chatServer.exe -- (AresChatServer)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/06 02:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 02:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 22:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/02/23 09:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/06/17 10:30:50 | 000,154,752 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011/02/05 23:53:06 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/06/22 10:07:39 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSwa.sys -- (AVGIDSErHrw7a)
DRV:64bit: - [2010/06/01 09:59:24 | 000,029,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/23 11:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/30 08:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/17 15:52:00 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/07/13 22:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 22:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012/02/08 12:47:22 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/11/07 11:42:28 | 000,104,912 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://topweb9.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 56 A4 D1 67 E7 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {62A21E3F-38F5-481f-9526-30F106CC1BE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{62A21E3F-38F5-481f-9526-30F106CC1BE4}: "URL" = http://es.search.yah...icevm&type=IEBD
IE - HKCU\..\SearchScopes\{78F28CD7-766E-4ed5-AE79-3F989FBC0559}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/05 04:21:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/16 16:52:36 | 000,000,000 | ---D | M]

[2010/11/11 14:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Extensions
[2012/05/28 10:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions
[2012/01/20 12:50:38 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]
[2011/12/16 16:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/04/06 21:57:04 | 000,013,666 | ---- | M] () (No name found) -- C:\USERS\GONZALO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NHOKB6BX.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
[2012/05/18 22:15:04 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\GONZALO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NHOKB6BX.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/05/05 04:21:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/11 00:14:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/11 00:14:29 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
[2012/02/11 00:14:29 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
[2011/12/15 12:42:42 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/02/11 00:14:29 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/02/11 00:14:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
[2012/02/11 00:14:29 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2012/05/25 18:10:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D4D3E30-AC58-447A-A796-7B776B479B00}: NameServer = 200.115.192.29,200.115.192.30
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/08 01:22:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 10:13:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/28 09:57:11 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{49125F4A-6E28-4BE7-9E76-66BFC8CAF87C}
[2012/05/28 09:56:54 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{91726D39-7613-4464-AFB3-D5511CC030EC}
[2012/05/27 14:10:35 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{EAF5BE04-89FA-4A05-81BE-9E21AC43DC49}
[2012/05/27 14:10:16 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{AF02AF34-0A75-4F42-830B-A5A2D24B5F33}
[2012/05/27 13:52:55 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Gonzalo\Desktop\OTL.exe
[2012/05/26 15:54:45 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{40471539-48F5-4D8F-97CF-B7A5EE27491A}
[2012/05/26 15:54:17 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F522A694-82BB-4B87-9459-CFD2B27DC709}
[2012/05/25 18:13:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/25 14:02:31 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{3F1375FE-CA26-4A7A-8AEF-9AC5B9B7319E}
[2012/05/25 14:02:15 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{95CDA446-67BE-414E-9587-485A799EE33A}
[2012/05/24 09:44:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/24 09:44:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/24 09:44:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/24 09:44:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/24 09:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/05/24 09:30:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/05/24 00:06:02 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{68460B94-B6AD-4C37-9B30-0783A541ACD2}
[2012/05/24 00:05:49 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F600BCC0-A993-4C43-A80C-91417A32E891}
[2012/05/22 23:22:17 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{93D032CA-4132-4DCF-8300-A6C96EF4F8FE}
[2012/05/22 23:22:04 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{34D22459-BD57-4B3B-823A-78642A6678A1}
[2012/05/21 19:28:55 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{CA76DE75-1C34-473D-B63E-2EE20BF705AC}
[2012/05/21 19:28:37 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{18F48607-9101-42DC-8DB8-150945BB76ED}
[2012/05/20 16:03:07 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{4832370F-C69C-4025-9226-DE8C452A38AD}
[2012/05/20 16:02:54 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E407DC43-80FE-4C0B-8C63-2B2ABC5BF60A}
[2012/05/19 20:22:30 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{77353729-0723-4373-A46D-199197E7DBFA}
[2012/05/19 20:22:12 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{4E049D48-76E3-4E17-83F7-2BEF0B8D4E2A}
[2012/05/18 21:51:36 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E95FB76C-3CA5-4B71-A05E-0BC303DD916F}
[2012/05/18 21:51:13 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{66CF7FBA-27F0-4AC9-BA2E-CFBEBF4FBD9C}
[2012/05/18 09:50:45 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F69EDC45-8297-4323-8F1A-0A2FBC00A0CA}
