Jump to content


Photo

CPU usage too high


  • This topic is locked This topic is locked
76 replies to this topic

#1 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 08 December 2009 - 02:00 AM

Hi!

When I'm not using the computer the CPU usage is allways oscillating between 0%-17%, but when I'm running Google Earth, or a game, the CPU usage goes too high and the PC crash.
My CPU usage is high even when I'm using internet.
I'm also think that I'm running too many processes.

Malwarebytes and SuperAntiSpyware has not detected anything.

Thanks in advance!!!

This is HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:53, on 08/12/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe
C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE
C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Google\Update\GoogleUpdate.exe
C:\Archivos de programa\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe
C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = microweb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S6D.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-682003330-484061587-2147183463-1003\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: uninstall.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: *.onerateld.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6141C6A4-C488-4BFB-89DB-EE4A062B2C88}: NameServer = 80.58.61.250,80.58.61.254
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1c98713c4b29a9c) (gupdate1c98713c4b29a9c) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe

--
End of file - 5389 bytes

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,521 posts

Posted 10 December 2009 - 02:36 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 12 December 2009 - 10:32 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Download: CCleaner (freeware)
http://www.majorgeek...wnload4191.html
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
The following should be selected by default, if not, please select:

Posted Image

Next: click Options click the Settings tab
Then click Run Cleaner (bottom right) then Exit
*/*

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Look at this tutorial if assistance is needed.
http://www.bleepingc...opic131299.html
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 12 December 2009 - 05:08 PM

Thanks for helping me!

Security Checkreport:

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 1
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
McAfee VirusScan Enterprise
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:

