• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
queno

CPU usage too high

77 posts in this topic

Hi!

 

When I'm not using the computer the CPU usage is allways oscillating between 0%-17%, but when I'm running Google Earth, or a game, the CPU usage goes too high and the PC crash.

My CPU usage is high even when I'm using internet.

I'm also think that I'm running too many processes.

 

Malwarebytes and SuperAntiSpyware has not detected anything.

 

Thanks in advance!!!

 

This is HijackThis logfile:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:57:53, on 08/12/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe

C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE

C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe

C:\Archivos de programa\DAEMON Tools\daemon.exe

C:\Archivos de programa\Messenger\msmsgs.exe

C:\Archivos de programa\Google\Update\GoogleUpdate.exe

C:\Archivos de programa\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe

C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe

C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\Mozilla Firefox\firefox.exe

C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = microweb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S6D.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-682003330-484061587-2147183463-1003\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: uninstall.exe

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O15 - Trusted Zone: *.onerateld.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{6141C6A4-C488-4BFB-89DB-EE4A062B2C88}: NameServer = 80.58.61.250,80.58.61.254

O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate1c98713c4b29a9c) (gupdate1c98713c4b29a9c) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe

O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe

 

--

End of file - 5389 bytes

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

 

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

I'm nasdaq and will be helping you.

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Download: CCleaner (freeware)

http://www.majorgeeks.com/download4191.html

Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).

Once installed, run CCleaner click the Windows [tab]

The following should be selected by default, if not, please select:

 

CCleanerA.png

 

Next: click Options click the Settings tab

Then click Run Cleaner (bottom right) then Exit

*/*

 

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===

 

Download SDFix and save it to your Desktop.

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Look at this tutorial if assistance is needed.

http://www.bleepingcomputer.com/forums/topic131299.html

Share this post


Link to post
Share on other sites

Thanks for helping me!

 

Security Checkreport:

 

Results of screen317's Security Check version 0.99.1

Windows XP Service Pack 1

Out of date service pack!!

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

McAfee VirusScan Enterprise

WMIC entry does not exist for antivirus; attempting automatic update.

``````````````````````````````

Anti-malware/Other Utilities Check:

Out of date Spybot installed!

Ad-Aware

Spybot - Search & Destroy 1.4

Spybot - Search & Destroy

SUPERAntiSpyware Free Edition

HijackThis 2.0.2

CCleaner (remove only)

Java 6 Update 3

Java 6 Update 6

Java 6 Update 7

Out of date Java installed!

Adobe Reader 9.2 - Español

``````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

Network Associates VirusScan mcshield.exe

Network Associates VirusScan vstskmgr.exe

Network Associates VirusScan SHSTAT.EXE

``````````````````````````````

DNS Vulnerability Check:

 

`````````End of Log```````````

 

 

SDFix report:

 

 

SDFix: Version 1.240

Run by pc on 12/12/2009 at 20:43

 

Microsoft Windows XP [Versi¢n 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

New HijackThis logfile:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:06:20, on 12/12/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\Google\Update\GoogleUpdate.exe

C:\Archivos de programa\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe

C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe

C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe

C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE

C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe

C:\Archivos de programa\DAEMON Tools\daemon.exe

C:\Archivos de programa\Messenger\msmsgs.exe

C:\Archivos de programa\Mozilla Firefox\firefox.exe

C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = microweb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S6D.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-682003330-484061587-2147183463-1003\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: uninstall.exe

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O15 - Trusted Zone: *.onerateld.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{6141C6A4-C488-4BFB-89DB-EE4A062B2C88}: NameServer = 80.58.61.250,80.58.61.254

O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate1c98713c4b29a9c) (gupdate1c98713c4b29a9c) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe

O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe

 

--

End of file - 5390 bytes

 

 

When SDFix rebooted the PC crashed so I had to reboot again.

Share this post


Link to post
Share on other sites

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Windows XP Service Pack 1

Out of date service pack!!

When I give you a clean bill of health I suggest you update to Service Pack 2.

http://support.microsoft.com/kb/935791

===

 

Please download JavaRa

 

If you get this message:

Problems with the download? Please use this direct link or try another mirror.

 

Select the Direct link download unzip it to your Desktop.

 

Double click JavaRa.exe then click Remove Older Versions.

 

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

 

Next, open JavaRa.exe again, and select Search For Updates.

 

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Download this one JRE 6 Update 17.

 

In Vista and Windows 7 run the tool as Administrator.

===

 

Visit Link to ADOBE

and download the latest version of Acrobat Reader.

Having the latest updates ensures there are no security vulnerabilities in your system.

===

 

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

O4 - Global Startup: uninstall.exe

O15 - Trusted Zone: *.onerateld.com

 

Click on Fix Checked when finished and exit HijackThis.

 

Restart the computer normally.

 

Please post the results of the JavaRa.log and include a fresh HijackThis log.

 

Let me know what problem persists.

Share this post


Link to post
Share on other sites

Thanks again!

 

Windows startup and shutdown are a little slower than usual.

CPU usage is still between 0%-20% all the time.

When I'm using Google Earth or a game the Pc crash (a black screen appears and I have to reboot).

 

JavaRa.log:

 

JavaRa 1.15 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Mon Dec 14 01:11:25 2009

 

Found and removed: C:\Archivos de programa\Java\jre1.6.0_03

 

Found and removed: C:\Archivos de programa\Java\jre1.6.0_06

 

Found and removed: Software\JavaSoft\Java2D\1.5.0

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

 

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610006

 

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

 

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610006

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006

 

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

 

Found and removed: SOFTWARE\Classes\JavaPlugin.160_06

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_06

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_06

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610006

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610006

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160060}

 

Found and removed: Software\Classes\JavaPlugin.160_03

 

Found and removed: Software\Classes\JavaPlugin.160_06

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_06

 

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

 

Found and removed: Software\JavaSoft\Java2D\1.6.0_06

 

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

 

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_06

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

 

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

 

------------------------------------

 

Finished reporting.

