Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Regedit and Taskmgr "Disabled by Administrator" [Solved]


  • This topic is locked This topic is locked

#1
DannieRay

DannieRay

    Member

  • Member
  • PipPip
  • 24 posts
So, a friend gave me her computer because it was "slow as [bleep]", in reality it seems to be super infected I don't know how the infection got into the computer in the first place.


I've been able to access the registry editor but it blocks itself again almost immediately, no luck getting to the task manager yet.

Malware Bytes keeps finding a lot of infections on the registry and temp folders, but they spring right back up after removal.

Any help to fix this permanently would be greatly appreciated.

I can't seem to be able to uninstall some programs, like AVG antivirus, which is installed and apparently running, but I cannot access it.

Sometimes when I try to download some stuff, the download gets stuck at 99%




OTL logfile created on: 23/02/2013 1:36:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrador\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040A | Country: España | Language: ESP | Date Format: dd/MM/yyyy

958,42 Mb Total Physical Memory | 296,59 Mb Available Physical Memory | 30,95% Memory free
2,26 Gb Paging File | 1,55 Gb Available in Paging File | 68,48% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 76,68 Gb Total Space | 59,34 Gb Free Space | 77,38% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: Administrador | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/23 01:36:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTL.exe
PRC - [2013/02/23 01:23:26 | 000,036,010 | ---- | M] () -- C:\WINDOWS\Temp\oeas.exe
PRC - [2013/02/23 01:23:06 | 000,012,970 | ---- | M] () -- C:\WINDOWS\Temp\jfnbxp.exe
PRC - [2013/02/22 21:37:53 | 000,811,008 | ---- | M] (Google Inc.) -- C:\WINDOWS\system32\safari.exe
PRC - [2013/02/21 02:23:46 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
PRC - [2012/12/14 12:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/01/03 10:10:42 | 000,921,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2011/08/02 02:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Archivos de programa\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/02/27 21:33:14 | 000,899,488 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
PRC - [2009/12/02 17:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 17:23:46 | 000,553,320 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2008/04/14 04:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/22 08:36:54 | 000,229,592 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc4.exe
PRC - [2006/10/19 17:21:50 | 000,060,928 | ---- | M] (SarbyxLabs) -- C:\Archivos de programa\SarbyxTrayClock\trayclock.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/23 01:23:26 | 000,036,010 | ---- | M] () -- C:\WINDOWS\Temp\oeas.exe
MOD - [2013/02/23 01:23:06 | 000,012,970 | ---- | M] () -- C:\WINDOWS\Temp\jfnbxp.exe
MOD - [2013/02/21 02:23:44 | 000,459,728 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\25.0.1364.97\ppgooglenaclpluginchrome.dll
MOD - [2013/02/21 02:23:43 | 012,637,136 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
MOD - [2013/02/21 02:23:42 | 004,050,896 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\25.0.1364.97\pdf.dll
MOD - [2013/02/21 02:22:48 | 001,552,848 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll
MOD - [2012/12/02 03:49:32 | 004,537,856 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\SwiftShader\1.0.3.0\libGLESv2.dll
MOD - [2012/12/02 03:49:32 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\SwiftShader\1.0.3.0\libEGL.dll
MOD - [2012/01/03 10:10:50 | 000,301,056 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\PDFShell.ESP
MOD - [2011/05/28 18:04:56 | 000,140,288 | ---- | M] () -- C:\Archivos de programa\WinRAR\RarExt.dll
MOD - [2008/04/14 04:48:26 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/10/31 10:35:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006/10/31 10:35:00 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\uwhnk.dll -- (kkwebzkt)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/14 12:49:28 | 000,756,072 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 12:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/10/12 02:25:22 | 004,502,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Archivos de programa\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 02:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Archivos de programa\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/02/27 21:33:14 | 000,899,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2010/01/09 16:37:50 | 004,713,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 16:18:00 | 000,227,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/12/02 17:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Archivos de programa\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 17:23:46 | 000,553,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2007/06/22 08:36:54 | 000,229,592 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2006/10/26 15:49:34 | 000,510,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifskv.sys -- (abp470n5)
DRV - [2012/12/14 12:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/03 00:31:16 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/10/07 02:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 02:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 02:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 02:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/10 21:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/10 21:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/10 21:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/10 21:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009/12/02 17:23:52 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2009/12/02 17:23:52 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2009/12/02 17:23:50 | 000,211,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2009/12/02 17:23:46 | 000,554,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2008/05/11 18:05:42 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2008/05/07 15:21:40 | 004,739,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/11/27 12:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/11/27 12:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminen...q={searchTerms}
IE - HKLM\..\SearchScopes\{EF42295F-E2B1-4709-AEC0-C9AF5E616138}: "URL" = http://www.google.co...={searchTerms}1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie_rsearch.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2776682
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.es...ID:1&hl=es&q=%s
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {1B977990-FE78-49E1-B0DA-57B5543F5E8F}
IE - HKCU\..\SearchScopes\{1B977990-FE78-49E1-B0DA-57B5543F5E8F}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}: "URL" = ${SRCH_SCP_URL}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\ARCHIV~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Archivos de programa\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Archivos de programa\AVG\AVG2012\Firefox4\ [2007/03/03 10:09:43 | 000,000,000 | ---D | M]

[2012/04/06 23:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://start.funmood...com/?f=1&a=down
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrador\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrador\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrador\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Iminent (Enabled) = C:\Documents and Settings\Administrador\Configuracin local\Datos de programa\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\4.43.0_0\npIminent.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Administrador\Configuracin local\Datos de programa\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Archivos de programa\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Archivos de programa\Windows Media Player\npdsplay.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Archivos de programa\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrador\Configuracin local\Datos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2001/08/24 15:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found.
O2 - BHO: (no name) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (no name) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - No CLSID value found.
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Archivos de programa\Softonic\Softonic\1.6.4.3\bh\Softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Archivos de programa\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Service Base] C:\WINDOWS\System32\safari.exe (Google Inc.)
O4 - HKCU..\Run: [SarbyxTrayClock] C:\Archivos de programa\SarbyxTrayClock\trayclock.exe (SarbyxLabs)
O4 - HKCU..\Run: [Windows Service Base] C:\WINDOWS\System32\safari.exe (Google Inc.)
O4 - HKLM..\RunServices: [Windows Service Base] C:\WINDOWS\System32\safari.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.75.0.4 200.75.25.224
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52BDC726-4B8F-49DF-A67E-971C9DF0323D}: DhcpNameServer = 200.75.0.4 200.75.25.224
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/03 00:31:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/23 01:35:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTL.exe
[2013/02/23 00:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Menú Inicio\Programas\Disk Heal
[2013/02/23 00:46:00 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Disk Heal
[2013/02/22 21:55:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\Recent
[2013/02/22 01:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
[2013/02/22 01:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2013/02/22 01:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2013/02/22 01:30:20 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/22 01:30:20 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2013/02/22 01:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Defraggler
[2013/02/22 01:24:17 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Defraggler
[2012/02/03 10:44:06 | 001,787,984 | ---- | C] (Funmoods) -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\funmoods.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/23 01:36:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTL.exe
[2013/02/23 01:25:00 | 000,001,224 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-484763869-1801674531-500UA.job
[2013/02/23 01:20:46 | 000,612,972 | ---- | M] () -- C:\WINDOWS\goxobx.exe
[2013/02/23 01:19:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/02/23 01:19:25 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2013/02/23 01:19:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/23 00:46:01 | 000,000,912 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Disk Heal.lnk
[2013/02/23 00:35:46 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\enable.bat
[2013/02/23 00:33:56 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\UnHookExec.inf
[2013/02/23 00:32:02 | 000,000,306 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\EnableTM.reg
[2013/02/22 21:14:33 | 000,366,246 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2013/02/22 21:14:33 | 000,314,952 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/22 21:14:33 | 000,052,422 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2013/02/22 21:14:33 | 000,041,022 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/22 01:30:24 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
[2013/02/22 01:25:01 | 000,001,172 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-484763869-1801674531-500Core.job
[2013/02/22 01:24:37 | 000,001,643 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Defraggler.lnk
[2013/02/22 01:19:32 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
[2013/02/22 01:00:53 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/23 00:46:01 | 000,000,912 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Disk Heal.lnk
[2013/02/23 00:35:27 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\enable.bat
[2013/02/23 00:34:00 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\UnHookExec.inf
[2013/02/23 00:32:04 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\EnableTM.reg
[2013/02/22 21:09:42 | 000,612,972 | ---- | C] () -- C:\WINDOWS\goxobx.exe
[2013/02/22 01:30:24 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
[2013/02/22 01:24:37 | 000,001,643 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Defraggler.lnk
[2012/04/06 22:54:37 | 000,050,547 | ---- | C] () -- C:\WINDOWS\System32\wuwuninst.exe
[2012/03/17 16:08:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Progs_.ini
[2012/03/13 22:23:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/03 14:53:38 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/03 10:21:52 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/03/03 10:21:51 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2012/03/03 10:21:48 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/03/03 10:21:48 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/03/03 10:21:47 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/03/03 02:15:15 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012/03/03 01:41:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/03/03 00:47:53 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/03/03 00:47:09 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OgaCheckControl.dll
[2012/03/03 00:42:49 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/03 00:32:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/03/03 00:29:02 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/03 00:25:52 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/03 00:24:26 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:48:38 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 04:48:22 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:48:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2007/03/03 10:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\AVG2012
[2012/07/16 01:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Babylon
[2012/07/16 02:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\BabylonToolbar
[2012/04/07 18:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Funmoods
[2012/03/05 22:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\GetRightToGo
[2012/08/22 05:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\PriceGong
[2012/04/07 17:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\SoftGrid Client
[2012/07/16 02:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Softonic
[2012/03/17 16:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Toolbar4
[2012/04/07 16:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\TP
[2007/03/03 10:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\AVG2012
[2012/07/16 01:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Babylon
[2007/03/03 08:53:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\CanonBJ
[2007/03/03 10:09:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\Common Files
[2013/02/22 22:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\MFAData
[2012/07/16 01:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\WinZip
[2012/03/07 21:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

========== Purity Check ==========



< End of report >

Edited by DannieRay, 22 February 2013 - 10:52 PM.

  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello DannieRay

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
DannieRay

DannieRay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
After running all three programs, both taskmgr and registry editor still blocked by admin.



Results of screen317's Security Check version 0.99.59
Windows XP Service Pack 3 x86 (UAC is disabled!)
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versión 1.70.0.1100
CCleaner
Java™ 6 Update 31
Java version out of Date!
Adobe Reader 10.1.2 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````


# AdwCleaner v2.113 - Fichero creado el 25/02/2013 a 00:08:17
# Actualizado el 23/02/2013 por Xplode
# Sistema operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuario : Administrador - DESKTOP
# Modo de inicio : Normal
# Ejecutado desde : C:\Documents and Settings\Administrador\Escritorio\adwcleaner.exe
# Opción [Supresión]


***** [Servicios] *****


***** [Ficheros / Carpetas] *****

Carpeta Suprimido : C:\Archivos de programa\Conduit
Carpeta Suprimido : C:\Archivos de programa\Softonic
Carpeta Suprimido : C:\Documents and Settings\Administrador\Configuración local\Datos de programa\BrotherSoft_Extreme
Carpeta Suprimido : C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Conduit
Carpeta Suprimido : C:\Documents and Settings\Administrador\Datos de programa\Babylon
Carpeta Suprimido : C:\Documents and Settings\Administrador\Datos de programa\BabylonToolbar
Carpeta Suprimido : C:\Documents and Settings\Administrador\Datos de programa\Funmoods
Carpeta Suprimido : C:\Documents and Settings\Administrador\Datos de programa\PriceGong
Carpeta Suprimido : C:\Documents and Settings\Administrador\Datos de programa\Softonic
Carpeta Suprimido : C:\Documents and Settings\Administrador\Datos de programa\Toolbar4
Carpeta Suprimido : C:\Documents and Settings\All Users\Datos de programa\Babylon
Carpeta Suprimido : C:\Documents and Settings\All Users\Menú Inicio\Programas\Iminent
Fichero Suprimido : C:\END
Fichero Suprimido : C:\user.js

***** [Registro] *****

Clave Supprimida : HKCU\Software\AppDataLow\Software\Conduit
Clave Supprimida : HKCU\Software\BabylonToolbar
Clave Supprimida : HKCU\Software\BrotherSoft_Extreme
Clave Supprimida : HKCU\Software\Conduit
Clave Supprimida : HKCU\Software\ConduitSearchScopes
Clave Supprimida : HKCU\Software\Headlight
Clave Supprimida : HKCU\Software\Iminent
Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51A86BB3-6602-4C85-92A5-130EE4864F13}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEE88B81-C2FB-4733-A826-88CB0A67FB61}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clave Supprimida : HKCU\Software\PriceGong
Clave Supprimida : HKCU\Software\SmartBar
Clave Supprimida : HKCU\Software\Softonic
Clave Supprimida : HKCU\Software\TBSB01620
Clave Supprimida : HKCU\Toolbar
Clave Supprimida : HKLM\Software\Babylon
Clave Supprimida : HKLM\Software\BabylonToolbar
Clave Supprimida : HKLM\Software\BrotherSoft_Extreme
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Clave Supprimida : HKLM\SOFTWARE\Classes\b
Clave Supprimida : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Clave Supprimida : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Clave Supprimida : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Clave Supprimida : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Clave Supprimida : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Clave Supprimida : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clave Supprimida : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Clave Supprimida : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Clave Supprimida : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Clave Supprimida : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Clave Supprimida : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Clave Supprimida : HKLM\SOFTWARE\Classes\Iminent
Clave Supprimida : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Clave Supprimida : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Clave Supprimida : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Clave Supprimida : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Clave Supprimida : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Clave Supprimida : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Clave Supprimida : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Clave Supprimida : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Clave Supprimida : HKLM\Software\Classes\Installer\Features\430E8DB44F0E90547A3564A7E858C48D
Clave Supprimida : HKLM\Software\Classes\Installer\Products\430E8DB44F0E90547A3564A7E858C48D
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Clave Supprimida : HKLM\SOFTWARE\Classes\Prod.cap
Clave Supprimida : HKLM\SOFTWARE\Classes\S
Clave Supprimida : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Clave Supprimida : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Clave Supprimida : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Clave Supprimida : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Clave Supprimida : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar
Clave Supprimida : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620
Clave Supprimida : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620.3
Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar.CT3148764
Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620
Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Clave Supprimida : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Clave Supprimida : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Clave Supprimida : HKLM\Software\Conduit
Clave Supprimida : HKLM\Software\Funmoods
Clave Supprimida : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Clave Supprimida : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Clave Supprimida : HKLM\Software\Iminent
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32D487C7-2F9E-442B-A845-A90B04524134}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4488B2F-42B9-4DB3-81ED-F446A98E77D6}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51A86BB3-6602-4C85-92A5-130EE4864F13}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AEE88B81-C2FB-4733-A826-88CB0A67FB61}
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\430E8DB44F0E90547A3564A7E858C48D
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Clave Supprimida : HKLM\Software\Softonic
Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{51A86BB3-6602-4C85-92A5-130EE4864F13}]
Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Valor Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{51A86BB3-6602-4C85-92A5-130EE4864F13}]
Valor Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Valor Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valor Supprimida : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Archivos de programa\Iminent\Iminent.exe]
Valor Supprimida : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Archivos de programa\Iminent\Iminent.Messengers.exe]

***** [Navegadores] *****

-\\ Internet Explorer v7.0.6000.16640

Sustituido : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2776682 --> hxxp://www.google.com
Sustituido : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/MON00033/tb_v1?SearchSource=15&cc= --> hxxp://www.google.com

-\\ Google Chrome v25.0.1364.97

Fichero : C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Preferences

Supprimida [l.1878] : homepage = "hxxp://start.funmoods.com/?f=1&a=down",

*************************

AdwCleaner[R1].txt - [30073 octets] - [25/02/2013 00:05:34]
AdwCleaner[S1].txt - [30499 octets] - [25/02/2013 00:08:17]

########## EOF - C:\AdwCleaner[S1].txt - [30560 octets] ##########




ogueKiller V8.5.2 [Feb 23 2013] por Tigzy
Email : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Sitio web : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Sistema Operativo : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Se inició en : Modo normal
Usuario : Administrador [Administrador]
Modo : Eliminar -- Fecha : 02/25/2013 00:15:39
| ARK || FAK || MBR |

¤¤¤ Procesos malignos : 3 ¤¤¤
[SUSP PATH] lfsgoypjc.exe -- C:\WINDOWS\Temp\lfsgoypjc.exe [-] -> ASESINADO [TermProc]
[SUSP PATH] winsjgev.exe -- C:\WINDOWS\Temp\winsjgev.exe [-] -> ASESINADO [TermProc]
[SUSP PATH] winsvvtxe.exe -- C:\WINDOWS\Temp\winsvvtxe.exe [-] -> ASESINADO [TermProc]

¤¤¤ Entradas Registro : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cpjksvxxyviutjyixjx (C:\Documents and Settings\Administrador\Datos de programa\cpjksvxxyviutjyixjx.exe) [-] -> ELIMINADO
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> ELIMINADO
[HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> ELIMINADO
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REMPLAZADO (0)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REMPLAZADO (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REMPLAZADO (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REMPLAZADO (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REMPLAZADO (0)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REMPLAZADO (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REMPLAZADO (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLAZADO (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLAZADO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLAZADO (0)

¤¤¤ Archivos / Carpetas: ¤¤¤

¤¤¤ Driver : [CARGADO] ¤¤¤

¤¤¤ Archivo HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Comprobación MBR: ¤¤¤

+++++ PhysicalDrive0: HDS728080PLA380 +++++
--- User ---
[MBR] b14039670b057d9f7687805b444ddb0c
[BSP] 9f148f48c157da445914b16b400dcaa0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78520 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finalizado : << RKreport[2]_D_02252013_02d0015.txt >>
RKreport[1]_S_02252013_02d0015.txt ; RKreport[2]_D_02252013_02d0015.txt
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello DannieRay

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
DannieRay

DannieRay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Quick question

When I ran OTL it showed me that I had "avgwdsvc.exe" running, will that interfere with ComboFix? AVG doesn't show in my tray and I can't manually access anything from AVG on the computer.

Still can't access the taskmanager, should I try and kill that process from a command line (if so how?) or do I go on with the instructions you just provided?
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Combofix will complain but it will still run - so go ahead and run it for me
  • 0

#7
DannieRay

DannieRay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
It didn't complain about antivirus. I could access both Registry editor and task manager now.

I also got a message that reads (translated from spanish):


"The files needed for windows to run correctly have been replaced by unknown versions, winows must restore the original versions of those files to mantain system stability.

Insert your Windows XP Disc Now"

Since this is not my computer, I don't have the disks. If I try to click cancel another message pops up that says:

"You selected not to restore the original versions of the files and this can affect system stability, Are you sure you want to save this unknown versions"

Would it be safe to hit yes on that?


ComboFix 13-02-24.01 - Administrador 25/02/2013 0:55.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.958.616 [GMT -3:00]
Running from: c:\documents and settings\Administrador\Escritorio\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrador\Datos de programa\cpjksvxxyviutjyixjx.exe
c:\documents and settings\Administrador\Escritorio\SMB3SetupES.exe
c:\windows\csrss.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
.
.
((((((((((((((((((((((((( Files Created from 2013-01-25 to 2013-02-25 )))))))))))))))))))))))))))))))
.
.
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\system32\wbem\snmp
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\system32\xircom
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\system32\oobe
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\srchasst
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\msagent
2013-02-25 03:16 . 2013-02-25 03:16 115968 ----a-w- c:\windows\java.exe
2013-02-25 03:16 . 2013-02-25 03:16 141056 ----a-w- c:\windows\system32\rundat.exe
2013-02-25 02:50 . 2013-02-25 02:50 1096448 ----a-w- c:\windows\sys.exe
2013-02-23 03:46 . 2013-02-23 03:46 -------- d-----w- c:\archivos de programa\Disk Heal
2013-02-23 00:37 . 2013-02-23 00:37 880640 ----a-w- c:\windows\system32\safari.exe
2013-02-23 00:09 . 2013-02-25 03:15 257090 ----a-w- c:\windows\goxobx.exe
2013-02-22 04:30 . 2013-02-22 04:30 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2013-02-22 04:30 . 2013-02-22 04:30 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2013-02-22 04:30 . 2013-02-22 04:30 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2013-02-22 04:30 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-22 04:24 . 2013-02-22 04:24 -------- d-----w- c:\archivos de programa\Defraggler
2013-02-22 04:12 . 2001-08-22 18:34 12416 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-02-22 04:02 . 2008-04-14 02:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-11 . C2BDEA3B5E025FADB79FD3DEB23B8F53 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-05-11 . 38FF5050D7BC47F344AE271B6C250201 . 3591680 . . [7.00.6000.16640] . . c:\windows\system32\mshtml.dll
.
[-] 2008-05-11 . 39E5AA52B667BDD18690336E7E410EAF . 826368 . . [7.00.6000.16640] . . c:\windows\system32\wininet.dll
.
[-] 2008-04-14 . 6D59C570A1E916463257B5060325CE8D . 225792 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-04-14 . EE7819B61235A020073C024A28B5D085 . 93184 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
.
.
[-] 2008-05-11 20:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
.
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SarbyxTrayClock"="c:\archivos de programa\SarbyxTrayClock\trayclock.exe" [2006-10-19 60928]
"Windows Service Base"="safari.exe" [2013-02-23 880640]
"Supports RAS Connections"="rundat.exe" [2013-02-25 141056]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Supports RAS Connections"="rundat.exe" [2013-02-25 141056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"AVG_TRAY"="c:\archivos de programa\AVG\AVG2012\avgtray.exe" [2012-01-24 2490208]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 921536]
"Windows Service Base"="safari.exe" [2013-02-23 880640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"Supports RAS Connections"="rundat.exe" [2013-02-25 141056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Supports RAS Connections"="rundat.exe" [2013-02-25 141056]
"Windows Service Base"="safari.exe" [2013-02-23 880640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 93184]
"Windows Service Base"="safari.exe" [2013-02-23 880640]
"Supports RAS Connections"="rundat.exe" [2013-02-25 141056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"Supports RAS Connections"="rundat.exe" [2013-02-25 141056]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Dnscache"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Archivos de programa\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Archivos de programa\\AVG\\AVG2012\\avgtray.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Documents and Settings\\Administrador\\Configuración local\\Datos de programa\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\POWERPNT.EXE"=
"c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"=
"c:\\Archivos de programa\\SarbyxTrayClock\\trayclock.exe"=
"c:\\Archivos de programa\\WinZip\\WZQKPICK32.EXE"=
"c:\\WINDOWS\\System32\\cmd.exe"= c:\\WINDOWS\\system32\\cmd.exe
"c:\\Archivos de programa\\Microsoft Application Virtualization Client\\sftlist.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Microsoft Shared\\Virtualization Handler\\CVHSVC.EXE"=
"c:\\Archivos de programa\\Archivos comunes\\Java\\Java Update\\jusched.exe"=
"c:\\Archivos de programa\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\Archivos de programa\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Documents and Settings\\Administrador\\Configuración local\\Datos de programa\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Documents and Settings\\Administrador\\Configuración local\\Datos de programa\\Google\\Update\\1.3.21.135\\GoogleCrashHandler.exe"=
"c:\\Archivos de programa\\Malwarebytes' Anti-Malware\\mbamservice.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3020:TCP"= 3020:TCP:cevoqtg
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [10/07/2011 21:14 23120]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/03/2012 0:31 717296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 2:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10/07/2011 21:14 295248]
R2 avgwd;WatchDog de AVG;c:\archivos de programa\AVG\AVG2012\avgwdsvc.exe [02/08/2011 2:09 192776]
R2 cvhsvc;Client Virtualization Handler;c:\archivos de programa\Archivos comunes\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [27/02/2010 21:33 899488]
R2 MBAMScheduler;MBAMScheduler;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe [22/02/2013 1:30 398184]
R2 sftlist;Application Virtualization Client;c:\archivos de programa\Microsoft Application Virtualization Client\sftlist.exe [02/12/2009 17:23 553320]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [22/06/2007 8:36 229592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/02/2013 1:30 21104]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 17:23 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 17:23 211304]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 17:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 17:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\archivos de programa\Microsoft Application Virtualization Client\sftvsa.exe [02/12/2009 17:23 209768]
S2 AVGIDSAgent;AVGIDSAgent;c:\archivos de programa\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 2:25 4502880]
S2 kkwebzkt;uwtnnozn;c:\windows\system32\svchost.exe -k netsvcs [14/04/2008 4:49 14336]
S2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [22/02/2013 1:30 756072]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [10/07/2011 21:14 134608]
S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/07/2011 21:14 24272]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 2:21 16720]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 2:30 32592]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ABP470N5
*NewlyCreated* - BITS
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kkwebzkt
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 200.75.0.4 200.75.25.224
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Datos de programa\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-25 01:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1600)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundat.exe
c:\windows\system32\safari.exe
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2013-02-25 01:02:52 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-25 04:02
.
Pre-Run: 63.582.105.600 bytes libres
Post-Run: 63.468.007.424 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AAAC68DDCA82A8C65D9D16D1E5BF497A
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello DannieRay

go ahead and click yes

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#9
DannieRay

DannieRay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
If i hit cancel and then yes on the Windows Files Protection window that pops up, it just pops up again =(.


When I try to run combofix with the script (or without) I get a NSIS Error window that says:

"Installer integrity check has failed, common causes are .........Contact the auhor to obtain a new copy"

I Redownloaed ComboFix and it worked, it also rebooted the system.

Regedit and Taskmgr both still working properly after reboot, computer seems to be working fine except for the Windows File Protection window that just won't go away.





ComboFix 13-02-24.01 - Administrador 25/02/2013 1:54.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.958.599 [GMT -3:00]
Running from: c:\documents and settings\Administrador\Escritorio\ComboFix.exe
Command switches used :: c:\documents and settings\Administrador\Escritorio\CFScript.txt.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ABP470N5
.
.
((((((((((((((((((((((((( Files Created from 2013-01-25 to 2013-02-25 )))))))))))))))))))))))))))))))
.
.
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\system32\wbem\snmp
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\system32\xircom
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\system32\oobe
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\srchasst
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\msagent
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\archivos de programa\microsoft frontpage
2013-02-25 03:16 . 2013-02-25 03:16 115968 ----a-w- c:\windows\java.exe
2013-02-25 03:16 . 2013-02-25 03:16 141056 ----a-w- c:\windows\system32\rundat.exe
2013-02-25 02:50 . 2013-02-25 02:50 1096448 ----a-w- c:\windows\sys.exe
2013-02-23 03:46 . 2013-02-23 03:46 -------- d-----w- c:\archivos de programa\Disk Heal
2013-02-23 00:37 . 2013-02-23 00:37 880640 ----a-w- c:\windows\system32\safari.exe
2013-02-23 00:09 . 2013-02-25 04:05 257090 ----a-w- c:\windows\goxobx.exe
2013-02-22 04:30 . 2013-02-22 04:30 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2013-02-22 04:30 . 2013-02-22 04:30 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2013-02-22 04:30 . 2013-02-22 04:30 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2013-02-22 04:30 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-22 04:24 . 2013-02-22 04:24 -------- d-----w- c:\archivos de programa\Defraggler
2013-02-22 04:12 . 2001-08-22 18:34 12416 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-02-22 04:02 . 2008-04-14 02:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-11 . C2BDEA3B5E025FADB79FD3DEB23B8F53 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-05-11 . 38FF5050D7BC47F344AE271B6C250201 . 3591680 . . [7.00.6000.16640] . . c:\windows\system32\mshtml.dll
.
[-] 2008-05-11 . 39E5AA52B667BDD18690336E7E410EAF . 826368 . . [7.00.6000.16640] . . c:\windows\system32\wininet.dll
.
[-] 2008-04-14 . 6D59C570A1E916463257B5060325CE8D . 225792 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-04-14 . EE7819B61235A020073C024A28B5D085 . 93184 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-05-11 20:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SarbyxTrayClock"="c:\archivos de programa\SarbyxTrayClock\trayclock.exe" [2006-10-19 60928]
"Windows Service Base"="safari.exe" [2013-02-23 880640]
"Supports RAS Connections"="rundat.exe" [2013-02-25 141056]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Supports RAS Connections"="rundat.exe" [2013-02-25 141056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"AVG_TRAY"="c:\archivos de programa\AVG\AVG2012\avgtray.exe" [2012-01-24 2490208]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 921536]
"Windows Service Base"="safari.exe" [2013-02-23 880640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"Supports RAS Connections"="rundat.exe" [2013-02-25 141056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Supports RAS Connections"="rundat.exe" [2013-02-25 141056]
"Windows Service Base"="safari.exe" [2013-02-23 880640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 93184]
"Windows Service Base"="safari.exe" [2013-02-23 880640]
"Supports RAS Connections"="rundat.exe" [2013-02-25 141056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"Supports RAS Connections"="rundat.exe" [2013-02-25 141056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Dnscache"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Archivos de programa\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Archivos de programa\\AVG\\AVG2012\\avgtray.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Documents and Settings\\Administrador\\Configuración local\\Datos de programa\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\POWERPNT.EXE"=
"c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"=
"c:\\Archivos de programa\\SarbyxTrayClock\\trayclock.exe"=
"c:\\Archivos de programa\\WinZip\\WZQKPICK32.EXE"=
"c:\\WINDOWS\\System32\\cmd.exe"= c:\\WINDOWS\\system32\\cmd.exe
"c:\\Archivos de programa\\Microsoft Application Virtualization Client\\sftlist.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Microsoft Shared\\Virtualization Handler\\CVHSVC.EXE"=