Out of date Spybot installed!
Ad-Aware
Spybot - Search & Destroy 1.4
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 3
Java™ 6 Update 6
Java™ 6 Update 7
Out of date Java installed!
Adobe Reader 9.2 - Espańol
``````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Network Associates VirusScan mcshield.exe
Network Associates VirusScan vstskmgr.exe
Network Associates VirusScan SHSTAT.EXE
``````````````````````````````
DNS Vulnerability Check:


`````````End of Log```````````


SDFix report:


SDFix: Version 1.240
Run by pc on 12/12/2009 at 20:43

Microsoft Windows XP [Versi˘n 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found

New HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:20, on 12/12/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Google\Update\GoogleUpdate.exe
C:\Archivos de programa\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe
C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe
C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE
C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = microweb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S6D.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-682003330-484061587-2147183463-1003\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: uninstall.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: *.onerateld.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6141C6A4-C488-4BFB-89DB-EE4A062B2C88}: NameServer = 80.58.61.250,80.58.61.254
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1c98713c4b29a9c) (gupdate1c98713c4b29a9c) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe

--
End of file - 5390 bytes


When SDFix rebooted the PC crashed so I had to reboot again.

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 13 December 2009 - 04:27 PM

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Windows XP Service Pack 1
Out of date service pack!!

When I give you a clean bill of health I suggest you update to Service Pack 2.
http://support.microsoft.com/kb/935791
===

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Download this one JRE 6 Update 17.

In Vista and Windows 7 run the tool as Administrator.
===

Visit Link to ADOBE
and download the latest version of Acrobat Reader.
Having the latest updates ensures there are no security vulnerabilities in your system.
===

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - Global Startup: uninstall.exe
O15 - Trusted Zone: *.onerateld.com


Click on Fix Checked when finished and exit HijackThis.

Restart the computer normally.

Please post the results of the JavaRa.log and include a fresh HijackThis log.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 13 December 2009 - 07:54 PM

Thanks again!

Windows startup and shutdown are a little slower than usual.
CPU usage is still between 0%-20% all the time.
When I'm using Google Earth or a game the Pc crash (a black screen appears and I have to reboot).

JavaRa.log:

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Dec 14 01:11:25 2009

Found and removed: C:\Archivos de programa\Java\jre1.6.0_03

Found and removed: C:\Archivos de programa\Java\jre1.6.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_06

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160060}

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_06

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_06

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_06

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_06

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

------------------------------------

Finished reporting.


HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:48, on 14/12/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe
C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE
C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\Google\Update\GoogleUpdate.exe
C:\Archivos de programa\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe
C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = microweb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S6D.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-682003330-484061587-2147183463-1003\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: uninstall.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{6141C6A4-C488-4BFB-89DB-EE4A062B2C88}: NameServer = 80.58.61.250,80.58.61.254
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1c98713c4b29a9c) (gupdate1c98713c4b29a9c) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe

--
End of file - 5810 bytes

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 14 December 2009 - 09:32 AM

The uninstall.exe in your startup folder was not fixed.

If the file is not listed in this path c:\documents and settings\all users\start menu\programs\startup\uninstall.exe search your computer for the file uninstall.exe and rename it uninstall.exe.old
p.s. The file will be located in a Startup folder.

Restart the computer normally.

If the problem persists run this tool and let me see the results.

Download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.
  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.

These reports are long, please post the contents of both logs (in separate post) in your next reply.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 14 December 2009 - 05:44 PM

Hi.
The problem persists.

log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by pc at 2009-12-14 23:29:58
Microsoft Windows XP Professional Service Pack 1
System drive C: has 26 GB (13%) free of 194 GB
Total RAM: 1023 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:30:00, on 14/12/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe
C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE
C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\Archivos de programa\Google\Update\GoogleUpdate.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe
C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\pc\Mis documentos\Descargas\RSIT.exe
C:\Archivos de programa\Trend Micro\HijackThis\pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = microweb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S6D.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-682003330-484061587-2147183463-1003\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: uninstall.exe
O4 - Global Startup: uninstall.exe.old
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{6141C6A4-C488-4BFB-89DB-EE4A062B2C88}: NameServer = 80.58.61.250,80.58.61.254
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1c98713c4b29a9c) (gupdate1c98713c4b29a9c) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe

--
End of file - 5874 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll [2009-12-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-09-09 845852]
ID
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"=C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]
"ShStatEXE"=C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE [2004-08-25 94208]
"Network Associates Error Reporting Service"=C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe [2003-10-07 147514]
"DAEMON Tools"=C:\Archivos de programa\DAEMON Tools\daemon.exe [2006-09-14 157592]
"SunJavaUpdateSched"=C:\Archivos de programa\Java\jre6\bin\jusched.exe [2009-12-14 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Archivos de programa\Messenger\msmsgs.exe [2004-11-15 1670144]
"EPSON Stylus SX200 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE [2007-12-13 188928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acceso directo a la página de propiedades de High Definition Audio]
C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Archivos de programa\Archivos comunes\Adobe\Updater5\AdobeUpdater.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgenteADSL_15]
C:\Archivos de programa\Telefonica\KitAIM\AimExDll.exe [2006-08-05 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Archivos de programa\Ahead\InCD\InCD.exe [2004-09-13 1450096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2006-08-05 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Archivos de programa\QuickTime\qttask.exe [2005-08-24 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-10-12 2000112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Google Updater.lnk]
C:\ARCHIV~1\Google\GOOGLE~2\GOOGLE~1.EXE -systray -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk]
C:\ARCHIV~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^uninstall.exe]
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\uninstall.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^VIA RAID TOOL.lnk]
C:\ARCHIV~1\VIA\RAID\RAID_T~1.EXE [2004-06-02 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^WinZip Quick Pick.lnk]
C:\ARCHIV~1\WinZip\WZQKPICK.EXE [2002-10-29 106560]

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
uninstall.exe
uninstall.exe.old

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-03 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"RunStartupScriptSync"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-12-14 23:29:58 ----D---- C:\rsit
2009-12-14 01:20:00 ----A---- C:\WINDOWS\System32\javaws.exe
2009-12-14 01:20:00 ----A---- C:\WINDOWS\System32\javaw.exe
2009-12-14 01:20:00 ----A---- C:\WINDOWS\System32\java.exe
2009-12-14 01:20:00 ----A---- C:\WINDOWS\System32\deploytk.dll
2009-12-12 22:12:16 ----D---- C:\Documents and Settings\pc\Datos de programa\WinRAR
2009-12-12 20:38:22 ----D---- C:\WINDOWS\ERUNT
2009-12-12 20:35:45 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-12 20:30:02 ----D---- C:\SDFix
2009-12-04 12:18:07 ----D---- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files
2009-11-29 09:12:25 ----D---- C:\Documents and Settings\All Users\Datos de programa\Agnitum
2009-11-29 09:12:25 ----D---- C:\Archivos de programa\Agnitum
2009-11-29 09:12:13 ----D---- C:\Config.Msi
2009-11-29 03:23:33 ----D---- C:\Documents and Settings\pc\Datos de programa\GlarySoft
2009-11-29 03:17:37 ----D---- C:\Archivos de programa\Glary Utilities
2009-11-28 21:46:57 ----A---- C:\WINDOWS\myClean.bat
2009-11-28 10:58:51 ----D---- C:\Archivos de programa\SpeedFan
2009-11-19 18:30:44 ----D---- C:\Documents and Settings\All Users\Datos de programa\Google

======List of files/folders modified in the last 1 months======

2009-12-14 23:25:54 ----D---- C:\Archivos de programa\Mozilla Firefox
2009-12-14 23:23:15 ----D---- C:\WINDOWS\system32
2009-12-14 23:23:15 ----AC---- C:\WINDOWS\System32\PerfStringBackup.INI
2009-12-14 23:20:38 ----D---- C:\WINDOWS\TEMP
2009-12-14 23:19:02 ----D---- C:\WINDOWS\Debug
2009-12-14 11:19:52 ----D---- C:\WINDOWS
2009-12-14 11:18:41 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-12-14 01:20:03 ----SHD---- C:\WINDOWS\Installer
2009-12-14 01:19:35 ----D---- C:\Archivos de programa\Java
2009-12-11 07:57:28 ----AC---- C:\WINDOWS\winamp.ini
2009-12-09 07:47:44 ----A---- C:\WINDOWS\demdata.txt
2009-12-06 09:13:04 ----AC---- C:\WINDOWS\BBW_INFO.INI
2009-12-06 05:47:02 ----D---- C:\Archivos de programa\Google
2009-12-06 05:42:44 ----D---- C:\WINDOWS\System32\CatRoot2
2009-12-06 05:27:04 ----SD---- C:\WINDOWS\Tasks
2009-12-06 04:51:03 ----SH---- C:\boot.ini
2009-12-06 04:51:03 ----AC---- C:\WINDOWS\win.ini
2009-12-06 04:51:03 ----AC---- C:\WINDOWS\system.ini
2009-12-06 04:40:31 ----D---- C:\WINDOWS\pss
2009-12-06 01:28:11 ----D---- C:\Archivos de programa\Malwarebytes' Anti-Malware
2009-12-06 01:28:09 ----D---- C:\WINDOWS\System32\drivers
2009-12-06 00:57:44 ----D---- C:\Archivos de programa\Unlocker
2009-12-06 00:57:01 ----D---- C:\Archivos de programa\Atari
2009-12-06 00:57:00 ----HD---- C:\Archivos de programa\InstallShield Installation Information
2009-12-06 00:56:50 ----D---- C:\Archivos de programa\Archivos comunes
2009-12-06 00:56:41 ----D---- C:\Documents and Settings\pc\Datos de programa\Atari
2009-12-06 00:52:52 ----D---- C:\Archivos de programa
2009-12-05 23:31:42 ----D---- C:\Archivos de programa\Spybot - Search & Destroy
2009-12-05 23:02:34 ----D---- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2009-12-05 21:34:21 ----D---- C:\Documents and Settings\pc\Datos de programa\ppstream
2009-12-04 12:15:03 ----D---- C:\WINDOWS\System32\CatRoot
2009-11-29 09:12:35 ----D---- C:\WINDOWS\System32\config
2009-11-29 09:12:30 ----D---- C:\WINDOWS\System32\wbem
2009-11-29 09:12:30 ----D---- C:\WINDOWS\Registration
2009-11-29 09:12:28 ----HD---- C:\WINDOWS\inf
2009-11-29 09:12:12 ----RSHDC---- C:\WINDOWS\System32\dllcache
2009-11-29 09:11:50 ----D---- C:\WINDOWS\System32\Restore
2009-11-29 07:07:31 ----D---- C:\WINDOWS\WinSxS
2009-11-29 03:29:47 ----D---- C:\WINDOWS\System32\Kaspersky Lab
2009-11-29 03:25:52 ----D---- C:\WINDOWS\Help
2009-11-29 03:23:35 ----D---- C:\Archivos de programa\RapidLeecher
2009-11-29 03:21:04 ----D---- C:\RealBand
2009-11-29 03:21:04 ----D---- C:\bb
2009-11-29 03:21:04 ----D---- C:\Archivos de programa\WinRAR
2009-11-29 03:21:04 ----D---- C:\Archivos de programa\Messenger
2009-11-29 03:21:04 ----D---- C:\Archivos de programa\BitComet
2009-11-28 20:10:56 ----D---- C:\Archivos de programa\DDD Pool
2009-11-24 19:09:38 ----D---- C:\Documents and Settings\All Users\Datos de programa\Adobe
2009-11-23 23:32:10 ----D---- C:\Archivos de programa\Archivos comunes\Adobe
2009-11-23 23:31:48 ----D---- C:\Archivos de programa\Adobe
2009-11-23 02:13:15 ----D---- C:\Documents and Settings\pc\Datos de programa\FFSJ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\System32\drivers\cdrbsdrv.sys [2007-07-09 33408]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-09-13 28672]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-08-25 58016]
R1 SASDIFSV;SASDIFSV; \??\C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.sys []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 irda;Protocolo IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2001-08-17 55296]
R2 RVIEG01;VSC Engine; \??\C:\Archivos de programa\Roland\Virtual Sound Canvas DXi\RVIEg01.sys []
R2 RVIEGVST;VSC VST Engine; \??\C:\Archivos de programa\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-03 768512]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2004-06-19 190336]
R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2004-07-28 1258432]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\System32\drivers\EntDrv51.sys []
R3 HDAudBus;Controlador de bus de Microsoft UAA para High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-03-17 135168]
R3 irsir;Controlador de infrarrojos serie de Microsoft; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-08-25 108256]
R3 Rasirda;Minipuerto WAN (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Controlador minipuerto de la controladora mejorada USB 2.0 de Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;Concentrador habilitado USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 usbuhci;Controlador minipuerto de la controladora de host universal USB de Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
R4 InCDfs;InCD File System; C:\WINDOWS\System32\drivers\InCDfs.sys [2004-09-13 93440]
S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\System32\DRIVERS\ATITool.sys [2006-11-10 24064]
S1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys []
S3 aopl7gtt;aopl7gtt; C:\WINDOWS\System32\drivers\aopl7gtt.sys []
S3 Arp1394;Protocolo de cliente ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-09-09 57344]
S3 catchme;catchme; \??\C:\DOCUME~1\pc\CONFIG~1\Temp\catchme.sys []
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\System32\Drivers\CO_Mon.sys []
S3 HdAudAddService;Controlador de funciones de Microsoft UAA para el servicio High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 NIC1394;Controlador de red 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-09-09 57984]
S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2006-11-26 39488]
S3 SASENUM;SASENUM; \??\C:\Archivos de programa\SUPERAntiSpyware\SASENUM.SYS []
S3 usbccgp;Controlador primario genérico USB de Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]
S3 usbprint;Clase de impresora USB de Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;Controlador de escáner USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-08-03 389120]
R2 InCDsrv;InCD Helper; C:\Archivos de programa\Ahead\InCD\InCDsrv.exe [2004-09-13 1192050]
R2 Irmon;Monitor de infrarrojos; C:\WINDOWS\System32\svchost.exe [2001-08-24 12800]
R2 JavaQuickStarterService;Java Quick Starter; C:\Archivos de programa\Java\jre6\bin\jqs.exe [2009-12-14 153376]
R2 McAfeeFramework;Servicio de registro de McAfee; C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
R2 McShield;Network Associates McShield; C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe [2004-08-25 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe [2004-08-25 28672]
R2 MDM;Machine Debug Manager; C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912]
S2 gupdate1c98713c4b29a9c;Google Update Service (gupdate1c98713c4b29a9c); C:\Archivos de programa\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
S2 xwovauhs;AGP Bus w766b Helper; C:\WINDOWS\System32\svchost.exe [2001-08-24 12800]
S3 {BEE686B9-4C84-4487-9D72-9F40F051E973};{BEE686B9-4C84-4487-9D72-9F40F051E973}; C:\WINDOWS\System32\svchost.exe [2001-08-24 12800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe [2006-08-05 69632]

-----------------EOF-----------------

#9 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 14 December 2009 - 05:46 PM

info.txt:

info.txt logfile of random's system information tool 1.06 2009-12-14 23:30:02

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42-->"C:\Archivos de programa\7-Zip\Uninstall.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware SE Personal-->C:\ARCHIV~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\ARCHIV~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2 - Espańol-->MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A92000000001}
ASCOM Platform 3.0-->C:\ARCHIV~1\ARCHIV~1\ASCOM\TELESC~1\UNWISE.EXE C:\ARCHIV~1\ARCHIV~1\ASCOM\TELESC~1\INSTALL.LOG
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AviSynth 2.5-->"C:\Archivos de programa\AviSynth 2.5\Uninstall.exe"
Band-in-a-Box 2009 (Build 279)-->"C:\bb\uninstall\unins000.exe"
BitComet 0.58-->C:\Archivos de programa\BitComet\uninst.exe
BitTornado 0.3.15-->C:\Archivos de programa\BitTornado\uninst.exe
BSPlayer-->"C:\Archivos de programa\Webteh\BSplayer\uninstall.exe"
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{42EDF895-158C-484E-A7F2-42B90759F281}\SETUP.EXE" -l0xa UNINST
CCleaner (remove only)-->"C:\Archivos de programa\CCleaner\uninst.exe"
CDisplay 1.8-->"C:\Archivos de programa\CDisplay\unins000.exe"
CloneDVD 3.9.3-->"C:\Archivos de programa\CloneDVD\unins000.exe"
CloneDVD2-->"C:\Archivos de programa\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Archivos de programa\Elaborate Bytes\CloneDVD2"
C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Compresor WinRAR-->C:\Archivos de programa\WinRAR\uninstall.exe
DC++ (remove only)-->"C:\Archivos de programa\DC++\uninstall.exe"
DivX Player-->C:\WINDOWS\unvise32.exe C:\Archivos de programa\DivX\DivX Player\uninstal.log
DriverCD-->C:\WINDOWS\IsUninst.exe -f"C:\Archivos de programa\GIGABYTE\DriverCD\Uninst.isu"
DVD Shrink 3.2-->"C:\Archivos de programa\DVD Shrink\unins000.exe"
eMule-->"C:\Archivos de programa\eMule\Uninstall.exe"
EPSON Attach To Email-->C:\Archivos de programa\Archivos comunes\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}\SETUP.EXE" -l0xa UNINST
EPSON File Manager-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{46CBBDF8-55B5-40DB-B459-7B848394309C}\Setup.exe" -l0xa UNINST
EPSON Scan Assistant-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0xa -u
EPSON Scan-->C:\Archivos de programa\epson\escndv\setup\setup.exe /r
EPSON Stylus SX200 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSEFE.EXE /R /APD /P:"EPSON Stylus SX200 Series"
EPSON Stylus SX200_SX400_TX200_TX400 Manual-->C:\Archivos de programa\EPSON\TPMANUAL\ES_SX_TX\ESP\USE_G\DOCUNINS.EXE
EPSON Web-To-Page-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0xa -anything
EVEREST Home Edition v2.20-->"C:\Archivos de programa\Lavalys\EVEREST Home Edition\unins000.exe"
Exact Audio Copy 0.95b4-->C:\Archivos de programa\Exact Audio Copy\uninst.exe
File Splitter and Joiner (FFSJ v3.2)-->"C:\WINDOWS\unins000.exe"
Finale 2009-->C:\Archivos de programa\Finale 2009\uninstallFinale.exe
FLAC Installer 1.1.2a (remove only)-->C:\Archivos de programa\FLAC\uninstall.exe
Glary Utilities 2.17.0.776-->"C:\Archivos de programa\Glary Utilities\unins000.exe"
Google Earth-->MsiExec.exe /X{9074AFC0-CFDA-11DE-B484-005056806466}
Grim Fandango de LucasArts-->C:\WINDOWS\unin040a.exe -f"C:\Archivos de programa\LucasArts\Grim\DeIsL1.isu"
GTA San Andreas-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0xa -removeonly
Guitar Power 1.5.0-->"C:\Archivos de programa\GuitarPower\unins000.exe"
Guitar Pro 5.0-->"C:\Archivos de programa\Guitar Pro 5\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe" /uninstall
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Iron Man-->MsiExec.exe /X{6E737AC4-C430-4698-8790-C7D55F7107A4}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Kit ADSL Router inalámbrico 11g-->C:\Archivos de programa\Telefonica\KitAIM\Uninstal.exe 9
Malwarebytes' Anti-Malware-->"C:\Archivos de programa\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office XP Professional con FrontPage-->MsiExec.exe /I{90280C0A-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.5)-->C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 6-->C:\Archivos de programa\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL
Peer2Mail (remove only)-->"C:\Archivos de programa\Peer2Mail\uninst.exe"
PG Music DirectX Plugins 2.0.0.0-->"C:\Archivos de programa\PowerTracks DirectX Plugins\unins000.exe"
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerDVD-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PSP Video 9 1.74-->C:\Archivos de programa\pspvideo9\uninst.exe
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Quiere Ser Millonario-->MsiExec.exe /I{64038AA1-43E0-4CFB-A6BB-9B3237E4853F}
Real Alternative 1.50-->"C:\Archivos de programa\Real Alternative\unins000.exe"
Remove DivX Pro Codec-->C:\WINDOWS\unvise32.exe C:\Archivos de programa\DivX\DivX Pro Codec\UninstalDivXProCodec.log
Revisión de Windows XP - KB823980-->C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe
Revisión de Windows XP - KB824146-->C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe
Revisión de Windows XP - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
SpeedFan (remove only)-->"C:\Archivos de programa\SpeedFan\uninstall.exe"
Spybot - Search & Destroy 1.4-->"C:\Archivos de programa\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Archivos de programa\Spybot - Search & Destroy\unins001.exe"
Starry Night Pro 5-->"C:\Archivos de programa\Starry Night Pro 5\Uninstall Starry Night Pro 5\Uninstall Starry Night Pro 5.exe"
Subtitle Workshop 2.51-->"C:\Archivos de programa\URUSoft\Subtitle Workshop\uninstall.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synacast Plug-in 1.1.0.7-->C:\Archivos de programa\Archivos comunes\Synacast\SynaLive\uninst.exe
THoTH 2.4 Freeware-->"C:\THoTH\unins000.exe"
Tiburón-->MsiExec.exe /X{E467A03B-C374-4EB8-A4AC-A3D9F807C6CF}
Ultimate Spider-Man ™-->C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CC35B08B-4EC1-4759-B159-0EC4E69C3E7C} /l2057
UltraISO Premium V8.61-->"C:\Archivos de programa\UltraISO\unins000.exe"
VIA Administrador de dispositivos de plataforma-->C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VideoLAN VLC media player 0.8.2-->C:\Archivos de programa\VideoLAN\VLC\uninstall.exe
Virtual Sound Canvas DXi-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{745877DC-8FFE-4E4C-ABBC-589B887A47D1}\setup.exe" UNINSTALL_XXX
Virtual Sound Canvas VST-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{DA22A6BB-10B5-4595-BD59-1AD4023C8536}\setup.exe" MAINTENANCE_XXX
Visual Pinball-->MsiExec.exe /I{419EE2A0-0E9B-4312-9689-4FD10738531E}
Winamp (remove only)-->"C:\Archivos de programa\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Archivos de programa\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinZip-->"C:\Archivos de programa\WinZip\WINZIP32.EXE" /uninstall
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O20 - AppInit_DLLs: index.dat [2007-10-15]
O20 - Winlogon Notify: pvnvyafc - C:\WINDOWS\SYSTEM32\astrayiconr.dll [2007-10-15]
O2 - BHO: (no name) - {5D4E4960-62AF-4E3A-AB84-1C4C44A71F40} - C:\WINDOWS\System32\cicd.dll [2007-10-15]
O2 - BHO: (no name) - {284AB5EC-EF5F-4FE0-86CA-42CF17E704C3} - c:\windows\system32\astrayiconr.dll [2007-10-15]
O21 - SSODL: IEFilter - {310AF74D-8FA1-4E72-9B7C-049530FC86A5} - (no file) [2007-10-15]
O23 - Service: Indexing Helps (Indexingbox) - Unknown owner - C:\WINDOWS\system\svchest.exe (file missing) [2007-10-15]
O23 - Service: Indexing Helper (Indexingboxs) - Unknown owner - c:\temp\svchost.exe (file missing) [2007-10-15]
O2 - BHO: (no name) - {284AB5EC-EF5F-4FE0-86CA-42CF17E704C3} - c:\windows\system32\astrayiconr.dll [2007-10-17]
O20 - Winlogon Notify: pvnvyafc - C:\WINDOWS\SYSTEM32\astrayiconr.dll [2007-10-17]
O2 - BHO: (no name) - {5D4E4960-62AF-4E3A-AB84-1C4C44A71F40} - C:\WINDOWS\System32\cicd.dll [2007-10-17]
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\pc\cftmon.exe [2008-04-30]
O4 - HKUS\S-1-5-21-682003330-484061587-2147183463-1003\..\Run: [autoload] C:\Documents and Settings\pc\cftmon.exe (User '?') [2008-04-30]
O23 - Service: Programador de tareas (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe [2008-04-30]
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe [2008-04-30]
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe [2008-04-30]
O15 - Trusted Zone: *.onerateld.com [2009-12-14]
O4 - Global Startup: uninstall.exe [2009-12-14]

======Hosts File======

127.0.0.1 localhost

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 15 December 2009 - 09:00 AM

I do not know why but the file was recreated.

O4 - Global Startup: uninstall.exe
O4 - Global Startup: uninstall.exe.old

===

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\uninstall.exe

Look at this page and see if you can disble this process.
http://www.configura...com/doc261.html

If disabling it does not correct your problem you can restore it back.

Keep me posted as I do not see any suspicious processes other than this one.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#11 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 16 December 2009 - 03:47 AM

Hi.

I can't disable uninstall.exe using msconfig. This file is recreated all the time.

#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 16 December 2009 - 09:19 AM

Can you look at the properties of the file and find out what the supplier's name?

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\uninstall.exe
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#13 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 17 December 2009 - 06:20 AM

I haven't found the supplier's name. There isn't any name or any info.

#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 17 December 2009 - 09:16 AM

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\uninstall.exe

Please submit the file in bold to the following link for a scan, then post the results in your next message for me to see.
http://virusscan.jotti.org/
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#15 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 17 December 2009 - 02:57 PM

Hi.

It appears this message:

Status: File is empty (0 bytes)!

#16 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 17 December 2009 - 07:19 PM

Download ComboFix from:

http://download.blee....a/KittyFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply with a fresh HijackThis log.

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingc...opic114351.html

Do not mouse click combofix's window while it's running. That may cause it to stall
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#17 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 18 December 2009 - 04:46 AM

Hi.

Sorry, I didn't save ComboFix.exe to my Desktop.... :( I save it to Mis Documentos\Descargas... :(

I cannot find C:\ComboFix.txt

I have this file: C:\ComboFix2.txt, but it's outdated (2007)

I also have these new folders:

Qoobox: this folder contains another outdated ComboFix2.txt file (2008)

32788R22FWJFW

These old files have been modified: cmldr, csb.log and boot.bak (these files are in C:\)

I also have a new icon in c:\. It's the same icon used by My Pc, but it's named KittyFix

Why is it named KittyFix.exe? I thought it was named ComboFix.exe.

Edited by queno, 18 December 2009 - 05:00 AM.


#18 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 18 December 2009 - 08:34 AM

I also have a new icon in c:\. It's the same icon used by My Pc, but it's named KittyFix

ComboFix has been renamed KittyFix temporary.

What I suggest is that your Uninstall your current version.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

This may not remove the previous old version. If you do have any references to ComboFix dated in 2007 delete them.

Download the ComboFix as I have suggested in my previous post.
Makes sure you place in on your Desktop and run it.

Post the logs.

All I ask of you is that you follow my recommendations.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#19 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 19 December 2009 - 03:52 AM

Hi.

I have uninstalled ComboFix. I have placed the new one on my Desktop and when running it, a blue screen appeared with the following text and nothing happened (the hard drive wasn't running):

Scanning for infected files...
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double

I waited for 5 hours with that text on the screen.
I didn't mouse click ComboFix's window.

Edited by queno, 19 December 2009 - 04:01 AM.


#20 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 19 December 2009 - 09:04 AM

We may not be able to clean your computer completely.
I would start by backing up my data files in case we have to resort format the hard disk.

Let me see the results of this scan.

Please download RootKitRevealer from here:
http://download.sysi...kitRevealer.zip
Unzip it to the desktop, run it, and click Scan. This will generate a log file; please post the entire contents of the log file here for me to see.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#21 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 19 December 2009 - 03:25 PM

Hi.

RootKitRevealerm log file:

HKU\.DEFAULT\Control Panel\International 01/05/2008 12:30 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\International\Geo 01/05/2008 12:30 0 bytes Security mismatch.
HKU\S-1-5-21-682003330-484061587-2147183463-1003\Console 19/12/2009 7:57 0 bytes Security mismatch.
HKU\S-1-5-21-682003330-484061587-2147183463-1003\console_combofixbackup 19/12/2009 7:57 0 bytes Security mismatch.
HKU\S-1-5-21-682003330-484061587-2147183463-1003\Control Panel\International 01/05/2008 12:30 0 bytes Security mismatch.
HKU\S-1-5-21-682003330-484061587-2147183463-1003\Control Panel\International\Geo 01/05/2008 12:30 0 bytes Security mismatch.
HKU\S-1-5-21-682003330-484061587-2147183463-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 03/11/2007 16:32 0 bytes Key name contains embedded nulls (*)
HKU\S-1-5-21-682003330-484061587-2147183463-1003\Software\Zepter Software\RegLib*e4257279 26/11/2006 21:12 0 bytes Key name contains embedded nulls (*)
HKU\S-1-5-18\Control Panel\International 01/05/2008 12:30 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International\Geo 01/05/2008 12:30 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 08/04/2005 11:47 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 08/04/2005 11:47 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\dwFilesScanned 19/12/2009 20:21 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\szLastScanned 19/12/2009 20:21 110 bytes Windows API length not consistent with raw hive data.

#22 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 19 December 2009 - 04:17 PM

Please download GMER from http://www2.gmer.net/tmp/gmer.exe

Close any open programs/windows!

Open the program and click on the Rootkit/Malware tab.

Make sure all the boxes on the right of the screen are checked, apart from 'Show All'.
Posted Image

Click on Scan (1).
Posted Image

When the scan has run click Copy (2) and paste the results (if any) into this thread.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#23 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 19 December 2009 - 07:06 PM

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-20 00:59:38
Windows 5.1.2600 Service Pack 1
Running: gmer.exe; Driver: C:\DOCUME~1\pc\CONFIG~1\Temp\uwxdipob.sys


---- System - GMER 1.0.15 ----

SSDT 865C7109 ZwCreateThread

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA96E4400, 0x82482, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA9784420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA9784420]
.protect˙˙˙˙hardlockunknown last code section [0xA9784200, 0x5105, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA9784200, 0x5105, 0xE0000020]
pnidata C:\WINDOWS\System32\DRIVERS\secdrv.sys unknown last section [0xA93EEF00, 0x24000, 0x48000000]
? C:\WINDOWS\System32\Drivers\RKREVEAL150.SYS El sistema no puede hallar el archivo especificado. !

---- User code sections - GMER 1.0.15 ----

.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] MSVCRT.DLL!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] MSVCRT.DLL!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] MSVCRT.DLL!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] MSVCRT.DLL!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[440] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] MSVCRT.DLL!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] MSVCRT.DLL!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] MSVCRT.DLL!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] MSVCRT.DLL!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe[744] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1264] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1596] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32&#

#24 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 19 December 2009 - 08:28 PM

Is your hardlock program stopping the execution of ComboFix?

I'm not familiar with the program, hat does it do?
Can it be disable temporarily while you run the ComboFix?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#25 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 19 December 2009 - 09:06 PM

What's a hardlock program?

The supplier is Aladdin Knowledge Systems. I don't know why I have these files on my computer.

These drivers are in a folder named aladdin (C:\WINDOWS\system32\Setup). I think they were installed on my computer with Canopus Procoder (it's a video encoding and transcoding software). I can uninstall it.

Edited by queno, 19 December 2009 - 09:29 PM.


#26 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 20 December 2009 - 09:10 AM

Is there an uninstall function under the Add/Remove Programs list?

If you do make a system restore.

Remove the application with the Add/Remove programs.

Restart the computer normally.
If this is really required you will be able to restore it.


Can you now run the ComboFfix?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#27 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 20 December 2009 - 03:21 PM

There isn't any uninstall function.

#28 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 20 December 2009 - 04:15 PM

Run HijackThis and click on Open the Misc Tools section.
In the next window, click on Open Uninstall Manager...
In the final window, click on Save list... and save it to your Desktop.
Copy and paste this file: uninstall_list.txt into your next reply.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#29 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 20 December 2009 - 04:30 PM

7-Zip 4.42
ABBYY FineReader 6.0 Sprint
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 9.2 - Espańol
ASCOM Platform 3.0
ATI Display Driver
AviSynth 2.5
Band-in-a-Box 2009 (Build 279)
BitComet 0.58
BitTornado 0.3.15
BSPlayer
Camera RAW Plug-In for EPSON Creativity Suite
CCleaner (remove only)
CDisplay 1.8
CloneDVD 3.9.3
CloneDVD2
C-Media High Definition Audio Driver
Compresor WinRAR
DC++ (remove only)
DivX Player
DriverCD
DVD Shrink 3.2
eMule
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
EPSON Stylus SX200 Series Printer Uninstall
EPSON Stylus SX200_SX400_TX200_TX400 Manual
EPSON Web-To-Page
EVEREST Home Edition v2.20
Exact Audio Copy 0.95b4
File Splitter and Joiner (FFSJ v3.2)
Finale 2009
FLAC Installer 1.1.2a (remove only)
Glary Utilities 2.17.0.776
Google Earth
Grim Fandango de LucasArts
GTA San Andreas
Guitar Power 1.5.0
Guitar Pro 5.0
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
InCD
Iron Man
Java™ 6 Update 17
Kit ADSL Router inalámbrico 11g
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Office XP Professional con FrontPage
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.6)
MSXML4 Parser
Nero 6
Nero Media Player
Peer2Mail (remove only)
PG Music DirectX Plugins 2.0.0.0
Power Tab Editor 1.7
PowerDVD
PSP Video 9 1.74
QuickTime
Quiere Ser Millonario
Real Alternative 1.50
Remove DivX Pro Codec
Revisión de Windows XP - KB823980
Revisión de Windows XP - KB824146
Revisión de Windows XP - KB835732
SpeedFan (remove only)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Starry Night Pro 5
Subtitle Workshop 2.51
SUPERAntiSpyware Free Edition
Synacast Plug-in 1.1.0.7
THoTH 2.4 Freeware
Tiburón
Ultimate Spider-Man ™
UltraISO Premium V8.61
VIA Administrador de dispositivos de plataforma
VideoLAN VLC media player 0.8.2
Virtual Sound Canvas DXi
Virtual Sound Canvas VST
Visual Pinball
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
WinZip
Xbox 360 Controller for Windows

#30 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 21 December 2009 - 08:34 AM

Nothing suspicious was found.

Do you have two copies of Search & destroy on your computer. I suggest your remove them and install the latest version.
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4


http://www.safer-net...load/index.html
====

Update your XP Service pack to 3.
http://www.microsoft...p3/default.mspx
===

Update your Internet Explorer.
Windows Internet Explorer 7 for Windows XP
http://www.microsoft...&displaylang=en
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#31 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 22 December 2009 - 02:26 AM

Thanks for your help!

My Pc still have problems so I'm going to format my computer, back up my files and install Windows XP SP3. But I have some questions:

1) Did I have viruses, trojans, rootkits,...? Is my computer clean now?

2) Is it safe to back up my files (music, movies and documents, not .exe files) to an external hard drive? Could these files be infected?

3) Why doesn't run ComboFix?

#32 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 22 December 2009 - 10:16 AM

I did not see any trace of malware.

It will be safe I think to backup your files as you suggest.

Before you do there is a new version of ComboFix. Remove the current one and download a fresh copy. See if you can run it.
It should not take more than 30 minutes to complete it's scan.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply with a fresh HijackThis log.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingc...opic114351.html

Do not mouse click combofix's window while it's running. That may cause it to stall
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#33 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 22 December 2009 - 01:34 PM

I can't run it.

#34 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 22 December 2009 - 04:34 PM

Delete the current version.

Download ComboFix from any of the links below but rename it to <insert name here> before saving it to your desktop. <- Important.

Link 1
Link 2

==================================

Double click on the renamed ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#35 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 23 December 2009 - 05:46 AM

Hi.

Combofix stops running when this message appears:

Scanning for infected files...
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double

#36 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 23 December 2009 - 09:58 AM

Are you running it from your desktop and are all the protection programs disable?

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingc...opic114351.html
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#37 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 24 December 2009 - 05:29 AM

Yes, I'm running it from my desktop and VirusScan (McAfee) is disabled.

Edited by queno, 24 December 2009 - 05:30 AM.


#38 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 24 December 2009 - 08:45 AM

Try this.

  • Press the windows key + R to open a run box
  • Copy/paste this command (with quotation marks) "%userprofile%/Desktop/ComboFix.exe" /killall into the run box
  • Press OK to start ComboFix
  • When finished, it will produce a report for you.**
  • Please post the "C:\ComboFix.txt" for further review.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#39 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 25 December 2009 - 01:07 PM

Combofix doesn't run. It appears the blue screen but there isn't any message.

#40 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 25 December 2009 - 01:38 PM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr
rkill.pif

When executed run..... ComboFix....
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#41 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 25 December 2009 - 03:00 PM

It doesn't run.

#42 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 26 December 2009 - 07:28 AM

What does not run the Rkill program or ComboFix?

Do you have the XP installation disk?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#43 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 26 December 2009 - 12:44 PM

ComboFix doesn't run.

Yes, I have it.

#44 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 26 December 2009 - 02:35 PM

Good. Run this tool and will take if from here.

Please download GMER from http://www2.gmer.net/tmp/gmer.exe

Close any open programs/windows!

Open the program and click on the Rootkit/Malware tab.

Make sure all the boxes on the right of the screen are checked, apart from 'Show All'.
Posted Image

Click on Scan (1).
Posted Image

When the scan has run click Copy (2) and paste the results (if any) into this thread.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#45 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 26 December 2009 - 06:37 PM

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-27 00:34:50
Windows 5.1.2600 Service Pack 1
Running: gmer.exe; Driver: C:\DOCUME~1\pc\CONFIG~1\Temp\uwxdipob.sys


---- System - GMER 1.0.15 ----

SSDT 865F2109 ZwCreateThread

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA93AF400, 0x82482, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA944F420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA944F420]
.protect˙˙˙˙hardlockunknown last code section [0xA944F200, 0x5105, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA944F200, 0x5105, 0xE0000020]
pnidata C:\WINDOWS\System32\DRIVERS\secdrv.sys unknown last section [0xA90B9F00, 0x24000, 0x48000000]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[256] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[500] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1016] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1028] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] MSVCRT.DLL!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] MSVCRT.DLL!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] MSVCRT.DLL!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] MSVCRT.DLL!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Messenger\msmsgs.exe[1296] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!WinExec 77E4FD35 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!CreatePipe 77E59E09 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!ReadFile 77E5AB4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!GetProcAddress 77E5B332 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!LoadLibraryA 77E5D961 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!WriteFile 77E5F13A 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] kernel32.dll!PeekNamedPipe 77E92F4E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] ADVAPI32.dll!RegOpenKeyA 77DA23D9 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] MSVCRT.DLL!system 77BF8044 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] MSVCRT.DLL!_creat 77BFBE68 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] MSVCRT.DLL!_read 77BFE371 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] MSVCRT.DLL!_write 77BFEB14 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] WS2_32.dll!select 71A31890 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] WS2_32.dll!send 71A31AF4 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] WS2_32.dll!socket 71A33C22 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] WS2_32.dll!bind 71A33ECE 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] WS2_32.dll!recv 71A35690 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] WININET.dll!InternetReadFile 761BFA3C 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] WININET.dll!InternetOpenA 761C017D 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe[1324] WININET.dll!InternetOpenUrlA 761C1DEF 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!VirtualProtect 77E4169E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!GetStartupInfoA 77E4177E 5 Bytes CALL 37001160 C:\WINDOWS\System32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchos

#46 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 27 December 2009 - 09:22 AM

No rootkit found.

When you try to run ComboFix do you get an error message.

Please post it.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#47 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 27 December 2009 - 01:39 PM

I don't get an error message. It appears the next message and ComboFix stops working:

Scanning for infected files...
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double

#48 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 27 December 2009 - 04:56 PM

Open notepad and copy/paste the text in the quote box below into it:

FCOPY::
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys | C:\IaStor.sys


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

Restart the computer normally.
===

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Copy all the text in Bold contained in the code box below (including the first line, which is a command to the tool Files to move: to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\IaStor.sys | C:\windows\System32\drivers\IaStor.sys



-- Now, DoubleClick avenger.exe on your desktop to run it
-- Read the Warning Prompt and press OK
-- Paste the script you just copied into the textbox, using Ctrl+V or RightClick > Paste
-- Press Execute
-- Answer YES to the confirmation prompts and allow your computer to reboot.
In some cases, The Avenger will reboot your machine a second time. No worries.
-- After reboot, The Avenger should open a log - please post that for me and let me know if that had any affect on the problem.

Restart the computer again.

Submit a fresh HijackThis log.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#49 queno

queno

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 27 December 2009 - 05:30 PM

ComboFix stopped working when this message appeared:

Scanning for infected files...
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\IaStor.sys" not found!
File move operation "C:\IaStor.sys|C:\windows\System32\drivers\IaStor.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

HijackThis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:57, on 27/12/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Google\Update\GoogleUpdate.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe
C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe
C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE
C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = microweb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S6D.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-21-682003330-484061587-2147183463-1003\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-682003330-484061587-2147183463-1003\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S6D.tmp" /EF "HKCU" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: uninstall.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{6141C6A4-C488-4BFB-89DB-EE4A062B2C88}: NameServer = 80.58.61.250,80.58.61.254
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1c98713c4b29a9c) (gupdate1c98713c4b29a9c) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe

--
End of file - 5704 bytes

Edited by queno, 27 December 2009 - 05:33 PM.


#50 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 28 December 2009 - 09:41 AM

Boot to safe mode.

  • Restart your computer in Safe Mode, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you see the Boot Menu.
  • When the Windows Advanced Options menu appears, select an option, and then press ENTER.
  • When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.

Just try to run the ComboFix while in safe mode.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button