On every site i enter a frame (iframe) with ad is injected in my browser. The frame is in every browser (IE, FF, CHROME) and it is placed in the bottom-left corner of each page. I have had this infection for 3 months
DDS LOG:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by dperezfadon at 14:36:48 on 2013-03-08
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.34.3082.18.8142.5288 [GMT 1:00]
.
AV: Antivirus de Trend Micro OfficeScan *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Antispyware de Trend Micro OfficeScan *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\CCM\CcmExec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\aetcrss1.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\PrintScreen\PrintScreen.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Users\dperezfadon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft Lync\communicator.exe
C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
C:\xampp\xampp-control.exe
C:\xampp\apache\bin\httpd.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\EditPlus 3\editplus.exe
C:\Users\dperezfadon\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe
C:\Program Files (x86)\Juniper Networks\Network Connect 7.3.1\dsNetworkConnect.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Users\dperezfadon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dperezfadon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dperezfadon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uSearch Bar = Preserve
mStart Page = www.google.com
uProxyServer = proxy.indra.es:8080
uProxyOverride = *indra.es;*.indrabmb.es;*.indra.es;10.*;172.*;192.168.*;ux.ssrl-mov;ux.ssrl-mov-cliente;ux.ssrl-pantallas;<local>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: dynaTrace AJAX Edition Agent: {54CCF170-0056-48d1-B959-055C5B98DC88} - C:\Program Files (x86)\dynaTrace AJAX Edition 4.0\client\lib\dtieagent.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IE Developer Toolbar BHO: {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
TB: dynaTrace AJAX Edition Toolbar: {42EC68EF-4494-4041-9993-A5789BF7750B} - C:\Program Files (x86)\dynaTrace AJAX Edition 4.0\client\lib\dtieagent.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: IE Developer Toolbar: {A202B231-EF71-4a08-BDB9-4CE5AE8BDE0A} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
uRun: [Gadwin PrintScreen] C:\Program Files (x86)\PrintScreen\PrintScreen.exe /nosplash
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AdobeBridge] <no file>
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
mRun: [SAP_WUS_UNT] "C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe"
mRun: [Supervisor de OfficeScanNT] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [OrderReminder] C:\Program Files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\DPEREZ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\dperezfadon\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\DPEREZ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RECORT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOemBackground = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://madansantvir01.indra.es:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://madansantvir01.indra.es:4343/officescan/console/html/ClientInstall/setupini.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://madansantvir01.indra.es:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://madansantvir01.indra.es:4343/officescan/console/html/root/AtxEnc.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://194.140.78.1/CACHE/webvpn/stc/1/binaries/vpnweb.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://madansantvir01.indra.es:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://miproyecto.indra.es/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 172.22.204.219 172.22.204.220
TCP: Interfaces\{1D41A6DC-2C14-4E37-9243-12EE66732604} : DHCPNameServer = 80.58.61.250 80.58.61.254
TCP: Interfaces\{36C3762B-C596-4FCF-8757-51A5C8236527} : DHCPNameServer = 172.22.204.219 172.22.204.220
TCP: Interfaces\{8D862ABB-E784-4AB3-ADDD-7C46F788C188} : DHCPNameServer = 192.168.10.2 192.168.10.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: aetsprov - C:\Windows\SysWOW64\regsvr32.exe /s C:\Windows\SysWOW64\aetsprov.dll
x64-mStart Page = www.google.com
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [CertificateRegistration] aetcrss1.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 149.5.18.172 www.google-analytics.com.
Hosts: 149.5.18.172 ad-emea.doubleclick.net.
Hosts: 149.5.18.172 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dperezfadon\AppData\Roaming\Mozilla\Firefox\Profiles\zmdxyoi7.default\
FF - prefs.js: browser.search.defaulturl - www.Google.com
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?q=
FF - prefs.js: network.proxy.ftp - proxy.indra.es
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy.indra.es
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.indra.es
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.indra.es
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\dperezfadon\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\dperezfadon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: 2013-02-26 09:08; aeffagent@dynatrace.com; C:\Program Files (x86)\dynaTrace AJAX Edition 4.0\client\lib\aeffagent@dynatrace.com
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-11-16 270912]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-7-4 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-4 203776]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-1-28 281656]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-1-26 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-4 13336]
R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [2011-7-12 251248]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-3-8 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-3-8 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-3-8 168384]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [2012-1-9 3580712]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-10-10 65872]
R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys [2011-7-12 344376]
R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2011-7-12 42808]
R2 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2011-7-5 502464]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-5 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2011-1-21 3154224]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-5-23 465872]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\Windows\System32\drivers\ArcSoftVCapture.sys [2011-7-5 32192]
R3 GKUPRO2D;GKUPRO2D;C:\Windows\System32\drivers\GKUPRO2D.sys [2005-2-18 120704]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-4-5 1094712]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-7-4 174168]
R3 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2011-7-4 26712]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 OpenSSHd;OpenSSH Server;C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe [2004-4-18 36864]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2011-5-23 94864]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-7-4 344616]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-7-4 39464]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2012-1-9 171008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-7-5 20992]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-30 203104]
S3 StorSvc;Servicio de almacenamiento;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TmProxy;OfficeScan NT Proxy Service;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2013-2-12 918064]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-5 59392]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2012-1-9 18216]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-5 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\editplus.exe=C:\PROGRA~2\EDITPL~1\EDITPLUS.EXE "%1" [UserChoice]
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-03-08 08:07:36 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-03-08 08:07:32 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-03-08 08:06:50 -------- d-----w- C:\Users\dperezfadon\AppData\Local\Programs
2013-02-26 08:09:26 -------- d-----w- C:\Users\dperezfadon\.dynaTrace
2013-02-26 08:08:28 -------- d-----w- C:\Program Files (x86)\dynaTrace AJAX Edition 4.0
2013-02-15 14:08:20 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-15 14:08:19 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-15 14:08:19 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-15 14:07:43 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-15 14:03:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-15 14:03:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-15 14:03:52 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-15 14:03:52 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-15 14:03:52 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-15 14:03:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-15 14:03:48 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-15 14:03:48 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-15 14:03:43 760320 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 14:03:43 1111040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-07 09:34:48 -------- d-----w- C:\Program Files (x86)\Opera Mobile Emulator
.
==================== Find3M ====================
.
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-20 13:59:36 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-12-20 12:53:51 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-12-20 12:02:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-12-20 11:20:29 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-01-26 09:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
.
============= FINISH: 14:37:17,09 ===============
aswMBR LOG :
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-08 14:39:08
-----------------------------
14:39:08.065 OS Version: Windows x64 6.1.7601 Service Pack 1
14:39:08.065 Number of processors: 4 586 0x2A07
14:39:08.066 ComputerName: DPEREZFADONPW7 UserName: dperezfadon
14:39:08.761 Initialize success
14:42:10.745 AVAST engine defs: 13030800
14:43:00.286 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:43:00.288 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
14:43:00.326 Disk 0 MBR read successfully
14:43:00.332 Disk 0 MBR scan
14:43:00.351 Disk 0 Windows 7 default MBR code
14:43:00.356 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 2048
14:43:00.389 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102900 MB offset 208896
14:43:00.412 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 202242 MB offset 210948096
14:43:00.447 Disk 0 scanning C:\Windows\system32\drivers
14:43:13.411 Service scanning
14:43:37.272 Service TmFilter C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys **LOCKED** 32
14:43:37.453 Service TmPreFilter C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys **LOCKED** 32
14:43:41.262 Service VSApiNt C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys **LOCKED** 32
14:43:44.644 Modules scanning
14:43:44.668 Disk 0 trace - called modules:
14:43:44.688 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
14:43:44.696 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80096df060]
14:43:44.702 3 CLASSPNP.SYS[fffff88001a6843f] -> nt!IofCallDriver -> [0xfffffa8007902890]
14:43:44.709 5 hpdskflt.sys[fffff88001438361] -> nt!IofCallDriver -> [0xfffffa800777e800]
14:43:44.719 7 ACPI.sys[fffff88000d627a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007784050]
14:43:45.226 AVAST engine scan C:\Windows
14:43:48.951 AVAST engine scan C:\Windows\system32
14:48:22.050 AVAST engine scan C:\Windows\system32\drivers
14:48:49.023 AVAST engine scan C:\Users\dperezfadon
14:50:37.590 Disk 0 MBR has been saved successfully to "D:\BIBLIOTECA\MALWARE_REMOVAL\MBR.dat"
14:50:37.595 The log file has been saved successfully to "D:\BIBLIOTECA\MALWARE_REMOVAL\aswMBR.txt"