 

 

HijackThis log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:43:48, on 14/12/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe

C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE

C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe

C:\Archivos de programa\DAEMON Tools\daemon.exe

C:\Archivos de programa\Java\jre6\bin\jusched.exe

C:\Archivos de programa\Google\Update\GoogleUpdate.exe

C:\Archivos de programa\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Archivos de programa\Java\jre6\bin\jqs.exe

C:\Archivos de programa\Messenger\msmsgs.exe

C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe

C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe

C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = microweb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S6D.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-682003330-484061587-2147183463-1003\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: uninstall.exe

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O17 - HKLM\System\CCS\Services\Tcpip\..\{6141C6A4-C488-4BFB-89DB-EE4A062B2C88}: NameServer = 80.58.61.250,80.58.61.254

O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate1c98713c4b29a9c) (gupdate1c98713c4b29a9c) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe

O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe

 

--

End of file - 5810 bytes

Share this post


Link to post
Share on other sites

The uninstall.exe in your startup folder was not fixed.

 

If the file is not listed in this path c:\documents and settings\all users\start menu\programs\startup\uninstall.exe search your computer for the file uninstall.exe and rename it uninstall.exe.old

p.s. The file will be located in a Startup folder.

 

Restart the computer normally.

 

If the problem persists run this tool and let me see the results.

 

Download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.

  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.

 

These reports are long, please post the contents of both logs (in separate post) in your next reply.

Share this post


Link to post
Share on other sites

Hi.

The problem persists.

 

log.txt:

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by pc at 2009-12-14 23:29:58

Microsoft Windows XP Professional Service Pack 1

System drive C: has 26 GB (13%) free of 194 GB

Total RAM: 1023 MB (66% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:30:00, on 14/12/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe

C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE

C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe

C:\Archivos de programa\DAEMON Tools\daemon.exe

C:\Archivos de programa\Google\Update\GoogleUpdate.exe

C:\Archivos de programa\Java\jre6\bin\jusched.exe

C:\Archivos de programa\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Archivos de programa\Java\jre6\bin\jqs.exe

C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe

C:\Archivos de programa\Messenger\msmsgs.exe

C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe

C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\pc\Mis documentos\Descargas\RSIT.exe

C:\Archivos de programa\Trend Micro\HijackThis\pc.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = microweb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S6D.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-682003330-484061587-2147183463-1003\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: uninstall.exe

O4 - Global Startup: uninstall.exe.old

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O17 - HKLM\System\CCS\Services\Tcpip\..\{6141C6A4-C488-4BFB-89DB-EE4A062B2C88}: NameServer = 80.58.61.250,80.58.61.254

O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate1c98713c4b29a9c) (gupdate1c98713c4b29a9c) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe

O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe

 

--

End of file - 5874 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\GlaryInitialize.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll [2009-12-14 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-14 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]

EpsonToolBandKicker Class - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-09-09 845852]

ID

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"McAfeeUpdaterUI"=C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]

"ShStatEXE"=C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE [2004-08-25 94208]

"Network Associates Error Reporting Service"=C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe [2003-10-07 147514]

"DAEMON Tools"=C:\Archivos de programa\DAEMON Tools\daemon.exe [2006-09-14 157592]

"SunJavaUpdateSched"=C:\Archivos de programa\Java\jre6\bin\jusched.exe [2009-12-14 149280]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"=C:\Archivos de programa\Messenger\msmsgs.exe [2004-11-15 1670144]

"EPSON Stylus SX200 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE [2007-12-13 188928]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acceso directo a la página de propiedades de High Definition Audio]

C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

C:\Archivos de programa\Archivos comunes\Adobe\Updater5\AdobeUpdater.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgenteADSL_15]

C:\Archivos de programa\Telefonica\KitAIM\AimExDll.exe [2006-08-05 28672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]

RunDll32 cmicnfg.cpl,CMICtrlWnd []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

C:\Archivos de programa\Ahead\InCD\InCD.exe [2004-09-13 1450096]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2006-08-05 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Archivos de programa\QuickTime\qttask.exe [2005-08-24 98304]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-10-12 2000112]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Google Updater.lnk]

C:\ARCHIV~1\Google\GOOGLE~2\GOOGLE~1.EXE -systray -startup []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk]

C:\ARCHIV~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^uninstall.exe]

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\uninstall.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^VIA RAID TOOL.lnk]

C:\ARCHIV~1\VIA\RAID\RAID_T~1.EXE [2004-06-02 581632]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^WinZip Quick Pick.lnk]

C:\ARCHIV~1\WinZip\WZQKPICK.EXE [2002-10-29 106560]

 

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio

uninstall.exe

uninstall.exe.old

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2004-08-03 86016]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"RunStartupScriptSync"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"RunStartupScriptSync"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=91000000

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoResolveSearch"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======List of files/folders created in the last 1 months======

 

2009-12-14 23:29:58 ----D---- C:\rsit

2009-12-14 01:20:00 ----A---- C:\WINDOWS\System32\javaws.exe

2009-12-14 01:20:00 ----A---- C:\WINDOWS\System32\javaw.exe

2009-12-14 01:20:00 ----A---- C:\WINDOWS\System32\java.exe

2009-12-14 01:20:00 ----A---- C:\WINDOWS\System32\deploytk.dll

2009-12-12 22:12:16 ----D---- C:\Documents and Settings\pc\Datos de programa\WinRAR

2009-12-12 20:38:22 ----D---- C:\WINDOWS\ERUNT

2009-12-12 20:35:45 ----A---- C:\WINDOWS\ntbtlog.txt

2009-12-12 20:30:02 ----D---- C:\SDFix

2009-12-04 12:18:07 ----D---- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files

2009-11-29 09:12:25 ----D---- C:\Documents and Settings\All Users\Datos de programa\Agnitum

2009-11-29 09:12:25 ----D---- C:\Archivos de programa\Agnitum

2009-11-29 09:12:13 ----D---- C:\Config.Msi

2009-11-29 03:23:33 ----D---- C:\Documents and Settings\pc\Datos de programa\GlarySoft

2009-11-29 03:17:37 ----D---- C:\Archivos de programa\Glary Utilities

2009-11-28 21:46:57 ----A---- C:\WINDOWS\myClean.bat

2009-11-28 10:58:51 ----D---- C:\Archivos de programa\SpeedFan

2009-11-19 18:30:44 ----D---- C:\Documents and Settings\All Users\Datos de programa\Google

 

======List of files/folders modified in the last 1 months======

 

2009-12-14 23:25:54 ----D---- C:\Archivos de programa\Mozilla Firefox

2009-12-14 23:23:15 ----D---- C:\WINDOWS\system32

2009-12-14 23:23:15 ----AC---- C:\WINDOWS\System32\PerfStringBackup.INI

2009-12-14 23:20:38 ----D---- C:\WINDOWS\TEMP

2009-12-14 23:19:02 ----D---- C:\WINDOWS\Debug

2009-12-14 11:19:52 ----D---- C:\WINDOWS

2009-12-14 11:18:41 ----AC---- C:\WINDOWS\NeroDigital.ini

2009-12-14 01:20:03 ----SHD---- C:\WINDOWS\Installer

2009-12-14 01:19:35 ----D---- C:\Archivos de programa\Java

2009-12-11 07:57:28 ----AC---- C:\WINDOWS\winamp.ini

2009-12-09 07:47:44 ----A---- C:\WINDOWS\demdata.txt

2009-12-06 09:13:04 ----AC---- C:\WINDOWS\BBW_INFO.INI

2009-12-06 05:47:02 ----D---- C:\Archivos de programa\Google

2009-12-06 05:42:44 ----D---- C:\WINDOWS\System32\CatRoot2

2009-12-06 05:27:04 ----SD---- C:\WINDOWS\Tasks

2009-12-06 04:51:03 ----SH---- C:\boot.ini

2009-12-06 04:51:03 ----AC---- C:\WINDOWS\win.ini

2009-12-06 04:51:03 ----AC---- C:\WINDOWS\system.ini

2009-12-06 04:40:31 ----D---- C:\WINDOWS\pss

2009-12-06 01:28:11 ----D---- C:\Archivos de programa\Malwarebytes' Anti-Malware

2009-12-06 01:28:09 ----D---- C:\WINDOWS\System32\drivers

2009-12-06 00:57:44 ----D---- C:\Archivos de programa\Unlocker

2009-12-06 00:57:01 ----D---- C:\Archivos de programa\Atari

2009-12-06 00:57:00 ----HD---- C:\Archivos de programa\InstallShield Installation Information

2009-12-06 00:56:50 ----D---- C:\Archivos de programa\Archivos comunes

2009-12-06 00:56:41 ----D---- C:\Documents and Settings\pc\Datos de programa\Atari

2009-12-06 00:52:52 ----D---- C:\Archivos de programa

2009-12-05 23:31:42 ----D---- C:\Archivos de programa\Spybot - Search & Destroy

2009-12-05 23:02:34 ----D---- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy

2009-12-05 21:34:21 ----D---- C:\Documents and Settings\pc\Datos de programa\ppstream

2009-12-04 12:15:03 ----D---- C:\WINDOWS\System32\CatRoot

2009-11-29 09:12:35 ----D---- C:\WINDOWS\System32\config

2009-11-29 09:12:30 ----D---- C:\WINDOWS\System32\wbem

2009-11-29 09:12:30 ----D---- C:\WINDOWS\Registration

2009-11-29 09:12:28 ----HD---- C:\WINDOWS\inf

2009-11-29 09:12:12 ----RSHDC---- C:\WINDOWS\System32\dllcache

2009-11-29 09:11:50 ----D---- C:\WINDOWS\System32\Restore

2009-11-29 07:07:31 ----D---- C:\WINDOWS\WinSxS

2009-11-29 03:29:47 ----D---- C:\WINDOWS\System32\Kaspersky Lab

2009-11-29 03:25:52 ----D---- C:\WINDOWS\Help

2009-11-29 03:23:35 ----D---- C:\Archivos de programa\RapidLeecher

2009-11-29 03:21:04 ----D---- C:\RealBand

2009-11-29 03:21:04 ----D---- C:\bb

2009-11-29 03:21:04 ----D---- C:\Archivos de programa\WinRAR

2009-11-29 03:21:04 ----D---- C:\Archivos de programa\Messenger

2009-11-29 03:21:04 ----D---- C:\Archivos de programa\BitComet

2009-11-28 20:10:56 ----D---- C:\Archivos de programa\DDD Pool

2009-11-24 19:09:38 ----D---- C:\Documents and Settings\All Users\Datos de programa\Adobe

2009-11-23 23:32:10 ----D---- C:\Archivos de programa\Archivos comunes\Adobe

2009-11-23 23:31:48 ----D---- C:\Archivos de programa\Adobe

2009-11-23 02:13:15 ----D---- C:\Documents and Settings\pc\Datos de programa\FFSJ

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\System32\drivers\cdrbsdrv.sys [2007-07-09 33408]

R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-09-13 28672]

R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-08-25 58016]

R1 SASDIFSV;SASDIFSV; \??\C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.sys []

R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]

R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []

R2 irda;Protocolo IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2001-08-17 55296]

R2 RVIEG01;VSC Engine; \??\C:\Archivos de programa\Roland\Virtual Sound Canvas DXi\RVIEg01.sys []

R2 RVIEGVST;VSC VST Engine; \??\C:\Archivos de programa\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys []

R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-03 768512]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2004-06-19 190336]

R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2004-07-28 1258432]

R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]

R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\System32\drivers\EntDrv51.sys []

R3 HDAudBus;Controlador de bus de Microsoft UAA para High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-03-17 135168]

R3 irsir;Controlador de infrarrojos serie de Microsoft; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]

R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-08-25 108256]

R3 Rasirda;Minipuerto WAN (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 usbehci;Controlador minipuerto de la controladora mejorada USB 2.0 de Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]

R3 usbhub;Concentrador habilitado USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]

R3 usbuhci;Controlador minipuerto de la controladora de host universal USB de Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]

R4 InCDfs;InCD File System; C:\WINDOWS\System32\drivers\InCDfs.sys [2004-09-13 93440]