[2012/05/18 09:50:28 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{8C90D4AA-AA0F-4626-A28C-EBABF19ADD52}
[2012/05/17 16:01:16 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{BC06832F-A64F-4B9B-92B1-5EEEA0A73E95}
[2012/05/17 16:01:01 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{73B40C8A-1073-4595-A9C3-B761313C1E3A}
[2012/05/16 17:14:44 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{28198C12-8AEF-428E-AB9B-EDFE9429A7F0}
[2012/05/16 17:14:29 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{9B744A81-6374-40FE-A743-E2C77778E9D1}
[2012/05/15 22:08:33 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{0567D3E5-3BFB-4EE0-AF26-FF248F55E1A4}
[2012/05/15 22:08:20 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{33C1D890-397D-46B7-9CE9-601F1FF40FA4}
[2012/05/15 10:06:44 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{2161C7DC-6FDC-4FCB-BE48-2EC8B3E0478A}
[2012/05/15 10:06:07 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{668C0231-4024-4E89-BAC3-82CAEE29B3F5}
[2012/05/14 13:06:37 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{5A594F08-8D04-4C12-A3CA-CE42A476CCC4}
[2012/05/14 13:06:13 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{469A6063-7BDA-4E3B-84B6-1EEEF6A1E310}
[2012/05/14 01:05:47 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{39CC0F8F-6B74-4B18-A0EB-3F5D5DF5950D}
[2012/05/13 13:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/05/13 13:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/05/13 13:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/05/13 13:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/05/13 13:05:10 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{55C2EA97-777B-4098-BAFC-0335622850DD}
[2012/05/13 13:04:47 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{55D0DFCB-79EC-40C7-B36A-E43867CA6AE2}
[2012/05/12 18:11:22 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{D1D510AD-FC55-41AE-B43A-34F289EA7BEF}
[2012/05/12 18:10:22 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{DFA3E18A-36ED-496B-BEE9-100BE78E9DA9}
[2012/05/12 04:29:50 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{C2AE99CB-9052-4A60-A9D9-E9D289DC60C1}
[2012/05/11 16:29:25 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{3B0E208F-5D31-4AD7-893C-A3CDA1145951}
[2012/05/11 16:29:03 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F870DA9A-CE4D-4823-AE19-791D3B7CE96B}
[2012/05/11 04:28:33 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{1BDFFDB1-9289-4BCC-B753-9298C790C68C}
[2012/05/11 04:28:14 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{90EED6A3-CFFC-4674-B36E-835BE593C0F9}
[2012/05/09 15:32:45 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{256F7DA9-03CE-4336-907C-B2B491FCCEF6}
[2012/05/09 15:32:32 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{4C388D5C-B010-41B8-8D54-618D7841E7B5}
[2012/05/09 00:50:25 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{6794A934-CAE4-45A5-9FCE-095DE7B73C08}
[2012/05/08 15:15:35 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\Desktop\Diagramas
[2012/05/08 12:49:22 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{9720CD11-4B12-4D7D-B0B3-A4718F038782}
[2012/05/08 12:48:59 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{C37AE853-B554-48C9-A5D4-D0516507F53A}
[2012/05/08 00:48:07 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{DD296E06-9225-402A-ACE5-9EDFA70F0938}
[2012/05/08 00:47:44 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{B07BB328-8A24-4703-B65D-94DF7F2F1EB7}
[2012/05/07 12:47:01 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{2FF43B4B-9001-4865-8A8A-D727939C39AB}
[2012/05/07 12:46:08 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{B928387D-AB9C-4F4D-B8B8-466D7FA04907}
[2012/05/06 16:20:55 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{ED7AEF2B-8BD3-4A16-9193-23DBD4272AD5}
[2012/05/06 16:20:41 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{AABEE1CC-E17D-4E78-AFCD-57351DA89F4B}
[2012/05/05 12:50:48 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{6DD778DE-C804-4A56-B21D-7BFD3F1DE330}
[2012/05/05 12:50:25 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{CB8A03FA-42F3-4DC9-B6A2-CC962D88E205}
[2012/05/05 04:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/02 13:36:36 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{6E532465-64AA-4D03-9340-14FE8F7376C0}
[2012/05/02 13:36:13 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{B128A7C4-9739-415D-A558-7168141ED201}
[2012/05/02 01:35:46 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E4088F82-0272-4C26-A674-92326CD2CD6E}
[2012/05/01 13:35:09 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F5266D9F-A38E-4D0C-BDD0-45CEC7573DEA}
[2012/05/01 13:34:46 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F744F225-79E9-4267-A590-A10D8A601B16}
[2012/05/01 01:34:20 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{31FE5C18-64EB-4BF0-826A-68A9F648B8AF}
[2012/05/01 01:33:58 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{0DF2974D-843A-4E2D-B7DB-1153163FC1AA}
[2012/04/30 13:33:44 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{D6024324-308F-4537-A945-29D53F16B606}
[2012/04/30 13:33:31 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{D7993BEA-F9D6-4BD3-B9FE-A3735DC99404}
[2012/04/30 00:41:15 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E7309E2E-2A52-4617-997D-EA0D293B4A53}
[2012/04/30 00:40:53 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{396CBB30-0AC8-4586-B813-D1B750A4FAA9}
[2012/04/29 12:40:26 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{DEC641C0-1100-40AA-8311-AFDEF91A7B01}
[2012/04/29 12:40:04 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{97B20CFC-5EDF-4494-8DAD-A7184F719261}
[2012/04/29 00:39:37 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E74EC652-80EA-4733-8E37-1AE591F3A399}
[2012/04/28 12:38:59 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{27B86FB6-0DDC-4F9E-971E-98776DA4633A}
[2012/04/28 12:38:36 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{DE9A6738-D791-497C-91B8-A38168C3DF42}

========== Files - Modified Within 30 Days ==========

[2012/05/28 10:15:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/28 10:14:56 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/28 09:43:32 | 000,018,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 09:43:32 | 000,018,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 13:53:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Gonzalo\Desktop\OTL.exe
[2012/05/25 18:10:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/24 09:30:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/05/24 09:26:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/05/24 09:26:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/05/16 00:24:00 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini

========== Files Created - No Company Name ==========

[2012/05/24 09:44:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/24 09:44:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/24 09:44:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/24 09:44:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/24 09:44:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/24 09:30:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/05/24 09:26:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/05/24 09:26:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/06 14:50:16 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/06 14:50:15 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/14 23:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 23:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/10 01:18:02 | 000,001,456 | ---- | C] () -- C:\Users\Gonzalo\AppData\Local\Adobe Guardar para Web 12.0 Prefs
[2012/01/25 21:01:59 | 000,000,132 | ---- | C] () -- C:\Users\Gonzalo\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/01/15 01:34:14 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/01/15 01:34:14 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/15 01:34:14 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/01/15 01:34:14 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/01/15 01:34:13 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/08 15:27:26 | 001,853,736 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/31 11:02:28 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\bcevent.dll
[2011/10/25 23:31:57 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/12 11:12:53 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/09/10 19:10:50 | 000,002,316 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/03/19 18:21:27 | 000,164,510 | ---- | C] () -- C:\Windows\Video Slice Uninstaller.exe
[2011/01/21 17:27:56 | 000,003,584 | ---- | C] () -- C:\Users\Gonzalo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/01 18:40:05 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/23 13:59:42 | 000,000,849 | ---- | C] () -- C:\Windows\ARPR.INI
[2010/09/06 20:27:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/22 00:45:44 | 000,007,602 | ---- | C] () -- C:\Users\Gonzalo\AppData\Local\Resmon.ResmonCfg

========== LOP Check ==========

[2012/02/04 16:52:33 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\AVG2012
[2010/07/11 15:23:59 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\AVG9
[2012/04/15 12:58:00 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\DAEMON Tools Lite
[2011/12/30 18:52:17 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Dev-Cpp
[2012/04/24 00:48:33 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\FileZilla
[2011/10/24 23:40:19 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\fltk.org
[2011/06/07 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\GetRightToGo
[2011/05/15 01:33:07 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Helios
[2010/07/27 20:03:29 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\JGsoft
[2012/02/04 12:09:33 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Lineage Utils - Beta
[2012/04/18 09:36:15 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Macro Recorder
[2012/05/14 19:10:19 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Media Finder
[2011/02/22 16:13:00 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\OnReally
[2011/08/30 12:52:48 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\OpenOffice.org
[2011/12/25 21:21:45 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Opera
[2012/04/06 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\player
[2011/03/19 18:21:26 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\River Past G5
[2011/06/19 13:43:17 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Runiter
[2012/04/25 11:36:12 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\TS3Client
[2011/01/01 23:37:03 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Uniblue
[2012/05/26 00:57:58 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\uTorrent
[2012/04/03 22:08:59 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by Aranel, 28 May 2012 - 09:12 AM.

  • 0

#18
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,131 posts
I am very glad to hear your computer is back to behaving itself!

I would just like to sweep for any remnants. I would also like you to try SecurityCheck again, so please download a fresh copy from the link below.

Step 1
Posted Image Please run Malwarebytes' Anti-Malware

  • Go to the Update tab and check for updates, please install any updates found.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Step 3
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your next reply I would like to see:
  • MalwareBytes log
  • Eset log
  • post the contents of checkup.txt

  • 0

#19
Aranel

Aranel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here we go...





Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Versión de la Base de Datos: v2012.05.29.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Gonzalo :: GONZALO-AMD [administrador]

29/05/2012 17:27:35
mbam-log-2012-05-29 (17-27-35).txt

Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 221538
Tiempo transcurrido: 1 minuto(s), 58 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 0
(No se han detectado elementos maliciosos)

fin)







[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cccbb51b8858a84995662716f97a9796
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-29 09:48:46
# local_time=2012-05-29 06:48:46 (-0300, Hora estándar de Argentina)
# country="Spain"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1024 16777215 100 0 9017218 9017218 0 0
# compatibility_mode=5893 16776574 100 94 64875668 89867299 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=252785
# found=10
# cleaned=10
# scan_time=4277
C:\Documents and Settings\Gonzalo\Desktop\Aranel\Gonzalo's Files\Classroom[1].Spy.Professional-v2.6.8.Inc.Keygen-fff.rar a variant of Win32/NetworkLookOutAgent.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Gonzalo\Desktop\Aranel\Gonzalo's Files\windows-live-movie-maker-14.0.8091.0730.exe probably a variant of Win32/UpToDown.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Gonzalo\Desktop\Aranel\Gonzalo's Files\Essentials\Classroom[1].Spy.Professional-v2.6.8.Inc.Keygen-fff.rar a variant of Win32/NetworkLookOutAgent.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Gonzalo\Desktop\Aranel\Gonzalo's Files\Scripts msn\MsgPlusLive-482.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Classroom Spy Pro\bin\csagtproconfig.exe probably a variant of Win32/NetworkLookOutAgent.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Classroom Spy Pro\bin\cspro.exe a variant of Win32/NetworkLookOutAgent.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Classroom Spy Pro\bin\nlcspro\csagtpro.exe a variant of Win32/NetworkLookOutAgent.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Classroom Spy Pro\bin\nlcspro\csagtprosvc.exe a variant of Win32/NetworkLookOutAgent.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\nlcspro\CSAgentSilentSetup.exe a variant of Win32/NetworkLookOutAgent.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\nlcspro\csagtpro.exe a variant of Win32/NetworkLookOutAgent.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C









Results of screen317's Security Check version 0.99.41
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Classroom Spy Professional Console 2.6.8
Malwarebytes Anti-Malware versión 1.61.0.1400
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 11.1.102.63 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
  • 0

#20
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,131 posts
Hi Aranel,
As you can probaly see, you have a few things you will need to update.
Do you have the UAC (User Account Control) turned off on purpose? If not, you can turn it on by clicking on the Start Orb,
Type UAC into the search box,
In the User Account Control Settings window, move the slider to the "Default Notify me only when programs sty to make changes to my computer" setting, which is the 3rd one up from the bottom. It can't help protect you if it's turned off, but it's your choice.

You really need to update to Service Pack 1, the security patches in there are pretty important.
This Microsoft article covers how to do it.
Updating the Adobe products is important as you close the vulnerablilties that lets malware slip into your computer.
Your Adobe Flash player is out of date, in fact you should uninstall Flash Player 10 completely, visit this page

Your Adobe Shockwave player is out of date, you can update it by visiting this page

Your Adobe Reader is out of date, normally you can just go to Help - Check for updates, but you are a version behind, so I recommend that you uninstall the version that you have, and visit here to download Reader X

After all of that:

Now for the best part of the day! Congratulations, your logs appear to be clean! :thumbsup:
Let's do a little cleanup and then concentrate on keeping your computer safe in the future.

Uninstall ComboFix

  • Press the Windows key and R on the keyboard, this opens the Run box
  • In the run box, please type Combofix / Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the instructions on the screen
  • A message should appear confirming that ComboFix was uninstalled

Please re-run OTL one more time and click on the CleanUp button. This will remove all of the tools we have used, including OTL itself.

Make sure your computer is current with it's Windows updates.
Are your Automatic Updates enabled? They should be!
  • Click Start,
  • Click Control Panel.
  • Click Automatic Updates (XP) - or System and Security (Vista, 7)
  • Choose Automatic (recommended) (XP). or Turn automatic updating on or off (Vista, 7)
  • Choose a time when your computer will be turned on
  • Click OK

It is very important to keep your Java and Adobe Reader updated as these are prime targets of exploits these days. I use JavaRa to help keep Java current, but you can also go to Java.com and check for the latest updates. The adobe reader can be updated manually by going to Adobe.com

Please make sure you have an Anti-Virus product installed (Important to use only ONE A-V and make sure it is updated at all times). I personally use Microsoft Security Essentials, but I also recommend Avira, or Avast.

Windows Firewall: Please make sure that you have the Windows Firewall up and running, without a firewall your computer is vulnerable.
Windows 7/Vista
Windows XP

Using an on-demand malware scanner is a great idea, and MalwareBytes is the best one to use. I try to scan with mine at least once every two weeks: Malware Bytes

A FREE program that will help you to stay clean:
SpywareBlaster - Prevent the installation of spyware

A good verified backup is SUPER critical to keeping your sanity, and this is a good article to read. If any of your files are important to you, you need to back them up. I can't stress this enough, all hard drives will eventually die!

And finally please give these two articles on getting infected and staying clean a read,
So how did I get infected in the first place?
How to prevent Malware

Good luck and stay safe out there!
  • 0

#21
Elise

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP