Jump to content

is this a virus? Internet not working.


Recommended Posts

I did a scan with malware bytes but it didn't find any infected files, I did a full scan with eset smart security and it found this C:\Users\Pía\AppData\Local\Temp\NeroInstallFiles\NERO20101008164809345\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe -a variant of Win32/Bundled.Toolbar.Ask.A deleted - quarantined

I deleted the file from the quarantine list and then did another scan, which came back clean. I don't even have the ask toolbar installed and I've never installed it.

I can't browse sites if I'm watching YouTube videos, the sites either won't open or they take forever to open, sometimes YouTube videos freeze up for no reason. I'm wondering if this is a virus or something else, thanks in advance.

here's the DDS log

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16476

Run by Pía at 18:14:50 on 2013-04-12

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.56.3082.18.3575.2589 [GMT -4:00]

.

AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Firewall personal de ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Nuance\dgnsvc.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Program Files\Nuance\NaturallySpeaking11\Program\dnsspserver.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k secsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = www.google.com

mStart Page = www.google.com

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [iSUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"

mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking11\Ereg.ini

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

StartupFolder: c:\users\paf76c~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dragon~1.lnk - c:\program files\nuance\naturallyspeaking11\program\NatSpeak.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

TCP: NameServer = 200.73.120.2 200.73.120.15

TCP: Interfaces\{18E8FED2-701C-448F-A6C6-EB99D912E695} : DHCPNameServer = 200.73.120.2 200.73.120.15

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2013-2-14 47568]

R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2013-2-14 171680]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2013-1-10 46056]

R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2013-3-21 1341664]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-4-20 462048]

R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]

R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2013-3-19 55104]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-11-18 62208]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-11-18 141568]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-3-19 490088]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

.

=============== Created Last 30 ================

.

2013-04-12 22:14:50 -------- d-----w- c:\users\pýa\appdata\local\Microsoft

2013-04-12 15:17:15 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a10f792d-ace8-49a7-bad5-9a68860243a5}\offreg.dll

2013-04-12 15:07:36 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a10f792d-ace8-49a7-bad5-9a68860243a5}\mpengine.dll

2013-04-11 14:14:51 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2013-04-11 14:14:44 237088 ------w- c:\windows\system32\MpSigStub.exe

2013-04-11 03:27:32 -------- d-----w- c:\programdata\Kaspersky Lab

2013-04-11 01:46:49 -------- d-----w- C:\_AT-Destroyer

2013-04-10 23:00:05 -------- d-----w- c:\users\pía\appdata\roaming\ESET

2013-04-10 16:26:05 2345984 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 16:26:04 195816 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-10 16:26:02 69632 ----a-w- c:\windows\system32\smss.exe

2013-04-10 16:26:02 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-04-10 16:26:02 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 16:26:02 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 16:25:56 2691072 ----a-w- c:\windows\system32\mstscax.dll

2013-04-10 16:25:56 131072 ----a-w- c:\windows\system32\aaclient.dll

2013-04-10 16:25:55 36864 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-10 16:25:51 1210712 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-01 19:55:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-01 19:55:02 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-29 00:44:13 -------- d-----w- c:\users\pía\appdata\roaming\Opera

2013-03-26 16:24:37 -------- d-----w- c:\users\pía\appdata\roaming\Malwarebytes

2013-03-26 16:24:06 -------- d-----w- c:\programdata\Malwarebytes

2013-03-26 16:23:08 -------- d-----w- c:\users\pía\appdata\roaming\WinRAR

2013-03-26 02:15:02 -------- d-----w- c:\program files\ESET

2013-03-23 22:00:22 -------- d-----w- c:\program files\MSXML 4.0

2013-03-21 23:26:51 -------- d-----w- c:\users\pía\appdata\roaming\Skype

2013-03-21 23:26:47 -------- d-----r- c:\program files\Skype

2013-03-21 20:36:11 -------- d-----w- c:\users\pía\appdata\roaming\Nuance

2013-03-21 20:36:11 -------- d-----w- c:\users\pía\appdata\roaming\FLEXnet

2013-03-21 20:33:29 -------- d-----w- c:\program files\common files\IVA

2013-03-21 20:33:21 -------- d-----w- c:\program files\common files\Nuance

2013-03-21 20:31:46 -------- d-----w- c:\programdata\Nuance

2013-03-21 20:31:46 -------- d-----w- c:\program files\Nuance

2013-03-21 00:16:13 -------- d-----w- c:\users\pía\appdata\roaming\uTorrent

2013-03-20 23:52:19 802304 ----a-w- c:\windows\system32\FntCache.dll

2013-03-20 23:52:16 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-20 12:56:28 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-03-20 12:56:28 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-03-20 12:56:28 284160 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-03-20 12:56:28 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-03-20 12:56:27 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-03-20 12:56:27 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-03-20 12:56:27 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-03-20 12:49:33 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2013-03-20 12:49:33 74240 ----a-w- c:\windows\system32\fsutil.exe

2013-03-20 12:49:33 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2013-03-20 12:49:33 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2013-03-20 12:49:33 1686016 ----a-w- c:\windows\system32\esent.dll

2013-03-20 12:49:33 146304 ----a-w- c:\windows\system32\drivers\storport.sys

2013-03-20 12:49:33 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2013-03-20 12:49:33 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2013-03-20 12:35:44 -------- d-----w- c:\program files\Renesas Electronics

2013-03-19 21:20:39 53248 ----a-w- c:\windows\system32\CSVer.dll

2013-03-19 20:57:06 -------- d-----w- c:\users\pía\appdata\roaming\Nero

2013-03-19 20:51:47 -------- d-----w- c:\program files\Nero

2013-03-19 20:51:39 -------- d-----w- c:\programdata\Nero

2013-03-19 18:54:06 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-03-19 18:44:18 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2013-03-19 18:43:52 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

2013-03-19 18:00:10 -------- d-----w- c:\users\pía\appdata\roaming\AVG2013

2013-03-19 17:59:42 -------- d-----w- c:\users\pía\appdata\roaming\TuneUp Software

2013-03-19 17:58:59 -------- d-----w- C:\Intel

2013-03-19 17:58:58 55104 ----a-w- c:\windows\system32\drivers\HECI.sys

2013-03-19 17:58:55 -------- d-----w- c:\users\pía\appdata\roaming\InstallShield

2013-03-19 17:58:29 -------- d--h--w- C:\$AVG

2013-03-19 17:58:28 -------- d-----w- c:\programdata\AVG2013

2013-03-19 17:57:18 -------- d--h--w- c:\programdata\Common Files

2013-03-19 17:57:18 -------- d-----w- c:\programdata\MFAData

2013-03-19 17:33:07 -------- d-----w- c:\windows\system32\wbem\en-US

2013-03-19 16:52:21 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-03-19 16:52:21 295424 ----a-w- c:\windows\system32\atmfd.dll

2013-03-19 16:51:40 639776 ----a-w- c:\windows\system32\nvvsvc.exe

2013-03-19 16:51:40 62752 ----a-w- c:\windows\system32\nvshext.dll

2013-03-19 16:51:40 4133664 ----a-w- c:\windows\system32\nvcpl.dll

2013-03-19 16:51:40 3005728 ----a-w- c:\windows\system32\nvsvc.dll

2013-03-19 16:51:40 2953448 ----a-w- c:\windows\system32\nvcoproc.bin

2013-03-19 16:51:40 2557728 ----a-w- c:\windows\system32\nvsvcr.dll

2013-03-19 16:51:40 108832 ----a-w- c:\windows\system32\nvmctray.dll

2013-03-19 16:51:32 53024 ----a-w- c:\windows\system32\OpenCL.dll

2013-03-19 16:51:23 -------- d-----w- c:\programdata\NVIDIA Corporation

2013-03-19 16:51:22 -------- d-----w- c:\program files\NVIDIA Corporation

2013-03-19 16:49:33 257024 ----a-w- c:\windows\system32\msv1_0.dll

2013-03-19 16:46:19 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2013-03-19 16:46:19 49472 ----a-w- c:\windows\system32\netfxperf.dll

2013-03-19 16:46:19 297808 ----a-w- c:\windows\system32\mscoree.dll

2013-03-19 16:46:19 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2013-03-19 16:46:19 1130824 ----a-w- c:\windows\system32\dfshim.dll

2013-03-19 16:33:55 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-03-19 16:33:55 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-03-19 16:33:55 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-03-19 16:33:29 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-03-19 16:33:29 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-03-19 16:33:29 613888 ----a-w- c:\windows\system32\WUDFx.dll

2013-03-19 16:33:29 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-03-19 16:33:29 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2013-03-19 16:33:29 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-03-19 16:33:29 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-03-19 16:23:39 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2013-03-19 16:22:46 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2013-03-19 15:07:13 80416 ----a-w- c:\windows\system32\RtNicProp32.dll

2013-03-19 15:07:13 490088 ----a-w- c:\windows\system32\drivers\Rt86win7.sys

2013-03-19 15:07:13 100896 ----a-w- c:\windows\system32\RTNUninst32.dll

2013-03-19 15:07:10 -------- d-----w- c:\program files\Realtek

2013-03-19 14:59:17 -------- d-----w- c:\program files\VideoLAN

2013-03-19 14:59:10 -------- d-----w- c:\windows\system32\Adobe

2013-03-19 14:58:56 411368 ----a-w- c:\windows\system32\deploytk.dll

2013-03-19 14:58:45 -------- d-sh--w- c:\windows\Installer

2013-03-19 14:58:17 -------- d-----w- c:\windows\system32\wbem\Performance

2013-03-19 14:57:20 8338432 ----a-w- c:\windows\system32\spwizimg.dll

2013-03-19 14:57:20 7168 ----a-w- c:\windows\system32\spwizres.dll

2013-03-19 14:57:20 351744 ----a-w- c:\windows\system32\spwizeng.dll

2013-03-19 14:57:20 2560 ----a-w- c:\windows\system32\uxlibres.dll

2013-03-19 14:57:20 118784 ----a-w- c:\windows\system32\uxlib.dll

2013-03-19 14:56:55 194632 ----a-w- c:\windows\system32\halmacpi.dll

2013-03-19 14:56:55 137288 ----a-w- c:\windows\system32\halacpi.dll

2013-03-19 14:56:28 805376 ----a-w- c:\windows\system32\cdosys.dll

2013-03-19 14:56:28 710728 ----a-w- c:\windows\system32\drivers\ndis.sys

2013-03-19 14:56:28 380416 ----a-w- c:\windows\system32\sxs.dll

2013-03-19 14:56:28 304640 ----a-w- c:\windows\system32\gdi32.dll

2013-03-19 14:56:28 27136 ----a-w- c:\windows\system32\sxstrace.exe

2013-03-19 14:56:27 811520 ----a-w- c:\windows\system32\user32.dll

2013-03-19 14:56:09 179712 ----a-w- c:\windows\system32\notepad.exe

2013-03-19 14:56:09 179712 ----a-w- c:\windows\notepad.exe

2013-03-19 14:54:27 -------- d-sh--we c:\programdata\Plantillas

2013-03-19 14:54:27 -------- d-sh--we c:\programdata\Menú Inicio

2013-03-19 14:54:27 -------- d-sh--we c:\programdata\Favoritos

2013-03-19 14:54:27 -------- d-sh--we c:\programdata\Escritorio

2013-03-19 14:54:27 -------- d-sh--we c:\programdata\Documentos

2013-03-19 14:54:27 -------- d-sh--we c:\programdata\Datos de programa

2013-03-19 14:54:27 -------- d-sh--we c:\program files\Archivos comunes

2013-03-19 14:54:27 -------- d-sh--we C:\Archivos de programa

2013-03-19 14:54:27 -------- d-sh--w- C:\Recovery

2013-03-19 14:48:58 417792 ----a-w- c:\windows\system32\msdri.dll

2013-03-19 14:47:57 164864 ----a-w- c:\program files\windows media player\wmplayer.exe

2013-03-19 14:46:55 541184 ----a-w- c:\windows\system32\kerberos.dll

2013-03-19 14:44:19 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2013-03-19 14:44:19 1137664 ----a-w- c:\windows\system32\mfc42.dll

2013-03-19 14:43:57 91648 ----a-w- c:\windows\system32\avifil32.dll

2013-03-19 14:43:57 84480 ----a-w- c:\windows\system32\mciavi32.dll

2013-03-19 14:43:57 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2013-03-19 14:43:57 31744 ----a-w- c:\windows\system32\msvidc32.dll

2013-03-19 14:43:57 22016 ----a-w- c:\windows\system32\msyuv.dll

2013-03-19 14:43:57 13312 ----a-w- c:\windows\system32\msrle32.dll

2013-03-19 14:43:57 12288 ----a-w- c:\windows\system32\tsbyuv.dll

2013-03-19 14:43:06 690688 ----a-w- c:\windows\system32\msvcrt.dll

2013-03-19 14:38:56 -------- d-----w- c:\users\pía\appdata\roaming\Macromedia

2013-03-19 14:38:51 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-03-19 14:38:51 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-03-19 14:38:51 107520 ----a-w- c:\windows\system32\cdd.dll

2013-03-19 14:38:28 826368 ----a-w- c:\windows\system32\rdpcore.dll

2013-03-19 14:38:28 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2013-03-19 14:30:20 2422272 ----a-w- c:\windows\system32\wucltux.dll

2013-03-19 14:30:16 88576 ----a-w- c:\windows\system32\wudriver.dll

2013-03-19 14:30:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2013-03-19 14:30:12 171904 ----a-w- c:\windows\system32\wuwebv.dll

2013-03-19 14:28:13 -------- d-----w- c:\program files\FinalWire

2013-03-19 14:26:02 -------- d-----w- c:\users\pía\appdata\roaming\Adobe

2013-03-19 09:34:17 -------- d-----w- c:\windows\Panther

2013-03-19 09:33:54 341 ----a-r- c:\windows\system32\limpiar.cmd

.

==================== Find3M ====================

.

2013-02-26 04:22:36 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-02-14 16:21:04 47568 ----a-w- c:\windows\system32\drivers\epfwwfp.sys

2013-02-14 16:21:04 171680 ----a-w- c:\windows\system32\drivers\eamonm.sys

2013-01-18 12:15:24 550176 ----a-w- c:\windows\system32\nvStreaming.exe

.

============= FINISH: 18:14:57,74 ===============

The attach.txt file

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 19-03-2013 10:37:51

System Uptime: 12-04-2013 11:04:48 (7 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | P67A-UD3-B3

Processor: Intel® Core i5-2500 CPU @ 3.30GHz | Socket 1155 | 3601/100mhz

.

==== Disk Partitions =========================

.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Controladora de sonido multimedia

Device ID: PCI\VEN_1412&DEV_1724&SUBSYS_36321412&REV_01\5&25DA5584&0&0000E3

Manufacturer:

Name: Controladora de sonido multimedia

PNP Device ID: PCI\VEN_1412&DEV_1724&SUBSYS_36321412&REV_01\5&25DA5584&0&0000E3

Service:

.

==== System Restore Points ===================

.

RP31: 21-03-2013 16:20:54 - Installed Visual C++ 9.0 Runtime for Dragon NaturallySpeaking.

RP32: 21-03-2013 16:31:31 - Installed Dragon NaturallySpeaking 11.

RP33: 21-03-2013 16:59:05 - Installed Dragon NaturallySpeaking 11.5 Upgrade.

RP34: 23-03-2013 18:00:11 - Windows Update

RP35: 24-03-2013 18:00:11 - Windows Update

RP36: 01-04-2013 17:22:38 - Punto de control programado

RP37: 10-04-2013 17:21:09 - Removed AVG 2013

RP38: 10-04-2013 17:22:14 - Removed AVG 2013

RP39: 10-04-2013 18:00:12 - Windows Update

RP40: 10-04-2013 18:56:16 - Instalado ESET Smart Security

.

==== Installed Programs ======================

.

Actualización de NVIDIA 1.11.3

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.0) - Español

Adobe Shockwave Player

AIDA64 Extreme Edition v1.85

Compresor WinRAR

Dragon NaturallySpeaking 11

ESET Smart Security

Google Chrome

Google Update Helper

Intel® Management Engine Components

Intel® Trusted Connect Service Client

Java 7 Update 17

Java 6 Update 16

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile ESN Language Pack

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero Burning ROM 10

Nero BurningROM 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

NVIDIA Controlador de 3D Vision 311.06

NVIDIA Controlador de gráficos 311.06

NVIDIA Install Application

NVIDIA Stereoscopic 3D Driver

NVIDIA Update Components

Opera 12.14

Panel de control de NVIDIA 311.06

Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN

Realtek Ethernet Controller Driver

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Skype™ 6.3

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking

VLC media player 1.0.2

.

==== Event Viewer Messages From Past Week ========

.

10-04-2013 21:47:10, Error: Service Control Manager [7034] - El servicio NVIDIA Update Service Daemon se terminó de manera inesperada. Esto ha sucedido 1 veces.

10-04-2013 21:47:10, Error: Service Control Manager [7034] - El servicio NVIDIA Stereoscopic 3D Driver Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

10-04-2013 21:47:10, Error: Service Control Manager [7034] - El servicio NVIDIA Display Driver Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

10-04-2013 21:47:10, Error: Service Control Manager [7034] - El servicio Nero Update se terminó de manera inesperada. Esto ha sucedido 1 veces.

10-04-2013 21:47:10, Error: Service Control Manager [7034] - El servicio Dragon Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

10-04-2013 21:47:10, Error: Service Control Manager [7034] - El servicio Adobe Acrobat Update Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

10-04-2013 21:47:10, Error: Service Control Manager [7031] - El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

10-04-2013 21:47:10, Error: Service Control Manager [7031] - El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

10-04-2013 21:47:10, Error: Service Control Manager [7031] - El servicio Intel® Capability Licensing Service Interface terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

10-04-2013 21:47:10, Error: Service Control Manager [7031] - El servicio Cola de impresión terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.

10-04-2013 18:58:29, Error: Service Control Manager [7030] - El servicio ESET Service ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.

10-04-2013 18:17:57, Error: Microsoft-Windows-WMPNSS-Service [14332] - El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80004005" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.

10-04-2013 12:19:18, Error: Microsoft-Windows-WMPNSS-Service [14332] - El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80004005" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.

10-04-2013 12:19:03, Error: Service Control Manager [7006] - Error en la llamada ScRegSetValueExW para FailureActions con el error siguiente: Acceso denegado.

.

==== End Of File ===========================</orphaned>

Link to post
Share on other sites

  • Staff

Hello Neptune00

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Security check log

Results of screen317's Security Check version 0.99.62

Windows 7 x86 (UAC is disabled!)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

ESET Smart Security 6.0

Antivirus out of date!

`````````Anti-malware/Other Utilities Check:`````````

Java 6 Update 16

Java 7 Update 17

Adobe Flash Player 11.7.700.169

Adobe Reader 10.1.0 Adobe Reader out of Date!

Google Chrome 26.0.1410.43

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

ESET NOD32 Antivirus egui.exe

ESET NOD32 Antivirus ekrn.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

adwcleaner log (I was going to translate this but apparently it didn't find anything)

# AdwCleaner v2.200 - Fichero creado el 15/04/2013 a 14:03:14

# Actualizado el 02/04/2013 por Xplode

# Sistema operativo : Windows 7 Ultimate (32 bits)

# Usuario : Pía - PERSONAL

# Modo de inicio : Normal

# Ejecutado desde : C:\Users\Pía\Downloads\adwcleaner.exe

# Opción [supresión]

***** [servicios] *****

***** [Ficheros / Carpetas] *****

***** [Registro] *****

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] El registro no contiene ninguna entrada ilegítima.

-\\ Google Chrome v26.0.1410.64

Fichero : C:\Users\Pía\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] El fichero no contiene ninguna entrada ilegítima.

-\\ Opera v12.14.1738.0

Fichero : C:\Users\Pía\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] El fichero no contiene ninguna entrada ilegítima.

*************************

AdwCleaner[s1].txt - [881 octets] - [15/04/2013 14:03:14]

########## EOF - C:\AdwCleaner[s1].txt - [940 octets] ##########

rogue killer log

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User : Pía [Admin rights]

Mode : Scan -- Date : 04/15/2013 14:08:05

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500413AS ATA Device +++++

--- User ---

[MBR] 5a871d64554fc65c3dd2e001b23a7332

[bSP] 330e7b290c8823040cd2d032b5b5fc00 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 249900 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 512002048 | Size: 226937 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_04152013_02d1408.txt >>

RKreport[1]_S_04152013_02d1408.txt

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User : Pía [Admin rights]

Mode : Remove -- Date : 04/15/2013 14:09:58

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500413AS ATA Device +++++

--- User ---

[MBR] 5a871d64554fc65c3dd2e001b23a7332

[bSP] 330e7b290c8823040cd2d032b5b5fc00 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 249900 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 512002048 | Size: 226937 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_04152013_02d1409.txt >>

RKreport[1]_S_04152013_02d1408.txt ; RKreport[2]_D_04152013_02d1409.txt

Link to post
Share on other sites

  • Staff

Hello Neptune00

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

hi, the roguekiller created a quarantine file on my desktop that contains a few files, should I delete them? Combofix did the same thing. I'm going to need a couple of days to see how the computer is doing I'll try to reply in the next four days. I really need to know if I was/am infected or not, thanks for your help.

Here's the combofix log

ComboFix 13-04-15.01 - Pía 15-04-2013 18:33:31.1.4 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.56.3082.18.3575.2799 [GMT -4:00]

Running from: c:\users\PÝa\Desktop\ComboFix.exe

AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: Firewall personal de ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2013-03-15 to 2013-04-15 )))))))))))))))))))))))))))))))

.

.

2013-04-15 22:35 . 2013-04-15 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-12 22:14 . 2013-04-12 22:14 -------- d-----w- c:\users\PÝa

2013-04-12 15:07 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A10F792D-ACE8-49A7-BAD5-9A68860243A5}\mpengine.dll

2013-04-11 14:14 . 2013-03-12 05:10 237088 ------w- c:\windows\system32\MpSigStub.exe

2013-04-11 03:27 . 2013-04-11 03:27 -------- d-----w- c:\programdata\Kaspersky Lab

2013-04-11 01:46 . 2013-04-11 01:47 -------- d-----w- C:\_AT-Destroyer

2013-04-10 16:26 . 2013-03-01 03:11 2345984 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 16:26 . 2013-01-24 04:51 195816 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-10 16:26 . 2013-03-19 05:06 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-04-10 16:26 . 2013-03-19 05:06 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 16:26 . 2013-03-19 04:54 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 16:26 . 2013-03-19 02:50 69632 ----a-w- c:\windows\system32\smss.exe

2013-04-10 16:25 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\system32\mstscax.dll

2013-04-10 16:25 . 2013-02-12 15:07 131072 ----a-w- c:\windows\system32\aaclient.dll

2013-04-10 16:25 . 2013-02-12 13:59 36864 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-10 16:25 . 2013-03-02 05:09 1210712 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-01 19:55 . 2013-04-12 15:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-01 19:55 . 2013-04-12 15:10 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-29 00:44 . 2013-03-29 00:44 -------- d-----w- c:\program files\Opera

2013-03-26 16:24 . 2013-03-26 16:24 -------- d-----w- c:\programdata\Malwarebytes

2013-03-26 02:15 . 2013-04-10 22:57 -------- d-----w- c:\program files\ESET

2013-03-23 22:00 . 2013-03-23 22:00 -------- d-----w- c:\program files\MSXML 4.0

2013-03-21 23:26 . 2013-03-21 23:26 -------- d-----w- c:\program files\Common Files\Skype

2013-03-21 23:26 . 2013-03-21 23:26 -------- d-----r- c:\program files\Skype

2013-03-21 23:26 . 2013-03-21 23:26 -------- d-----w- c:\programdata\Skype

2013-03-21 20:33 . 2013-03-21 20:33 -------- d-----w- c:\program files\Common Files\IVA

2013-03-21 20:33 . 2013-03-21 21:00 -------- d-----w- c:\program files\Common Files\Nuance

2013-03-21 20:31 . 2013-03-21 20:31 -------- d-----w- c:\programdata\Nuance

2013-03-21 20:31 . 2013-03-21 20:31 -------- d-----w- c:\programdata\FLEXnet

2013-03-21 20:31 . 2013-03-21 20:31 -------- d-----w- c:\program files\Nuance

2013-03-20 23:52 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll

2013-03-20 23:52 . 2013-02-12 13:51 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-20 12:56 . 2011-03-25 03:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-03-20 12:56 . 2011-03-25 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-03-20 12:56 . 2011-03-25 03:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-03-20 12:56 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-03-20 12:56 . 2011-03-25 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-03-20 12:56 . 2011-03-25 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-03-20 12:56 . 2011-03-25 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-03-20 12:49 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys

2013-03-20 12:49 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2013-03-20 12:49 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2013-03-20 12:49 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2013-03-20 12:49 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2013-03-20 12:49 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2013-03-20 12:49 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll

2013-03-20 12:49 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe

2013-03-20 12:35 . 2013-03-20 12:35 -------- d-----w- c:\program files\Renesas Electronics

2013-03-19 21:20 . 2012-07-04 02:55 53248 ----a-w- c:\windows\system32\CSVer.dll

2013-03-19 20:58 . 2013-03-19 20:58 -------- d-----w- c:\program files\Microsoft.NET

2013-03-19 20:51 . 2013-03-19 20:52 -------- d-----w- c:\programdata\Nero

2013-03-19 18:54 . 2013-03-19 18:54 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-03-19 18:44 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2013-03-19 18:43 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

2013-03-19 18:34 . 2013-03-19 18:34 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2013-03-19 18:00 . 2013-03-19 18:00 -------- d-----w- c:\programdata\Intel

2013-03-19 17:58 . 2013-03-19 17:58 -------- d-----w- C:\Intel

2013-03-19 17:58 . 2012-07-02 19:16 55104 ----a-w- c:\windows\system32\drivers\HECI.sys

2013-03-19 17:58 . 2013-03-20 12:34 -------- d-----w- c:\program files\Intel

2013-03-19 17:58 . 2013-04-10 21:22 -------- d-----w- C:\$AVG

2013-03-19 17:58 . 2013-04-10 21:22 -------- d-----w- c:\programdata\AVG2013

2013-03-19 17:57 . 2013-04-10 21:22 -------- d-----w- c:\programdata\MFAData

2013-03-19 17:57 . 2013-03-19 17:57 -------- d--h--w- c:\programdata\Common Files

2013-03-19 17:33 . 2013-03-19 17:33 -------- d-----w- c:\windows\system32\wbem\en-US

2013-03-19 16:52 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll

2013-03-19 16:49 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

2013-03-19 16:46 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2013-03-19 16:46 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2013-03-19 16:46 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2013-03-19 16:46 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2013-03-19 16:46 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2013-03-19 16:33 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-03-19 16:33 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-03-19 16:33 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-03-19 16:33 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2013-03-19 16:33 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-03-19 16:33 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll

2013-03-19 16:33 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-03-19 16:33 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-03-19 16:33 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-03-19 16:33 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-03-19 16:23 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2013-03-19 16:22 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2013-03-19 15:07 . 2011-09-29 09:30 80416 ----a-w- c:\windows\system32\RtNicProp32.dll

2013-03-19 15:07 . 2011-09-29 09:30 490088 ----a-w- c:\windows\system32\drivers\Rt86win7.sys

2013-03-19 15:07 . 2011-09-29 09:30 100896 ----a-w- c:\windows\system32\RTNUninst32.dll

2013-03-19 15:07 . 2013-03-20 12:35 -------- d--h--w- c:\program files\InstallShield Installation Information

2013-03-19 15:07 . 2013-03-19 15:07 -------- d-----w- c:\program files\Realtek

2013-03-19 15:00 . 2013-03-19 15:00 -------- d-----w- c:\users\Pía

2013-03-19 14:59 . 2013-03-19 14:59 -------- d-----w- c:\program files\VideoLAN

2013-03-19 14:59 . 2013-03-19 14:59 -------- d-----w- c:\windows\system32\Adobe

2013-03-19 14:58 . 2013-03-19 14:59 -------- d-----w- c:\windows\system32\Macromed

2013-03-19 14:58 . 2013-03-19 14:58 411368 ----a-w- c:\windows\system32\deploytk.dll

2013-03-19 14:58 . 2013-03-19 18:54 -------- d-----w- c:\program files\Java

2013-03-19 14:58 . 2013-04-13 15:14 -------- d-sh--w- c:\windows\Installer

2013-03-19 14:58 . 2013-04-15 18:20 -------- d-----w- c:\windows\system32\wbem\Performance

2013-03-19 14:57 . 2009-07-25 18:11 118784 ----a-w- c:\windows\system32\uxlib.dll

2013-03-19 14:57 . 2009-07-25 18:11 351744 ----a-w- c:\windows\system32\spwizeng.dll

2013-03-19 14:57 . 2009-07-25 18:08 2560 ----a-w- c:\windows\system32\uxlibres.dll

2013-03-19 14:57 . 2009-07-25 18:08 7168 ----a-w- c:\windows\system32\spwizres.dll

2013-03-19 14:57 . 2009-07-25 18:08 8338432 ----a-w- c:\windows\system32\spwizimg.dll

2013-03-19 14:56 . 2009-07-23 09:28 194632 ----a-w- c:\windows\system32\halmacpi.dll

2013-03-19 14:56 . 2009-07-23 09:28 137288 ----a-w- c:\windows\system32\halacpi.dll

2013-03-19 14:56 . 2009-07-24 09:18 710728 ----a-w- c:\windows\system32\drivers\ndis.sys

2013-03-19 14:56 . 2009-07-24 09:12 380416 ----a-w- c:\windows\system32\sxs.dll

2013-03-19 14:56 . 2009-07-24 09:11 304640 ----a-w- c:\windows\system32\gdi32.dll

2013-03-19 14:56 . 2009-07-24 09:10 805376 ----a-w- c:\windows\system32\cdosys.dll

2013-03-19 14:56 . 2009-07-24 09:10 27136 ----a-w- c:\windows\system32\sxstrace.exe

2013-03-19 14:56 . 2009-07-24 09:13 811520 ----a-w- c:\windows\system32\user32.dll

2013-03-19 14:56 . 2009-07-23 09:21 179712 ----a-w- c:\windows\system32\notepad.exe

2013-03-19 14:56 . 2009-07-23 09:21 179712 ----a-w- c:\windows\notepad.exe

2013-03-19 14:49 . 2012-12-07 05:04 308736 ----a-w- c:\windows\system32\Wpc.dll

2013-03-19 14:48 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll

2013-03-19 14:46 . 2012-08-10 23:54 541184 ----a-w- c:\windows\system32\kerberos.dll

2013-03-19 14:44 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2013-03-19 14:44 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll

2013-03-19 14:43 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll

2013-03-19 14:43 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll

2013-03-19 14:43 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll

2013-03-19 14:43 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll

2013-03-19 14:43 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll

2013-03-19 14:43 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2013-03-19 14:43 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll

2013-03-19 14:43 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll

2013-03-19 14:38 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-26 04:22 . 2013-02-26 04:22 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-02-26 04:22 . 2013-02-26 04:22 1017120 ----a-w- c:\windows\system32\nvdispco32.dll

2013-02-26 04:22 . 2013-02-26 04:22 958120 ----a-w- c:\windows\system32\nvumdshim.dll

2013-02-26 04:22 . 2013-02-26 04:22 6262608 ----a-w- c:\windows\system32\nvopencl.dll

2013-02-26 04:22 . 2013-02-26 04:22 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll

2013-02-26 04:22 . 2013-02-26 04:22 2505144 ----a-w- c:\windows\system32\nvapi.dll

2013-02-26 04:22 . 2013-02-26 04:22 12641992 ----a-w- c:\windows\system32\nvwgf2um.dll

2013-02-26 04:22 . 2013-02-26 04:22 15129960 ----a-w- c:\windows\system32\nvd3dum.dll

2013-02-26 04:22 . 2013-02-26 04:22 7932256 ----a-w- c:\windows\system32\nvcuda.dll

2013-02-26 04:22 . 2013-02-26 04:22 201576 ----a-w- c:\windows\system32\nvinit.dll

2013-02-26 04:22 . 2013-02-26 04:22 17560352 ----a-w- c:\windows\system32\nvcompiler.dll

2013-02-26 04:22 . 2013-02-26 04:22 20449056 ----a-w- c:\windows\system32\nvoglv32.dll

2013-02-26 04:22 . 2013-02-26 04:22 8939296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-02-26 04:22 . 2013-02-26 04:22 2720544 ----a-w- c:\windows\system32\nvcuvid.dll

2013-02-14 16:21 . 2013-02-14 16:21 47568 ----a-w- c:\windows\system32\drivers\epfwwfp.sys

2013-02-14 16:21 . 2013-02-14 16:21 171680 ----a-w- c:\windows\system32\drivers\eamonm.sys

2013-01-18 12:15 . 2013-01-18 12:15 550176 ----a-w- c:\windows\system32\nvStreaming.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2013-03-21 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2013-03-19 149280]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 5078504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]

S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-11 14:41 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-01 15:10]

.

2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-01 20:36]

.

2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-01 20:36]

.

.

------- Supplementary Scan -------

.

uStart Page = www.google.com

mStart Page = www.google.com

TCP: DhcpNameServer = 200.73.120.2 200.73.120.15

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-15 18:37:20

ComboFix-quarantined-files.txt 2013-04-15 22:37

.

Pre-Run: 226.240.339.968 bytes libres

Post-Run: 226.747.523.072 bytes libres

.

- - End Of File - - 5CAE673736CA58203C4254DD4595A7BC

Link to post
Share on other sites

  • Staff

Hello Neptune00

So far things have looked very good how are things working with the computer

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

I'm still having the same problems, YouTube videos still freeze up, I can't open websites if I'm downloading something or if I'm watching YouTube videos.

Sometimes I get this message:

"This webpage is not available

The server at forums.geforce.com can't be found, because the DNS lookup failed. DNS is the network service that translates a website's name to its Internet address. This error is most often caused by having no connection to the Internet or a misconfigured network. It can also be caused by an unresponsive DNS server or a firewall preventing Google Chrome from accessing the network.

Error 105 (net::ERR_NAME_NOT_RESOLVED): Unable to resolve the server's DNS address."

Here's the log:

ComboFix 13-04-15.01 - Pía 16-04-2013 13:51:15.2.4 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.56.3082.18.3575.2761 [GMT -4:00]

Running from: c:\users\PÝa\Desktop\ComboFix.exe

Command switches used :: c:\users\PÝa\Desktop\CFScript.txt

AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: Firewall personal de ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2013-03-16 to 2013-04-16 )))))))))))))))))))))))))))))))

.

.

2013-04-16 17:53 . 2013-04-16 17:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-12 22:14 . 2013-04-12 22:14 -------- d-----w- c:\users\PÝa

2013-04-12 15:07 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A10F792D-ACE8-49A7-BAD5-9A68860243A5}\mpengine.dll

2013-04-11 14:14 . 2013-03-12 05:10 237088 ------w- c:\windows\system32\MpSigStub.exe

2013-04-11 03:27 . 2013-04-11 03:27 -------- d-----w- c:\programdata\Kaspersky Lab

2013-04-11 01:46 . 2013-04-11 01:47 -------- d-----w- C:\_AT-Destroyer

2013-04-10 16:26 . 2013-03-01 03:11 2345984 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 16:26 . 2013-01-24 04:51 195816 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-10 16:26 . 2013-03-19 05:06 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-04-10 16:26 . 2013-03-19 05:06 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 16:26 . 2013-03-19 04:54 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 16:26 . 2013-03-19 02:50 69632 ----a-w- c:\windows\system32\smss.exe

2013-04-10 16:25 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\system32\mstscax.dll

2013-04-10 16:25 . 2013-02-12 15:07 131072 ----a-w- c:\windows\system32\aaclient.dll

2013-04-10 16:25 . 2013-02-12 13:59 36864 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-10 16:25 . 2013-03-02 05:09 1210712 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-01 19:55 . 2013-04-12 15:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-01 19:55 . 2013-04-12 15:10 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-29 00:44 . 2013-03-29 00:44 -------- d-----w- c:\program files\Opera

2013-03-26 16:24 . 2013-03-26 16:24 -------- d-----w- c:\programdata\Malwarebytes

2013-03-26 02:15 . 2013-04-10 22:57 -------- d-----w- c:\program files\ESET

2013-03-23 22:00 . 2013-03-23 22:00 -------- d-----w- c:\program files\MSXML 4.0

2013-03-21 23:26 . 2013-03-21 23:26 -------- d-----w- c:\program files\Common Files\Skype

2013-03-21 23:26 . 2013-03-21 23:26 -------- d-----r- c:\program files\Skype

2013-03-21 23:26 . 2013-03-21 23:26 -------- d-----w- c:\programdata\Skype

2013-03-21 20:33 . 2013-03-21 20:33 -------- d-----w- c:\program files\Common Files\IVA

2013-03-21 20:33 . 2013-03-21 21:00 -------- d-----w- c:\program files\Common Files\Nuance

2013-03-21 20:31 . 2013-03-21 20:31 -------- d-----w- c:\programdata\Nuance

2013-03-21 20:31 . 2013-03-21 20:31 -------- d-----w- c:\programdata\FLEXnet

2013-03-21 20:31 . 2013-03-21 20:31 -------- d-----w- c:\program files\Nuance

2013-03-20 23:52 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll

2013-03-20 23:52 . 2013-02-12 13:51 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-20 12:56 . 2011-03-25 03:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-03-20 12:56 . 2011-03-25 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-03-20 12:56 . 2011-03-25 03:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-03-20 12:56 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-03-20 12:56 . 2011-03-25 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-03-20 12:56 . 2011-03-25 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-03-20 12:56 . 2011-03-25 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-03-20 12:49 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys

2013-03-20 12:49 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2013-03-20 12:49 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2013-03-20 12:49 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2013-03-20 12:49 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2013-03-20 12:49 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2013-03-20 12:49 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll

2013-03-20 12:49 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe

2013-03-20 12:35 . 2013-03-20 12:35 -------- d-----w- c:\program files\Renesas Electronics

2013-03-19 21:20 . 2012-07-04 02:55 53248 ----a-w- c:\windows\system32\CSVer.dll

2013-03-19 20:58 . 2013-03-19 20:58 -------- d-----w- c:\program files\Microsoft.NET

2013-03-19 20:51 . 2013-03-19 20:52 -------- d-----w- c:\programdata\Nero

2013-03-19 18:54 . 2013-03-19 18:54 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-03-19 18:44 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2013-03-19 18:43 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

2013-03-19 18:34 . 2013-03-19 18:34 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2013-03-19 18:00 . 2013-03-19 18:00 -------- d-----w- c:\programdata\Intel

2013-03-19 17:58 . 2013-03-19 17:58 -------- d-----w- C:\Intel

2013-03-19 17:58 . 2012-07-02 19:16 55104 ----a-w- c:\windows\system32\drivers\HECI.sys

2013-03-19 17:58 . 2013-03-20 12:34 -------- d-----w- c:\program files\Intel

2013-03-19 17:58 . 2013-04-10 21:22 -------- d-----w- C:\$AVG

2013-03-19 17:58 . 2013-04-10 21:22 -------- d-----w- c:\programdata\AVG2013

2013-03-19 17:57 . 2013-04-10 21:22 -------- d-----w- c:\programdata\MFAData

2013-03-19 17:57 . 2013-03-19 17:57 -------- d--h--w- c:\programdata\Common Files

2013-03-19 17:33 . 2013-03-19 17:33 -------- d-----w- c:\windows\system32\wbem\en-US

2013-03-19 16:52 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll

2013-03-19 16:49 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

2013-03-19 16:46 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2013-03-19 16:46 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2013-03-19 16:46 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2013-03-19 16:46 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2013-03-19 16:46 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2013-03-19 16:33 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-03-19 16:33 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-03-19 16:33 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-03-19 16:33 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2013-03-19 16:33 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-03-19 16:33 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll

2013-03-19 16:33 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-03-19 16:33 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-03-19 16:33 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-03-19 16:33 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-03-19 16:23 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2013-03-19 16:22 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2013-03-19 15:07 . 2011-09-29 09:30 80416 ----a-w- c:\windows\system32\RtNicProp32.dll

2013-03-19 15:07 . 2011-09-29 09:30 490088 ----a-w- c:\windows\system32\drivers\Rt86win7.sys

2013-03-19 15:07 . 2011-09-29 09:30 100896 ----a-w- c:\windows\system32\RTNUninst32.dll

2013-03-19 15:07 . 2013-03-20 12:35 -------- d--h--w- c:\program files\InstallShield Installation Information

2013-03-19 15:07 . 2013-03-19 15:07 -------- d-----w- c:\program files\Realtek

2013-03-19 15:00 . 2013-03-19 15:00 -------- d-----w- c:\users\Pía

2013-03-19 14:59 . 2013-03-19 14:59 -------- d-----w- c:\program files\VideoLAN

2013-03-19 14:59 . 2013-03-19 14:59 -------- d-----w- c:\windows\system32\Adobe

2013-03-19 14:58 . 2013-03-19 14:59 -------- d-----w- c:\windows\system32\Macromed

2013-03-19 14:58 . 2013-03-19 14:58 411368 ----a-w- c:\windows\system32\deploytk.dll

2013-03-19 14:58 . 2013-03-19 18:54 -------- d-----w- c:\program files\Java

2013-03-19 14:58 . 2013-04-13 15:14 -------- d-sh--w- c:\windows\Installer

2013-03-19 14:58 . 2013-04-16 14:46 -------- d-----w- c:\windows\system32\wbem\Performance

2013-03-19 14:57 . 2009-07-25 18:11 118784 ----a-w- c:\windows\system32\uxlib.dll

2013-03-19 14:57 . 2009-07-25 18:11 351744 ----a-w- c:\windows\system32\spwizeng.dll

2013-03-19 14:57 . 2009-07-25 18:08 2560 ----a-w- c:\windows\system32\uxlibres.dll

2013-03-19 14:57 . 2009-07-25 18:08 7168 ----a-w- c:\windows\system32\spwizres.dll

2013-03-19 14:57 . 2009-07-25 18:08 8338432 ----a-w- c:\windows\system32\spwizimg.dll

2013-03-19 14:56 . 2009-07-23 09:28 194632 ----a-w- c:\windows\system32\halmacpi.dll

2013-03-19 14:56 . 2009-07-23 09:28 137288 ----a-w- c:\windows\system32\halacpi.dll

2013-03-19 14:56 . 2009-07-24 09:18 710728 ----a-w- c:\windows\system32\drivers\ndis.sys

2013-03-19 14:56 . 2009-07-24 09:12 380416 ----a-w- c:\windows\system32\sxs.dll

2013-03-19 14:56 . 2009-07-24 09:11 304640 ----a-w- c:\windows\system32\gdi32.dll

2013-03-19 14:56 . 2009-07-24 09:10 805376 ----a-w- c:\windows\system32\cdosys.dll

2013-03-19 14:56 . 2009-07-24 09:10 27136 ----a-w- c:\windows\system32\sxstrace.exe

2013-03-19 14:56 . 2009-07-24 09:13 811520 ----a-w- c:\windows\system32\user32.dll

2013-03-19 14:56 . 2009-07-23 09:21 179712 ----a-w- c:\windows\system32\notepad.exe

2013-03-19 14:56 . 2009-07-23 09:21 179712 ----a-w- c:\windows\notepad.exe

2013-03-19 14:49 . 2012-12-07 05:04 308736 ----a-w- c:\windows\system32\Wpc.dll

2013-03-19 14:48 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll

2013-03-19 14:46 . 2012-08-10 23:54 541184 ----a-w- c:\windows\system32\kerberos.dll

2013-03-19 14:44 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2013-03-19 14:44 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll

2013-03-19 14:43 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll

2013-03-19 14:43 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll

2013-03-19 14:43 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll

2013-03-19 14:43 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll

2013-03-19 14:43 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll

2013-03-19 14:43 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2013-03-19 14:43 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll

2013-03-19 14:43 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll

2013-03-19 14:38 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-26 04:22 . 2013-02-26 04:22 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-02-26 04:22 . 2013-02-26 04:22 1017120 ----a-w- c:\windows\system32\nvdispco32.dll

2013-02-26 04:22 . 2013-02-26 04:22 958120 ----a-w- c:\windows\system32\nvumdshim.dll

2013-02-26 04:22 . 2013-02-26 04:22 6262608 ----a-w- c:\windows\system32\nvopencl.dll

2013-02-26 04:22 . 2013-02-26 04:22 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll

2013-02-26 04:22 . 2013-02-26 04:22 2505144 ----a-w- c:\windows\system32\nvapi.dll

2013-02-26 04:22 . 2013-02-26 04:22 12641992 ----a-w- c:\windows\system32\nvwgf2um.dll

2013-02-26 04:22 . 2013-02-26 04:22 15129960 ----a-w- c:\windows\system32\nvd3dum.dll

2013-02-26 04:22 . 2013-02-26 04:22 7932256 ----a-w- c:\windows\system32\nvcuda.dll

2013-02-26 04:22 . 2013-02-26 04:22 201576 ----a-w- c:\windows\system32\nvinit.dll

2013-02-26 04:22 . 2013-02-26 04:22 17560352 ----a-w- c:\windows\system32\nvcompiler.dll

2013-02-26 04:22 . 2013-02-26 04:22 20449056 ----a-w- c:\windows\system32\nvoglv32.dll

2013-02-26 04:22 . 2013-02-26 04:22 8939296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-02-26 04:22 . 2013-02-26 04:22 2720544 ----a-w- c:\windows\system32\nvcuvid.dll

2013-02-14 16:21 . 2013-02-14 16:21 47568 ----a-w- c:\windows\system32\drivers\epfwwfp.sys

2013-02-14 16:21 . 2013-02-14 16:21 171680 ----a-w- c:\windows\system32\drivers\eamonm.sys

2013-01-18 12:15 . 2013-01-18 12:15 550176 ----a-w- c:\windows\system32\nvStreaming.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2013-03-21 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2013-03-19 149280]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 5078504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]

S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-11 14:41 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-01 15:10]

.

2013-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-01 20:36]

.

2013-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-01 20:36]

.

.

------- Supplementary Scan -------

.

uStart Page = www.google.com

mStart Page = www.google.com

TCP: DhcpNameServer = 200.73.120.2 200.73.120.15

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-16 13:54:17

ComboFix-quarantined-files.txt 2013-04-16 17:54

ComboFix2.txt 2013-04-15 22:37

.

Pre-Run: 227.797.561.344 bytes libres

Post-Run: 227.754.262.528 bytes libres

.

- - End Of File - - 0F091162BCA82B12C0E29AD00FAD3E56

Link to post
Share on other sites

  • Staff

Hello Neptune00

We need to reset Chrome back to defaults to completely clear out what is going on.

We can keep the bookmarks by exporting them - Export Bookmarks

Then I need you to go Google Sync and sign into your account

scroll down untill you see the "Stop and Clear" button and click on button

At the prompt click on "Ok"

Now we need to uninstall chrome

I want you to uninstall Chrome and if asked about user data or settings then remove this also

restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome

After you have Chrome reinstalled please check things out and let me know how it is doing.

Gringo

Link to post
Share on other sites

  • Staff

Hello Neptune00

You only told me about chrome before - Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

    [*]Please post the contents of OTL.txt in your next reply.

Gringo

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

OTL logfile created on: 19-04-2013 14:07:37 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pía\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000340a | Country: Chile | Language: ESL | Date Format: dd-MM-yyyy

3,49 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 76,40% Memory free

6,98 Gb Paging File | 6,12 Gb Available in Paging File | 87,60% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 244,04 Gb Total Space | 210,25 Gb Free Space | 86,15% Space Free | Partition Type: NTFS

Drive D: | 221,62 Gb Total Space | 221,51 Gb Free Space | 99,95% Space Free | Partition Type: NTFS

Computer Name: PERSONAL | User Name: Pía | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Pía\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe (ESET)

PRC - C:\Archivos de programa\ESET\ESET Smart Security\egui.exe (ESET)

PRC - C:\Archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Archivos de programa\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)

PRC - C:\Archivos de programa\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Archivos de programa\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)

PRC - C:\Archivos de programa\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Archivos de programa\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

PRC - C:\Archivos de programa\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)

PRC - C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (ekrn) -- C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe (ESET)

SRV - (nvUpdatusService) -- C:\Archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Archivos de programa\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (SkypeUpdate) -- C:\Archivos de programa\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (Intel® -- C:\Archivos de programa\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)

SRV - (AdobeARMservice) -- C:\Archivos de programa\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (DragonSvc) -- C:\Archivos de programa\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\PAF76C~1\AppData\Local\Temp\catchme.sys File not found

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)

DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET)

DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET)

DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)

DRV - (EpfwLWF) -- C:\Windows\System32\drivers\EpfwLWF.sys (ESET)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)

DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2479397750-2057397033-19617937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com

IE - HKU\S-1-5-21-2479397750-2057397033-19617937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-CL

IE - HKU\S-1-5-21-2479397750-2057397033-19617937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 B7 54 24 CB 24 CE 01 [binary data]

IE - HKU\S-1-5-21-2479397750-2057397033-19617937-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2479397750-2057397033-19617937-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2479397750-2057397033-19617937-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2479397750-2057397033-19617937-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2479397750-2057397033-19617937-1001\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-04-10 18:57:55 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

O1 HOSTS File: ([2009-06-10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKU\S-1-5-21-2479397750-2057397033-19617937-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2479397750-2057397033-19617937-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2479397750-2057397033-19617937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2479397750-2057397033-19617937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-2479397750-2057397033-19617937-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.73.120.2 200.73.120.15

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18E8FED2-701C-448F-A6C6-EB99D912E695}: DhcpNameServer = 200.73.120.2 200.73.120.15

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-06-10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-04-19 13:59:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pía\Desktop\OTL.exe

[2013-04-16 15:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies

[2013-04-16 15:28:11 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll

[2013-04-16 15:28:11 | 008,952,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys

[2013-04-16 15:28:11 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll

[2013-04-16 15:28:11 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll

[2013-04-16 15:28:11 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll

[2013-04-16 15:28:11 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll

[2013-04-16 15:28:11 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3231422.dll

[2013-04-16 15:28:11 | 000,892,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll

[2013-04-16 15:28:11 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3231422.dll

[2013-04-16 15:28:11 | 000,205,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll

[2013-04-16 15:28:11 | 000,154,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys

[2013-04-16 15:28:11 | 000,028,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll

[2013-04-16 15:28:10 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll

[2013-04-16 15:27:30 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2013-04-16 14:40:54 | 171,934,904 | ---- | C] (NVIDIA Corporation) -- C:\Users\Pía\Desktop\314.22-desktop-win8-win7-winvista-32bit-international-whql.exe

[2013-04-16 13:54:18 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013-04-16 13:53:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013-04-15 18:32:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013-04-15 18:32:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013-04-15 18:32:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013-04-15 18:32:35 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013-04-15 18:32:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013-04-15 18:24:39 | 005,054,270 | R--- | C] (Swearware) -- C:\Users\Pía\Desktop\ComboFix.exe

[2013-04-15 14:16:19 | 000,000,000 | ---D | C] -- C:\Users\Pía\AppData\Local\VirtualStore

[2013-04-15 14:07:07 | 000,000,000 | ---D | C] -- C:\Users\Pía\Desktop\RK_Quarantine

[2013-04-13 11:14:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2013-04-11 10:14:44 | 000,237,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2013-04-10 23:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2013-04-10 21:46:49 | 000,000,000 | ---D | C] -- C:\_AT-Destroyer

[2013-04-10 19:00:05 | 000,000,000 | ---D | C] -- C:\Users\Pía\AppData\Roaming\ESET

[2013-04-10 19:00:05 | 000,000,000 | ---D | C] -- C:\Users\Pía\AppData\Local\ESET

[2013-04-10 18:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET

[2013-04-10 18:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET

[2013-04-10 18:01:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013-04-10 18:01:01 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013-04-10 18:01:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013-04-10 18:01:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013-04-10 18:01:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013-04-10 18:01:00 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013-04-10 18:01:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013-04-10 18:01:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013-04-10 12:26:05 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2013-04-10 12:26:02 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2013-04-10 12:26:02 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2013-04-10 12:26:02 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2013-04-10 12:25:56 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll

[2013-04-10 12:25:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll

[2013-04-01 16:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2013-04-01 16:35:57 | 000,774,632 | ---- | C] (Google Inc.) -- C:\Users\Pía\Desktop\ChromeSetup.exe

[2013-04-01 15:55:02 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013-04-01 15:55:02 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013-03-28 20:44:13 | 000,000,000 | ---D | C] -- C:\Users\Pía\AppData\Roaming\Opera

[2013-03-28 20:44:13 | 000,000,000 | ---D | C] -- C:\Users\Pía\AppData\Local\Opera

[2013-03-28 20:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

[2013-03-28 19:57:46 | 000,000,000 | ---D | C] -- C:\Users\Pía\AppData\Local\Macromedia

[2013-03-26 12:36:42 | 000,000,000 | ---D | C] -- C:\Users\Pía\AppData\Local\Microsoft Games

[2013-03-26 12:24:37 | 000,000,000 | ---D | C] -- C:\Users\Pía\AppData\Roaming\Malwarebytes

[2013-03-26 12:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013-03-26 12:23:34 | 000,000,000 | ---D | C] -- C:\Users\Pía\AppData\Local\Programs

[2013-03-26 12:23:08 | 000,000,000 | ---D | C] -- C:\Users\Pía\AppData\Roaming\WinRAR

[2013-03-25 22:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2013-03-24 15:32:41 | 000,000,000 | ---D | C] -- C:\Users\Pía\AppData\Local\Mozilla

[2013-03-24 15:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2013-03-23 18:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2013-03-21 19:26:51 | 000,000,000 | ---D | C] -- C:\Users\Pía\AppData\Roaming\Skype

[2013-03-21 19:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2013-03-21 19:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2013-03-21 19:26:47 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2013-03-21 19:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2013-03-21 16:36:11 | 000,000,000 | ---D | C] -- C:\Users\Pía\AppData\Roaming\Nuance

[2013-03-21 16:36:11 | 000,000,000 | ---D | C] -- C:\Users\Pía\AppData\Roaming\FLEXnet

[2013-03-21 16:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2013-03-21 16:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 11.0

[2013-03-21 16:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\IVA

[2013-03-21 16:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nuance

[2013-03-21 16:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance

[2013-03-21 16:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance

[2013-03-21 16:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet

[2013-03-20 21:25:38 | 000,000,000 | ---D | C] -- C:\Users\Pía\AppData\Local\IsolatedStorage

[2013-03-20 20:16:13 | 000,000,000 | ---D | C] -- C:\Users\Pía\AppData\Roaming\uTorrent

[2013-03-20 19:52:16 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys

========== Files - Modified Within 30 Days ==========

[2013-04-19 13:59:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pía\Desktop\OTL.exe

[2013-04-19 13:45:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013-04-19 13:41:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013-04-19 10:42:15 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013-04-19 10:42:15 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013-04-19 10:41:24 | 000,703,602 | ---- | M] () -- C:\Windows\System32\perfh00A.dat

[2013-04-19 10:41:24 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013-04-19 10:41:24 | 000,137,600 | ---- | M] () -- C:\Windows\System32\perfc00A.dat

[2013-04-19 10:41:24 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013-04-19 10:37:15 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013-04-19 10:37:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013-04-19 10:37:06 | 2811,830,272 | -HS- | M] () -- C:\hiberfil.sys

[2013-04-18 10:42:33 | 000,001,075 | ---- | M] () -- C:\Users\Pía\AppData\Roaming\SAS7_000.DAT

[2013-04-16 15:04:04 | 171,934,904 | ---- | M] (NVIDIA Corporation) -- C:\Users\Pía\Desktop\314.22-desktop-win8-win7-winvista-32bit-international-whql.exe

[2013-04-15 18:25:36 | 005,054,270 | R--- | M] (Swearware) -- C:\Users\Pía\Desktop\ComboFix.exe

[2013-04-12 18:01:01 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI

[2013-04-12 17:49:10 | 000,000,812 | ---- | M] () -- C:\Users\Pía\Desktop\instructions.rtf

[2013-04-12 11:10:18 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013-04-12 11:10:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013-04-11 10:42:07 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013-04-10 18:17:28 | 000,169,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013-04-08 21:33:19 | 000,001,803 | ---- | M] () -- C:\Users\Pía\Desktop\LPR.rtf

[2013-04-01 16:36:11 | 000,774,632 | ---- | M] (Google Inc.) -- C:\Users\Pía\Desktop\ChromeSetup.exe

[2013-03-28 20:44:11 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk

[2013-03-21 19:26:48 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2013-03-21 16:33:46 | 000,002,787 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk

========== Files Created - No Company Name ==========

[2013-04-15 18:32:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013-04-15 18:32:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013-04-15 18:32:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013-04-15 18:32:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013-04-15 18:32:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013-04-12 18:01:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2013-04-12 17:49:10 | 000,000,812 | ---- | C] () -- C:\Users\Pía\Desktop\instructions.rtf

[2013-04-08 21:33:19 | 000,001,803 | ---- | C] () -- C:\Users\Pía\Desktop\LPR.rtf

[2013-04-01 16:41:19 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013-04-01 16:36:37 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013-04-01 16:36:36 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013-04-01 15:55:02 | 000,000,838 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013-03-28 20:44:11 | 000,001,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

[2013-03-28 20:44:11 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk

[2013-03-21 19:26:48 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2013-03-21 17:38:15 | 000,001,075 | ---- | C] () -- C:\Users\Pía\AppData\Roaming\SAS7_000.DAT

[2013-03-21 16:33:46 | 000,002,787 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk

[2013-03-19 12:51:40 | 003,065,455 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin

[2013-03-19 11:07:13 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2013-03-19 10:35:02 | 000,169,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2012-04-20 13:57:00 | 000,001,536 | ---- | C] () -- C:\Windows\System32\IusEventLog.dll

========== ZeroAccess Check ==========

[2009-07-14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >

Link to post
Share on other sites

  • Staff

Hello Neptune00

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png text box.

    :Files
    ipconfig /flushdns /c

    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles
    It will be named - mmddyyyy_hhmmss.log
    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo

Link to post
Share on other sites

I'm going to need a few days to see how the computer is doing because I want to see if changing my modem fixes the problem, is it okay if I post a reply next week? I'll post on Monday.

Here's the log

========== FILES ==========

< ipconfig /flushdns /c >

No captured output from command...

C:\Users\Pía\Desktop\cmd.bat deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Pía

->Java cache emptied: 926 bytes

User: PÝa

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Pía

->Flash cache emptied: 1679 bytes

User: PÝa

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 04222013_153003

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.