S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\System32\DRIVERS\ATITool.sys [2006-11-10 24064]

S1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys []

S3 aopl7gtt;aopl7gtt; C:\WINDOWS\System32\drivers\aopl7gtt.sys []

S3 Arp1394;Protocolo de cliente ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-09-09 57344]

S3 catchme;catchme; \??\C:\DOCUME~1\pc\CONFIG~1\Temp\catchme.sys []

S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\System32\Drivers\CO_Mon.sys []

S3 HdAudAddService;Controlador de funciones de Microsoft UAA para el servicio High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]

S3 NIC1394;Controlador de red 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-09-09 57984]

S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2006-11-26 39488]

S3 SASENUM;SASENUM; \??\C:\Archivos de programa\SUPERAntiSpyware\SASENUM.SYS []

S3 usbccgp;Controlador primario genérico USB de Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]

S3 usbprint;Clase de impresora USB de Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]

S3 usbscan;Controlador de escáner USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]

S3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]

S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-08-03 389120]

R2 InCDsrv;InCD Helper; C:\Archivos de programa\Ahead\InCD\InCDsrv.exe [2004-09-13 1192050]

R2 Irmon;Monitor de infrarrojos; C:\WINDOWS\System32\svchost.exe [2001-08-24 12800]

R2 JavaQuickStarterService;Java Quick Starter; C:\Archivos de programa\Java\jre6\bin\jqs.exe [2009-12-14 153376]

R2 McAfeeFramework;Servicio de registro de McAfee; C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]

R2 McShield;Network Associates McShield; C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe [2004-08-25 221191]

R2 McTaskManager;Network Associates Task Manager; C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe [2004-08-25 28672]

R2 MDM;Machine Debug Manager; C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912]

S2 gupdate1c98713c4b29a9c;Google Update Service (gupdate1c98713c4b29a9c); C:\Archivos de programa\Google\Update\GoogleUpdate.exe [2009-02-04 133104]

S2 xwovauhs;AGP Bus w766b Helper; C:\WINDOWS\System32\svchost.exe [2001-08-24 12800]

S3 {BEE686B9-4C84-4487-9D72-9F40F051E973};{BEE686B9-4C84-4487-9D72-9F40F051E973}; C:\WINDOWS\System32\svchost.exe [2001-08-24 12800]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]

S3 IDriverT;InstallDriver Table Manager; C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe [2006-08-05 69632]

 

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

info.txt:

 

info.txt logfile of random's system information tool 1.06 2009-12-14 23:30:02

 

======Uninstall list======

 

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

7-Zip 4.42-->"C:\Archivos de programa\7-Zip\Uninstall.exe"

ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}

Ad-Aware SE Personal-->C:\ARCHIV~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\ARCHIV~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 9.2 - Español-->MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A92000000001}

ASCOM Platform 3.0-->C:\ARCHIV~1\ARCHIV~1\ASCOM\TELESC~1\UNWISE.EXE C:\ARCHIV~1\ARCHIV~1\ASCOM\TELESC~1\INSTALL.LOG

ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

AviSynth 2.5-->"C:\Archivos de programa\AviSynth 2.5\Uninstall.exe"

Band-in-a-Box 2009 (Build 279)-->"C:\bb\uninstall\unins000.exe"

BitComet 0.58-->C:\Archivos de programa\BitComet\uninst.exe

BitTornado 0.3.15-->C:\Archivos de programa\BitTornado\uninst.exe

BSPlayer-->"C:\Archivos de programa\Webteh\BSplayer\uninstall.exe"

Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{42EDF895-158C-484E-A7F2-42B90759F281}\SETUP.EXE" -l0xa UNINST

CCleaner (remove only)-->"C:\Archivos de programa\CCleaner\uninst.exe"

CDisplay 1.8-->"C:\Archivos de programa\CDisplay\unins000.exe"

CloneDVD 3.9.3-->"C:\Archivos de programa\CloneDVD\unins000.exe"

CloneDVD2-->"C:\Archivos de programa\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Archivos de programa\Elaborate Bytes\CloneDVD2"

C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe

Compresor WinRAR-->C:\Archivos de programa\WinRAR\uninstall.exe

DC++ (remove only)-->"C:\Archivos de programa\DC++\uninstall.exe"

DivX Player-->C:\WINDOWS\unvise32.exe C:\Archivos de programa\DivX\DivX Player\uninstal.log

DriverCD-->C:\WINDOWS\IsUninst.exe -f"C:\Archivos de programa\GIGABYTE\DriverCD\Uninst.isu"

DVD Shrink 3.2-->"C:\Archivos de programa\DVD Shrink\unins000.exe"

eMule-->"C:\Archivos de programa\eMule\Uninstall.exe"

EPSON Attach To Email-->C:\Archivos de programa\Archivos comunes\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG

EPSON Easy Photo Print-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}\SETUP.EXE" -l0xa UNINST

EPSON File Manager-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{46CBBDF8-55B5-40DB-B459-7B848394309C}\Setup.exe" -l0xa UNINST

EPSON Scan Assistant-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0xa -u

EPSON Scan-->C:\Archivos de programa\epson\escndv\setup\setup.exe /r

EPSON Stylus SX200 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSEFE.EXE /R /APD /P:"EPSON Stylus SX200 Series"

EPSON Stylus SX200_SX400_TX200_TX400 Manual-->C:\Archivos de programa\EPSON\TPMANUAL\ES_SX_TX\ESP\USE_G\DOCUNINS.EXE

EPSON Web-To-Page-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0xa -anything

EVEREST Home Edition v2.20-->"C:\Archivos de programa\Lavalys\EVEREST Home Edition\unins000.exe"

Exact Audio Copy 0.95b4-->C:\Archivos de programa\Exact Audio Copy\uninst.exe

File Splitter and Joiner (FFSJ v3.2)-->"C:\WINDOWS\unins000.exe"

Finale 2009-->C:\Archivos de programa\Finale 2009\uninstallFinale.exe

FLAC Installer 1.1.2a (remove only)-->C:\Archivos de programa\FLAC\uninstall.exe

Glary Utilities 2.17.0.776-->"C:\Archivos de programa\Glary Utilities\unins000.exe"

Google Earth-->MsiExec.exe /X{9074AFC0-CFDA-11DE-B484-005056806466}

Grim Fandango de LucasArts-->C:\WINDOWS\unin040a.exe -f"C:\Archivos de programa\LucasArts\Grim\DeIsL1.isu"

GTA San Andreas-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0xa -removeonly

Guitar Power 1.5.0-->"C:\Archivos de programa\GuitarPower\unins000.exe"

Guitar Pro 5.0-->"C:\Archivos de programa\Guitar Pro 5\unins000.exe"

High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe

HijackThis 2.0.2-->"C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe" /uninstall

InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL

Iron Man-->MsiExec.exe /X{6E737AC4-C430-4698-8790-C7D55F7107A4}

Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}

Kit ADSL Router inalámbrico 11g-->C:\Archivos de programa\Telefonica\KitAIM\Uninstal.exe 9

Malwarebytes' Anti-Malware-->"C:\Archivos de programa\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft Office XP Professional con FrontPage-->MsiExec.exe /I{90280C0A-6000-11D3-8CFE-0050048383C9}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mozilla Firefox (3.5.5)-->C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe

MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}

Nero 6-->C:\Archivos de programa\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL

Peer2Mail (remove only)-->"C:\Archivos de programa\Peer2Mail\uninst.exe"

PG Music DirectX Plugins 2.0.0.0-->"C:\Archivos de programa\PowerTracks DirectX Plugins\unins000.exe"

Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}

PowerDVD-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

PSP Video 9 1.74-->C:\Archivos de programa\pspvideo9\uninst.exe

QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

Quiere Ser Millonario-->MsiExec.exe /I{64038AA1-43E0-4CFB-A6BB-9B3237E4853F}

Real Alternative 1.50-->"C:\Archivos de programa\Real Alternative\unins000.exe"

Remove DivX Pro Codec-->C:\WINDOWS\unvise32.exe C:\Archivos de programa\DivX\DivX Pro Codec\UninstalDivXProCodec.log

Revisión de Windows XP - KB823980-->C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe

Revisión de Windows XP - KB824146-->C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe

Revisión de Windows XP - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe

SpeedFan (remove only)-->"C:\Archivos de programa\SpeedFan\uninstall.exe"

Spybot - Search & Destroy 1.4-->"C:\Archivos de programa\Spybot - Search & Destroy\unins000.exe"

Spybot - Search & Destroy-->"C:\Archivos de programa\Spybot - Search & Destroy\unins001.exe"

Starry Night Pro 5-->"C:\Archivos de programa\Starry Night Pro 5\Uninstall Starry Night Pro 5\Uninstall Starry Night Pro 5.exe"

Subtitle Workshop 2.51-->"C:\Archivos de programa\URUSoft\Subtitle Workshop\uninstall.exe"

SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

Synacast Plug-in 1.1.0.7-->C:\Archivos de programa\Archivos comunes\Synacast\SynaLive\uninst.exe

THoTH 2.4 Freeware-->"C:\THoTH\unins000.exe"

Tiburón-->MsiExec.exe /X{E467A03B-C374-4EB8-A4AC-A3D9F807C6CF}

Ultimate Spider-Man -->C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CC35B08B-4EC1-4759-B159-0EC4E69C3E7C} /l2057

UltraISO Premium V8.61-->"C:\Archivos de programa\UltraISO\unins000.exe"

VIA Administrador de dispositivos de plataforma-->C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

VideoLAN VLC media player 0.8.2-->C:\Archivos de programa\VideoLAN\VLC\uninstall.exe

Virtual Sound Canvas DXi-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{745877DC-8FFE-4E4C-ABBC-589B887A47D1}\setup.exe" UNINSTALL_XXX

Virtual Sound Canvas VST-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{DA22A6BB-10B5-4595-BD59-1AD4023C8536}\setup.exe" MAINTENANCE_XXX

Visual Pinball-->MsiExec.exe /I{419EE2A0-0E9B-4312-9689-4FD10738531E}

Winamp (remove only)-->"C:\Archivos de programa\Winamp\UninstWA.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Media Format Runtime-->"C:\Archivos de programa\Windows Media Player\wmsetsdk.exe" /UninstallAll

WinZip-->"C:\Archivos de programa\WinZip\WINZIP32.EXE" /uninstall

Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"

 

=====HijackThis Backups=====

 

O20 - AppInit_DLLs: index.dat [2007-10-15]

O20 - Winlogon Notify: pvnvyafc - C:\WINDOWS\SYSTEM32\astrayiconr.dll [2007-10-15]

O2 - BHO: (no name) - {5D4E4960-62AF-4E3A-AB84-1C4C44A71F40} - C:\WINDOWS\System32\cicd.dll [2007-10-15]

O2 - BHO: (no name) - {284AB5EC-EF5F-4FE0-86CA-42CF17E704C3} - c:\windows\system32\astrayiconr.dll [2007-10-15]

O21 - SSODL: IEFilter - {310AF74D-8FA1-4E72-9B7C-049530FC86A5} - (no file) [2007-10-15]

O23 - Service: Indexing Helps (Indexingbox) - Unknown owner - C:\WINDOWS\system\svchest.exe (file missing) [2007-10-15]

O23 - Service: Indexing Helper (Indexingboxs) - Unknown owner - c:\temp\svchost.exe (file missing) [2007-10-15]

O2 - BHO: (no name) - {284AB5EC-EF5F-4FE0-86CA-42CF17E704C3} - c:\windows\system32\astrayiconr.dll [2007-10-17]

O20 - Winlogon Notify: pvnvyafc - C:\WINDOWS\SYSTEM32\astrayiconr.dll [2007-10-17]

O2 - BHO: (no name) - {5D4E4960-62AF-4E3A-AB84-1C4C44A71F40} - C:\WINDOWS\System32\cicd.dll [2007-10-17]

O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\pc\cftmon.exe [2008-04-30]

O4 - HKUS\S-1-5-21-682003330-484061587-2147183463-1003\..\Run: [autoload] C:\Documents and Settings\pc\cftmon.exe (User '?') [2008-04-30]

O23 - Service: Programador de tareas (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe [2008-04-30]

O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe [2008-04-30]

O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe [2008-04-30]

O15 - Trusted Zone: *.onerateld.com [2009-12-14]

O4 - Global Startup: uninstall.exe [2009-12-14]

 

======Hosts File======

 

127.0.0.1 localhost

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel

"PROCESSOR_REVISION"=0401

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

I do not know why but the file was recreated.

 

O4 - Global Startup: uninstall.exe

O4 - Global Startup: uninstall.exe.old

 

===

 

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\uninstall.exe

 

Look at this page and see if you can disble this process.

http://www.configurarequipos.com/doc261.html

 

If disabling it does not correct your problem you can restore it back.

 

Keep me posted as I do not see any suspicious processes other than this one.

Share this post


Link to post
Share on other sites

Can you look at the properties of the file and find out what the supplier's name?

 

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\uninstall.exe

Share this post


Link to post
Share on other sites

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\uninstall.exe

 

Please submit the file in bold to the following link for a scan, then post the results in your next message for me to see.

http://virusscan.jotti.org/

Share this post


Link to post
Share on other sites

Download ComboFix from:

 

http://download.bleepingcomputer.com...a/KittyFix.exe

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
     
  • Double click on ComboFix.exe & follow the prompts.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

RcAuto1.gif

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

whatnext.png

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply with a fresh HijackThis log.

 

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

 

Do not mouse click combofix's window while it's running. That may cause it to stall

Share this post


Link to post
Share on other sites

Hi.

 

Sorry, I didn't save ComboFix.exe to my Desktop.... :( I save it to Mis Documentos\Descargas... :(

 

I cannot find C:\ComboFix.txt

 

I have this file: C:\ComboFix2.txt, but it's outdated (2007)

 

I also have these new folders:

 

Qoobox: this folder contains another outdated ComboFix2.txt file (2008)

 

32788R22FWJFW

 

These old files have been modified: cmldr, csb.log and boot.bak (these files are in C:\)

 

I also have a new icon in c:\. It's the same icon used by My Pc, but it's named KittyFix

 

Why is it named KittyFix.exe? I thought it was named ComboFix.exe.

Edited by queno

Share this post


Link to post
Share on other sites
I also have a new icon in c:\. It's the same icon used by My Pc, but it's named KittyFix

ComboFix has been renamed KittyFix temporary.

 

What I suggest is that your Uninstall your current version.

 

Time for some housekeeping


  • The following will implement some cleanup procedures as well as reset System Restore points:
     
    Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
     
    ComboFix /Uninstall

 

This may not remove the previous old version. If you do have any references to ComboFix dated in 2007 delete them.

 

Download the ComboFix as I have suggested in my previous post.

Makes sure you place in on your Desktop and run it.

 

Post the logs.

 

All I ask of you is that you follow my recommendations.

Share this post


Link to post
Share on other sites

Hi.

 

I have uninstalled ComboFix. I have placed the new one on my Desktop and when running it, a blue screen appeared with the following text and nothing happened (the hard drive wasn't running):

 

Scanning for infected files...

This typically doesn't take more than 10 minutes

However, scan times for badly infected machines may easily double

 

I waited for 5 hours with that text on the screen.

I didn't mouse click ComboFix's window.

Edited by queno

Share this post


Link to post
Share on other sites

We may not be able to clean your computer completely.

I would start by backing up my data files in case we have to resort format the hard disk.

 

Let me see the results of this scan.

 

Please download RootKitRevealer from here:

http://download.sysinternals.com/Files/RootkitRevealer.zip

Unzip it to the desktop, run it, and click Scan. This will generate a log file; please post the entire contents of the log file here for me to see.

Share this post


Link to post
Share on other sites

Hi.

 

RootKitRevealerm log file:

 

HKU\.DEFAULT\Control Panel\International 01/05/2008 12:30 0 bytes Security mismatch.

HKU\.DEFAULT\Control Panel\International\Geo 01/05/2008 12:30 0 bytes Security mismatch.

HKU\S-1-5-21-682003330-484061587-2147183463-1003\Console 19/12/2009 7:57 0 bytes Security mismatch.

HKU\S-1-5-21-682003330-484061587-2147183463-1003\console_combofixbackup 19/12/2009 7:57 0 bytes Security mismatch.

HKU\S-1-5-21-682003330-484061587-2147183463-1003\Control Panel\International 01/05/2008 12:30 0 bytes Security mismatch.

HKU\S-1-5-21-682003330-484061587-2147183463-1003\Control Panel\International\Geo 01/05/2008 12:30 0 bytes Security mismatch.

HKU\S-1-5-21-682003330-484061587-2147183463-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 03/11/2007 16:32 0 bytes Key name contains embedded nulls (*)

HKU\S-1-5-21-682003330-484061587-2147183463-1003\Software\Zepter Software\RegLib*e4257279 26/11/2006 21:12 0 bytes Key name contains embedded nulls (*)

HKU\S-1-5-18\Control Panel\International 01/05/2008 12:30 0 bytes Security mismatch.

HKU\S-1-5-18\Control Panel\International\Geo 01/05/2008 12:30 0 bytes Security mismatch.

HKLM\SECURITY\Policy\Secrets\SAC* 08/04/2005 11:47 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 08/04/2005 11:47 0 bytes Key name contains embedded nulls (*)

HKLM\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\dwFilesScanned 19/12/2009 20:21 4 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\szLastScanned 19/12/2009 20:21 110 bytes Windows API length not consistent with raw hive data.

Share this post


Link to post
Share on other sites

Please download GMER from http://www2.gmer.net/tmp/gmer.exe

 

Close any open programs/windows!

 

Open the program and click on the Rootkit/Malware tab.

 

Make sure all the boxes on the right of the screen are checked, apart from 'Show All'.

2wg8via.gif

 

Click on Scan (1).

jijosi.gif

 

When the scan has run click Copy (2) and paste the results (if any) into this thread.

Share this post


Link to post
Share on other sites

GMER 1.0.15.15252 - http://www.gmer.net

Rootkit scan 2009-12-20 00:59:38

Windows 5.1.2600 Service Pack 1

Running: gmer.exe; Driver: C:\DOCUME~1\pc\CONFIG~1\Temp\uwxdipob.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT 865C7109 ZwCreateThread

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA96E4400, 0x82482, 0xE8000020]

.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA9784420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA9784420]

.protectÿÿÿÿhardlockunknown last code section [0xA9784200, 0x5105, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA9784200, 0x5105, 0xE0000020]

pnidata C:\WINDOWS\System32\DRIVERS\secdrv.sys unknown last section [0xA93EEF00, 0x24000, 0x48000000]

? C:\WINDOWS\System32\Drivers\RKREVEAL150.SYS El sistema no puede hallar el archivo especificado. !

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] MSVCRT.DLL!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] MSVCRT.DLL!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] MSVCRT.DLL!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] MSVCRT.DLL!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] MSVCRT.DLL!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] MSVCRT.DLL!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] MSVCRT.DLL!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] MSVCRT.DLL!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1264] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\

Share this post


Link to post
Share on other sites

Is your hardlock program stopping the execution of ComboFix?

 

I'm not familiar with the program, hat does it do?

Can it be disable temporarily while you run the ComboFix?

Share this post


Link to post
Share on other sites

What's a hardlock program?

 

The supplier is Aladdin Knowledge Systems. I don't know why I have these files on my computer.

 

These drivers are in a folder named aladdin (C:\WINDOWS\system32\Setup). I think they were installed on my computer with Canopus Procoder (it's a video encoding and transcoding software). I can uninstall it.

Edited by queno

Share this post


Link to post
Share on other sites

Is there an uninstall function under the Add/Remove Programs list?

 

If you do make a system restore.

 

Remove the application with the Add/Remove programs.

 

Restart the computer normally.

If this is really required you will be able to restore it.

 

 

Can you now run the ComboFfix?

Share this post


Link to post
Share on other sites

Run HijackThis and click on Open the Misc Tools section.

In the next window, click on Open Uninstall Manager...

In the final window, click on Save list... and save it to your Desktop.

Copy and paste this file: uninstall_list.txt into your next reply.

Share this post


Link to post
Share on other sites

7-Zip 4.42

ABBYY FineReader 6.0 Sprint

Ad-Aware SE Personal

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

Adobe Reader 9.2 - Español

ASCOM Platform 3.0

ATI Display Driver

AviSynth 2.5

Band-in-a-Box 2009 (Build 279)

BitComet 0.58

BitTornado 0.3.15

BSPlayer

Camera RAW Plug-In for EPSON Creativity Suite

CCleaner (remove only)

CDisplay 1.8

CloneDVD 3.9.3

CloneDVD2

C-Media High Definition Audio Driver

Compresor WinRAR

DC++ (remove only)

DivX Player

DriverCD

DVD Shrink 3.2

eMule

EPSON Attach To Email

EPSON Easy Photo Print

EPSON File Manager

EPSON Scan

EPSON Scan Assistant

EPSON Stylus SX200 Series Printer Uninstall

EPSON Stylus SX200_SX400_TX200_TX400 Manual

EPSON Web-To-Page

EVEREST Home Edition v2.20

Exact Audio Copy 0.95b4

File Splitter and Joiner (FFSJ v3.2)

Finale 2009

FLAC Installer 1.1.2a (remove only)

Glary Utilities 2.17.0.776

Google Earth

Grim Fandango de LucasArts

GTA San Andreas

Guitar Power 1.5.0

Guitar Pro 5.0

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

InCD

Iron Man

Java 6 Update 17

Kit ADSL Router inalámbrico 11g

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft Office XP Professional con FrontPage

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox (3.5.6)

MSXML4 Parser

Nero 6

Nero Media Player

Peer2Mail (remove only)

PG Music DirectX Plugins 2.0.0.0

Power Tab Editor 1.7

PowerDVD

PSP Video 9 1.74

QuickTime

Quiere Ser Millonario

Real Alternative 1.50

Remove DivX Pro Codec

Revisión de Windows XP - KB823980

Revisión de Windows XP - KB824146

Revisión de Windows XP - KB835732

SpeedFan (remove only)

Spybot - Search & Destroy

Spybot - Search & Destroy 1.4

Starry Night Pro 5

Subtitle Workshop 2.51

SUPERAntiSpyware Free Edition

Synacast Plug-in 1.1.0.7

THoTH 2.4 Freeware

Tiburón

Ultimate Spider-Man

UltraISO Premium V8.61

VIA Administrador de dispositivos de plataforma

VideoLAN VLC media player 0.8.2

Virtual Sound Canvas DXi

Virtual Sound Canvas VST

Visual Pinball

Winamp (remove only)

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows Media Format Runtime

WinZip

Xbox 360 Controller for Windows

Share this post


Link to post
Share on other sites

Nothing suspicious was found.

 

Do you have two copies of Search & destroy on your computer. I suggest your remove them and install the latest version.

Spybot - Search & Destroy

Spybot - Search & Destroy 1.4

 

http://www.safer-networking.org/en/download/index.html

====

 

Update your XP Service pack to 3.

http://www.microsoft.com/uk/windows/products/windowsxp/sp3/default.mspx

===

 

Update your Internet Explorer.

Windows Internet Explorer 7 for Windows XP

http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=en

===

Share this post


Link to post
Share on other sites

Thanks for your help!

 

My Pc still have problems so I'm going to format my computer, back up my files and install Windows XP SP3. But I have some questions:

 

1) Did I have viruses, trojans, rootkits,...? Is my computer clean now?

 

2) Is it safe to back up my files (music, movies and documents, not .exe files) to an external hard drive? Could these files be infected?

 

3) Why doesn't run ComboFix?

Share this post


Link to post
Share on other sites

I did not see any trace of malware.

 

It will be safe I think to backup your files as you suggest.

 

Before you do there is a new version of ComboFix. Remove the current one and download a fresh copy. See if you can run it.

It should not take more than 30 minutes to complete it's scan.

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
     
  • Double click on ComboFix.exe & follow the prompts.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

RcAuto1.gif

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

whatnext.png

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply with a fresh HijackThis log.

 

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

 

Do not mouse click combofix's window while it's running. That may cause it to stall

Share this post


Link to post
Share on other sites

Delete the current version.

 

Download ComboFix from any of the links below but rename it to <insert name here> before saving it to your desktop. <- Important.

 

Link 1

Link 2

 

==================================

 

Double click on the renamed ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Share this post


Link to post
Share on other sites

Hi.

 

Combofix stops running when this message appears:

 

Scanning for infected files...

This typically doesn't take more than 10 minutes

However, scan times for badly infected machines may easily double

Share this post


Link to post
Share on other sites

Try this.

 

  • Press the windows key + R to open a run box
  • Copy/paste this command (with quotation marks) "%userprofile%/Desktop/ComboFix.exe" /killall into the run box
  • Press OK to start ComboFix
  • When finished, it will produce a report for you.**
  • Please post the "C:\ComboFix.txt" for further review.

Share this post


Link to post
Share on other sites

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

 

rkill.exe

rkill.com

rkill.scr

rkill.pif

 

When executed run..... ComboFix....

Share this post


Link to post
Share on other sites

What does not run the Rkill program or ComboFix?

 

Do you have the XP installation disk?

Share this post


Link to post
Share on other sites

Good. Run this tool and will take if from here.

 

Please download GMER from http://www2.gmer.net/tmp/gmer.exe

 

Close any open programs/windows!

 

Open the program and click on the Rootkit/Malware tab.

 

Make sure all the boxes on the right of the screen are checked, apart from 'Show All'.

2wg8via.gif

 

Click on Scan (1).

jijosi.gif

 

When the scan has run click Copy (2) and paste the results (if any) into this thread.

Share this post


Link to post
Share on other sites

GMER 1.0.15.15252 - http://www.gmer.net

Rootkit scan 2009-12-27 00:34:50

Windows 5.1.2600 Service Pack 1

Running: gmer.exe; Driver: C:\DOCUME~1\pc\CONFIG~1\Temp\uwxdipob.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT 865F2109 ZwCreateThread

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA93AF400, 0x82482, 0xE8000020]

.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA944F420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA944F420]

.protectÿÿÿÿhardlockunknown last code section [0xA944F200, 0x5105, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA944F200, 0x5105, 0xE0000020]

pnidata C:\WINDOWS\System32\DRIVERS\secdrv.sys unknown last section [0xA90B9F00, 0x24000, 0x48000000]

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[256] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\Explorer.EXE[500] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\services.exe[1016] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\lsass.exe[1028] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] MSVCRT.DLL!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] MSVCRT.DLL!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] MSVCRT.DLL!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] MSVCRT.DLL!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] MSVCRT.DLL!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] MSVCRT.DLL!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] MSVCRT.DLL!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] MSVCRT.DLL!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)

.text C:\WINDOWS

Share this post


Link to post
Share on other sites

No rootkit found.

 

When you try to run ComboFix do you get an error message.

 

Please post it.

Share this post


Link to post
Share on other sites

I don't get an error message. It appears the next message and ComboFix stops working:

 

Scanning for infected files...

This typically doesn't take more than 10 minutes

However, scan times for badly infected machines may easily double

Share this post


Link to post
Share on other sites

Open notepad and copy/paste the text in the quote box below into it:

 

FCOPY::
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys | C:\IaStor.sys

 

Save this as CFScript on your desktop.

 

CFScriptB-4.gif

 

Referring to the picture above, drag CFScript into ComboFix.exe

 

Restart the computer normally.

===

 

Please download The Avenger by Swandog46 to your Desktop.

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

 

Copy all the text in Bold contained in the code box below (including the first line, which is a command to the tool Files to move: to your Clipboard by highlighting it and pressing (Ctrl+C):

 

Files to move:

C:\IaStor.sys | C:\windows\System32\drivers\IaStor.sys

 

-- Now, DoubleClick avenger.exe on your desktop to run it

-- Read the Warning Prompt and press OK

-- Paste the script you just copied into the textbox, using Ctrl+V or RightClick > Paste

-- Press Execute

-- Answer YES to the confirmation prompts and allow your computer to reboot.

In some cases, The Avenger will reboot your machine a second time. No worries.

-- After reboot, The Avenger should open a log - please post that for me and let me know if that had any affect on the problem.

 

Restart the computer again.

 

Submit a fresh HijackThis log.

 

Let me know what problem persists.

Share this post


Link to post
Share on other sites

ComboFix stopped working when this message appeared:

 

Scanning for infected files...

This typically doesn't take more than 10 minutes

However, scan times for badly infected machines may easily double

 

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: file "C:\IaStor.sys" not found!

File move operation "C:\IaStor.sys|C:\windows\System32\drivers\IaStor.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

HijackThis log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:26:57, on 27/12/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Archivos de programa\Google\Update\GoogleUpdate.exe

C:\Archivos de programa\Java\jre6\bin\jqs.exe

C:\Archivos de programa\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe

C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe

C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe

C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE

C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe

C:\Archivos de programa\Java\jre6\bin\jusched.exe

C:\Archivos de programa\Messenger\msmsgs.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = microweb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S6D.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-21-682003330-484061587-2147183463-1003\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\S-1-5-21-682003330-484061587-2147183463-1003\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S6D.tmp" /EF "HKCU" (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: uninstall.exe

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O17 - HKLM\System\CCS\Services\Tcpip\..\{6141C6A4-C488-4BFB-89DB-EE4A062B2C88}: NameServer = 80.58.61.250,80.58.61.254

O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate1c98713c4b29a9c) (gupdate1c98713c4b29a9c) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe

O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe

 

--

End of file - 5704 bytes

Edited by queno

Share this post


Link to post
Share on other sites

Boot to safe mode.

 

  • Restart your computer in Safe Mode, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you see the Boot Menu.
  • When the Windows Advanced Options menu appears, select an option, and then press ENTER.
  • When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.

 

Just try to run the ComboFix while in safe mode.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0