"c:\\Archivos de programa\\Archivos comunes\\Java\\Java Update\\jusched.exe"=
"c:\\Archivos de programa\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\Archivos de programa\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Documents and Settings\\Administrador\\Configuración local\\Datos de programa\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Documents and Settings\\Administrador\\Configuración local\\Datos de programa\\Google\\Update\\1.3.21.135\\GoogleCrashHandler.exe"=
"c:\\Archivos de programa\\Malwarebytes' Anti-Malware\\mbamservice.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3020:TCP"= 3020:TCP:cevoqtg
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [10/07/2011 21:14 23120]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/03/2012 0:31 717296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 2:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10/07/2011 21:14 295248]
R2 avgwd;WatchDog de AVG;c:\archivos de programa\AVG\AVG2012\avgwdsvc.exe [02/08/2011 2:09 192776]
R2 cvhsvc;Client Virtualization Handler;c:\archivos de programa\Archivos comunes\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [27/02/2010 21:33 899488]
R2 MBAMScheduler;MBAMScheduler;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe [22/02/2013 1:30 398184]
R2 sftlist;Application Virtualization Client;c:\archivos de programa\Microsoft Application Virtualization Client\sftlist.exe [02/12/2009 17:23 553320]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [22/06/2007 8:36 229592]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\ifskv.sys --> c:\windows\system32\drivers\ifskv.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/02/2013 1:30 21104]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 17:23 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 17:23 211304]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 17:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 17:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\archivos de programa\Microsoft Application Virtualization Client\sftvsa.exe [02/12/2009 17:23 209768]
S2 AVGIDSAgent;AVGIDSAgent;c:\archivos de programa\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 2:25 4502880]
S2 kkwebzkt;uwtnnozn;c:\windows\system32\svchost.exe -k netsvcs [14/04/2008 4:49 14336]
S2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [22/02/2013 1:30 756072]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [10/07/2011 21:14 134608]
S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/07/2011 21:14 24272]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 2:21 16720]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 2:30 32592]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ABP470N5
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kkwebzkt
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 200.75.0.4 200.75.25.224
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-25 02:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2504)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundat.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\windows\system32\safari.exe
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2013-02-25 02:01:30 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-25 05:01
ComboFix2.txt 2013-02-25 04:02
.
Pre-Run: 63.143.129.088 bytes libres
Post-Run: 63.103.176.704 bytes libres
.
- - End Of File - - 1DBA2B21353EC0875232F83F44799224
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
does it give you a file name?
  • 0

Advertisements


#11
DannieRay

DannieRay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Posted Image

That's the english equivalent of the error i'm getting.

No further details.
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
something we can try is to install sp3 over the existing sp3 and see if that fixes this error

http://www.microsoft...ails.aspx?id=24
  • 0

#13
DannieRay

DannieRay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
downloaded and trying to install, will update with results.
  • 0

#14
DannieRay

DannieRay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
The window popped up again after sp3 install and reboot,I instinctually ran CCleaner's registry fix tool (sorry 3am here) and after that it allowed me to say yes, that error seems to be gone but I'll have to reboot to double check.


The computer is running much faster now, but I still can't uninstall AVG antivirus 2012, it's uninstall utility says to reinstall and uninstall.


I still have a problem while downloading some files (case in point, the AVG installer), the download gets stuck very close to 100% and then gives out a network error.
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello DannieRay


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it or you can upload it here and send me the link - http://www.speedyshare.com/

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP