0

Hello!

My internet connection is gone and I dont know why! Can you help me ? since 4 days ago my antivirus(kaspersky) has been detecting some threats, I did the online scan and after booting, the connection was gone.
Here is my log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:28:27, on 25/07/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARCHIV~1\ESRI\License\arcgis9x\lmgrd.exe

C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Archivos de programa\Bonjour\mDNSResponder.exe

C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\ARCHIV~1\ESRI\License\arcgis9x\ARCGIS.EXE

C:\Archivos de programa\Java\jre6\bin\jqs.exe

C:\ARCHIV~1\MICROS~2\MSSQL\binn\sqlservr.exe

C:\Archivos de programa\Microsoft Analysis Services\Bin\msmdsrv.exe

C:\Archivos de programa\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe

C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Archivos de programa\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe

C:\Archivos de programa\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe

C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe

C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Archivos de programa\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Archivos de programa\Protector Suite QL\psqltray.exe

C:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cmd.exe

C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/WebSiteSMS/Service.asmx

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PSQLLauncher] "C:\Archivos de programa\Protector Suite QL\launcher.exe" /startup

O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [IntelWireless] "C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Administrador de servicios.lnk = C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: Add to Anti-Banner - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226872996453

O17 - HKLM\System\CCS\Services\Tcpip\..\{08298320-A95F-4E73-9F5D-7F91783FEAA7}: NameServer = 200.58.160.25,200.58.161.25

O17 - HKLM\System\CCS\Services\Tcpip\..\{356D85C1-4B7E-40DF-A28D-12386637D080}: NameServer = 200.58.160.25,200.58.161.25

O17 - HKLM\System\CS1\Services\Tcpip\..\{08298320-A95F-4E73-9F5D-7F91783FEAA7}: NameServer = 200.58.160.25,200.58.161.25

O20 - AppInit_DLLs: C:\ARCHIV~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: ArcGIS License Manager - Unknown owner - C:\ARCHIV~1\ESRI\License\arcgis9x\lmgrd.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe

O23 - Service: MySQL - Unknown owner - C:\Archivos.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Archivos de programa\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe

O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Archivos de programa\Apache Software Foundation\Tomcat 6.0.18\bin\tomcat6.exe

O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 8627 bytes


Thanks

4
Contributors
33
Replies
34
Views
8 Years
Discussion Span
Last Post by crunchie
0

Thanks crunchie for your answer!

Here is my log again, I hope I do it right this time:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:34, on 26/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Protector Suite QL\psqltray.exe
C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\ARCHIV~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\ARCHIV~1\ESRI\License\arcgis9x\ARCGIS.EXE
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\ARCHIV~1\MICROS~2\MSSQL\binn\sqlservr.exe
C:\Archivos de programa\Microsoft Analysis Services\Bin\msmdsrv.exe
C:\Archivos de programa\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Archivos de programa\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://localhost/WebSiteSMS/Service.asmx[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Archivos de programa\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Administrador de servicios.lnk = C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226872996453[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{08298320-A95F-4E73-9F5D-7F91783FEAA7}: NameServer = 200.58.160.25,200.58.161.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{356D85C1-4B7E-40DF-A28D-12386637D080}: NameServer = 200.58.160.25,200.58.161.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{08298320-A95F-4E73-9F5D-7F91783FEAA7}: NameServer = 200.58.160.25,200.58.161.25
O20 - AppInit_DLLs: C:\ARCHIV~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ArcGIS License Manager - Unknown owner - C:\ARCHIV~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - C:\Archivos.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Archivos de programa\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Archivos de programa\Apache Software Foundation\Tomcat 6.0.18\bin\tomcat6.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8519 bytes
0

I also ran Winsockfix and everything is the same.
The first time I open firefox, it loads only some text from the first page, and then it waits and waits and nothing happens

0

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

Hello,

here is my CF log:

ComboFix 09-07-25.08 - Gustavo 26/07/2009 19:30.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.34.3082.18.3582.3029 [GMT -4:00]
Running from: d:\downloads\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\archivos de programa\Internet Explorer\IEXPLORER.EXE
C:\autorun.inf
c:\windows\install.exe
c:\windows\system32\Cache
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2009-06-26 to 2009-07-26  )))))))))))))))))))))))))))))))
.

2009-07-26 18:49 . 2009-07-26 18:49	--------	d-----w-	c:\documents and settings\Gustavo\Datos de programa\Malwarebytes
2009-07-26 18:49 . 2009-07-13 17:36	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 18:49 . 2009-07-26 18:49	--------	d-----w-	c:\documents and settings\All Users\Datos de programa\Malwarebytes
2009-07-26 18:49 . 2009-07-13 17:36	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-07-26 18:49 . 2009-07-26 18:49	--------	d-----w-	c:\archivos de programa\Malwarebytes' Anti-Malware
2009-07-26 15:58 . 2009-07-26 15:58	--------	d-----w-	C:\backup
2009-07-26 15:58 . 2009-07-26 15:58	--------	d-----w-	C:\ERDNT
2009-07-21 20:16 . 2009-07-22 18:36	1218776	--sh--w-	C:\Sys.exe
2009-07-21 03:58 . 2007-12-26 21:30	679936	----a-w-	c:\windows\system32\D3DX81ab.dll
2009-07-21 03:58 . 2007-12-26 21:30	1970176	----a-w-	c:\windows\system32\d3dx9.dll
2009-07-13 23:35 . 1998-01-09 17:27	253952	----a-w-	c:\windows\UN16040A.EXE
2009-07-09 13:55 . 2009-07-09 13:55	--------	d-----w-	C:\Student
2009-07-09 01:25 . 2009-07-09 01:25	--------	d-----w-	c:\documents and settings\Gustavo\.idlerc
2009-07-08 16:29 . 2005-03-30 13:14	1867776	----a-w-	c:\windows\system32\python24.dll
2009-07-08 16:28 . 2009-07-13 16:25	--------	d-----w-	c:\documents and settings\Gustavo\Datos de programa\ESRI
2009-07-08 16:22 . 2009-07-08 16:22	--------	d-----w-	c:\documents and settings\All Users\Datos de programa\ESRI
2009-07-08 16:21 . 2009-07-08 16:22	--------	d-----w-	c:\archivos de programa\Archivos comunes\ESRI
2009-07-08 16:20 . 2009-07-08 16:20	--------	d-----w-	c:\archivos de programa\Leica Geosystems
2009-07-08 16:19 . 2009-07-08 16:19	--------	d-----w-	c:\archivos de programa\Archivos comunes\AnswerWorks 4.0
2009-07-08 16:18 . 2009-07-08 16:29	--------	d-----w-	C:\Python24
2009-07-08 16:18 . 2009-07-08 16:21	--------	d-----w-	c:\archivos de programa\ArcGIS
2009-07-08 16:14 . 2009-07-26 23:36	--------	d-----w-	C:\flexlm
2009-07-08 16:10 . 2009-07-08 16:10	--------	d-----w-	c:\archivos de programa\Rainbow Technologies
2009-07-08 16:09 . 2009-07-08 16:09	--------	d-----w-	c:\archivos de programa\ESRI
2009-07-07 19:31 . 2009-07-07 19:31	--------	d--h--w-	c:\windows\PIF
2009-07-07 18:53 . 2009-07-07 18:53	--------	d-----w-	c:\archivos de programa\SQL Maestro Group
2009-07-07 18:53 . 2009-07-07 18:53	--------	d-----w-	c:\archivos de programa\Archivos comunes\SQL Maestro Group
2009-07-02 17:58 . 2009-07-02 18:16	--------	d-----w-	c:\documents and settings\Gustavo\.ireport
2009-07-02 17:58 . 2009-07-02 17:58	--------	d-----w-	c:\documents and settings\Gustavo\flexdock
2009-07-02 17:57 . 2009-07-02 17:57	--------	d-----w-	c:\archivos de programa\JasperSoft
2009-06-30 13:30 . 2009-06-30 13:30	--------	d-----w-	C:\vbroker
2009-06-30 13:27 . 2009-06-30 13:27	--------	d-----w-	C:\Inprise
2009-06-30 13:24 . 2009-06-30 13:24	--------	d-----w-	c:\archivos de programa\Borland
2009-06-29 20:57 . 2009-06-30 01:06	--------	d-----w-	C:\orb.db

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 23:40 . 2008-11-15 01:48	18602784	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-07-26 23:36 . 2008-11-15 01:48	1376032	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
2009-07-26 23:36 . 2008-11-15 01:48	256340	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-07-26 23:36 . 2008-11-15 01:48	133160	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2009-07-26 23:27 . 2008-11-15 01:48	--------	d-----w-	c:\documents and settings\All Users\Datos de programa\Kaspersky Lab
2009-07-25 17:08 . 2002-09-10 12:00	661006	----a-w-	c:\windows\system32\perfh00A.dat
2009-07-25 17:08 . 2002-09-10 12:00	156396	----a-w-	c:\windows\system32\perfc00A.dat
2009-07-25 12:36 . 2008-12-14 18:49	--------	d-----w-	c:\documents and settings\Gustavo\Datos de programa\uTorrent
2009-07-22 03:01 . 2008-11-18 17:52	--------	d-----w-	c:\documents and settings\Gustavo\Datos de programa\U3
2009-07-14 01:31 . 2008-11-14 23:05	42429	----a-w-	c:\windows\system32\nvModes.dat
2009-07-07 18:52 . 2009-05-17 17:16	--------	d-----w-	c:\documents and settings\Gustavo\Datos de programa\MySQL
2009-07-03 19:43 . 2008-12-14 16:46	--------	d-----w-	c:\archivos de programa\Acronis Disk Director Suite 10 build 2160
2009-07-03 19:42 . 2009-05-17 21:28	--------	d-----w-	c:\archivos de programa\Microsoft ActiveSync
2009-06-30 13:26 . 2008-11-21 03:28	--------	d-----w-	c:\archivos de programa\Archivos comunes\Borland Shared
2009-06-22 05:12 . 2008-11-14 23:26	--------	d--h--w-	c:\archivos de programa\InstallShield Installation Information
2009-06-19 03:59 . 2009-06-19 03:59	1878984	----a-w-	c:\documents and settings\Gustavo\Datos de programa\Macromedia\Flash Player\[url]www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe[/url]
2009-06-18 16:15 . 2009-06-18 16:15	--------	d-----w-	c:\documents and settings\All Users\Datos de programa\FLEXnet
2009-06-18 16:07 . 2009-06-18 16:07	--------	d-----w-	c:\archivos de programa\Bonjour
2009-06-18 16:07 . 2008-11-16 19:43	--------	d-----w-	c:\archivos de programa\Archivos comunes\Adobe
2009-06-18 15:59 . 2009-06-18 15:59	--------	d-----w-	c:\archivos de programa\Archivos comunes\Macrovision Shared
2009-06-18 02:12 . 2009-05-14 15:27	--------	d-----w-	c:\archivos de programa\GameSpy Arcade
2009-06-17 17:13 . 2009-06-17 17:13	--------	d-----w-	c:\archivos de programa\Conduit
2009-06-17 16:13 . 2009-06-17 16:13	--------	d-----w-	c:\archivos de programa\Macromedia
2009-06-17 16:13 . 2009-06-17 16:13	--------	d-----w-	c:\archivos de programa\Archivos comunes\Macromedia
2009-06-17 16:12 . 2008-11-14 23:04	--------	d-----w-	c:\archivos de programa\Archivos comunes\InstallShield
2009-06-14 16:23 . 2009-06-14 16:23	--------	d--h--w-	c:\documents and settings\All Users\Datos de programa\CanonBJ
2009-06-02 18:58 . 2009-05-07 23:14	--------	d-----w-	c:\archivos de programa\NetBeans 6.5
2009-06-02 18:41 . 2009-05-07 23:17	--------	d-----w-	c:\archivos de programa\Apache Software Foundation
2009-05-20 17:47 . 2008-11-15 01:49	94643	----a-w-	c:\windows\system32\drivers\klick.dat
2009-05-20 17:47 . 2008-11-15 01:49	105395	----a-w-	c:\windows\system32\drivers\klin.dat
2009-05-19 15:31 . 2009-06-17 17:12	51200	----a-w-	c:\documents and settings\Gustavo\Datos de programa\Mozilla\Firefox\Profiles\837ymwuy.default\extensions\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}\components\FFExternalAlert.dll
2009-05-19 15:31 . 2009-06-17 17:12	114688	----a-w-	c:\documents and settings\Gustavo\Datos de programa\Mozilla\Firefox\Profiles\837ymwuy.default\extensions\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}\components\npmozax.dll
2009-05-10 13:46 . 2009-05-10 13:47	410984	----a-w-	c:\windows\system32\deploytk.dll
2009-05-10 13:46 . 2009-05-10 13:46	152576	----a-w-	c:\documents and settings\Gustavo\Datos de programa\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-07 15:30 . 2009-05-07 15:01	1693344	----a-w-	c:\documents and settings\All Users\Datos de programa\Microsoft\VisualStudio\9.0\3082\ResourceCache.dll
2009-05-07 15:01 . 2009-05-07 15:01	18560	----a-w-	c:\documents and settings\All Users\Datos de programa\Microsoft\VSA\9.0\3082\ResourceCache.dll
2009-05-07 14:40 . 2009-05-07 14:40	416	----a-w-	c:\documents and settings\All Users\Datos de programa\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-05-07 13:29 . 2008-11-16 21:11	194320	----a-w-	c:\documents and settings\All Users\Datos de programa\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\klif.sys
2008-05-29 20:59 . 2008-11-15 01:48	134144	----a-w-	c:\archivos de programa\mozilla firefox\components\brwsrcmp.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 23:59	2953216	----a-w-	c:\archivos de programa\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 23:59	2953216	----a-w-	c:\archivos de programa\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"SynTPEnh"="c:\archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"PSQLLauncher"="c:\archivos de programa\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"SigmatelSysTrayApp"="c:\archivos de programa\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-05-10 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-11-17 1626112]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-11-17 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Administrador de servicios.lnk - c:\archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-11-26 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 23:46	90112	----a-w-	c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\Ares\\Ares.exe"=
"c:\\Archivos de programa\\Java\\jre1.6.0_05\\bin\\java.exe"=
"c:\\Archivos de programa\\Java\\jdk1.6.0_05\\bin\\java.exe"=
"c:\\Archivos de programa\\Java\\jdk1.6.0_05\\jre\\bin\\java.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=

R2 ArcGIS License Manager;ArcGIS License Manager;c:\archiv~1\ESRI\License\arcgis9x\lmgrd.exe [08/07/2009 12:09 467968]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [04/04/2007 14:58 24344]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [03/10/2008 19:51 37296]
S3 Tomcat6;Apache Tomcat;c:\archivos de programa\Apache Software Foundation\Tomcat 6.0.18\bin\tomcat6.exe [21/07/2008 20:01 57344]

--- Other Services/Drivers In Memory ---

*Deregistered* - project
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://localhost/WebSiteSMS/Service.asmx
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {08298320-A95F-4E73-9F5D-7F91783FEAA7} = 200.58.160.25,200.58.161.25
FF - ProfilePath - c:\documents and settings\Gustavo\Datos de programa\Mozilla\Firefox\Profiles\837ymwuy.default\
FF - component: c:\documents and settings\Gustavo\Datos de programa\Mozilla\Firefox\Profiles\837ymwuy.default\extensions\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}\components\FFExternalAlert.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2009-07-26 19:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\archivos de programa\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\archivos de programa\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1524)
c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
c:\windows\system32\psqlpwd.dll
c:\archivos de programa\Protector Suite QL\homefus2.dll
c:\archivos de programa\Protector Suite QL\infra.dll
c:\archivos de programa\Protector Suite QL\homepass.dll
c:\archivos de programa\Protector Suite QL\bio.dll
c:\archivos de programa\Protector Suite QL\remote.dll
c:\archivos de programa\Protector Suite QL\crypto.dll

- - - - - - - > 'lsass.exe'(1580)
c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\windows\system32\psqlpwd.dll
c:\archivos de programa\Protector Suite QL\homefus2.dll
c:\archivos de programa\Protector Suite QL\infra.dll
c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

- - - - - - - > 'explorer.exe'(3596)
c:\archivos de programa\Protector Suite QL\farchns.dll
c:\archivos de programa\Protector Suite QL\infra.dll
c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\archivos de programa\Bonjour\mDNSResponder.exe
c:\archivos de programa\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archiv~1\ESRI\License\arcgis9x\ARCGIS.EXE
c:\archivos de programa\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\archivos de programa\Microsoft Analysis Services\Bin\msmdsrv.exe
c:\archivos de programa\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\windows\system32\nvsvc32.exe
c:\archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
c:\archivos de programa\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\archivos de programa\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\archivos de programa\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\archivos de programa\Protector Suite QL\psqltray.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2009-07-26 19:43 - machine was rebooted
ComboFix-quarantined-files.txt  2009-07-26 23:43

Pre-Run: 18.808.295.424 bytes libres
Post-Run: 19.212.722.176 bytes libres

236	--- E O F ---	2008-12-13 04:22

And here is my HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:36, on 26/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\ARCHIV~1\ESRI\License\arcgis9x\ARCGIS.EXE
C:\Archivos de programa\Microsoft Analysis Services\Bin\msmdsrv.exe
C:\Archivos de programa\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Archivos de programa\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Archivos de programa\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://localhost/WebSiteSMS/Service.asmx[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Archivos de programa\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Administrador de servicios.lnk = C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226872996453[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{08298320-A95F-4E73-9F5D-7F91783FEAA7}: NameServer = 200.58.160.25,200.58.161.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{08298320-A95F-4E73-9F5D-7F91783FEAA7}: NameServer = 200.58.160.25,200.58.161.25
O23 - Service: ArcGIS License Manager - Unknown owner - C:\ARCHIV~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - C:\Archivos.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Archivos de programa\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Archivos de programa\Apache Software Foundation\Tomcat 6.0.18\bin\tomcat6.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8132 bytes
0

I was waiting for your instructions, I'll test it right now..

Thanks

0

I still have the same problem: the first time loads only some text and nothing more..)
What should I do next?

0

I am wondering now if a system restore is in order. Are you able to go back to before the problem started?

0

I tried to go back, but the system wasnt able to do it...

0

Before we try something else, are you able to update IE6 to IE7? That may fix the problem.
Otherwise, open IE6 and go to the 'Tools' Tab and select 'Internet Options.' Go to the 'Advanced' Tab and then select the 'Reset' button at the bottom.
Reboot and try again.

0

I cant update IE and I did all as you said without success...
What should I do now? If you are tired, I'll understand it and there will be no problem..

Once more, thanks for your effort

0

Can you download IE7 or 8 on another computer, save it to a flash drive, then install it to yours?

0

I downloaded IE7(14 MB) and during the installation, it tries to connect to Internet to download updates but the connection isnt posible because of the problem my computer has.... Is there another complete version of IE where an update is not needed?

0

I could install IE7 without the updates but there isn't good news.
I'm hardly thinking about formatting my PC now. Do you think that is a good idea?

Thanks again

0

A system repair may be the best thing to try first. You will not lose any files, but you will have to do all your M$ updates again.

0

I did the online scan and after booting, the connection was gone.

I didn't see if crunchie already asked this, but do you have a logfile of what was removed by Kaspersky?
Do you have any old scanlogs from before you posted to this forum?
If so, please post them!

PP :)

0

Updating isnt a problem... when you talk about system repair, are you talking about this? http://michaelstevenstech.com/XPrepairinstall.htm

Yes, that's it.

Just be aware that some applications which have been updated to accommodate XP service packs, may not function till your Win Updates have been re-installed. Even then, some apps may need to either be "repair installed" or completely re-installed.

0

Also, can you upload the following to Jotti and post the results?
It is probably malware and knowing what you were infected by might help with the current connection issue....

2009-07-21 20:16 . 2009-07-22 18:36 1218776 --sh--w- C:\Sys.exe

http://virusscan.jotti.org/en

PP :)

0

Thanks kaninelupus and PhilliePhan for your help.

I tried to upload Sys.exe but it says "No file uploaded" when I select the file and upload it.

I've got the report from Karspersky :

Protection : running
--------------------
Total scanned:	7881
Detected:	54
Untreated:	0
Attacks blocked:	0
Start time:	28/07/2009 11:49:38
Duration:	00:20:02


Detected
--------
Status	Object
------	------
detected: riskware Hidden data sending	Running process: C:\WINDOWS\system32\mmc.exe
detected: riskware Hidden data sending	Running process: C:\Documents and Settings\Gustavo\Configuración local\Temp\SIT25297.tmp\setup.exe
detected: riskware Hidden data sending	Running process: C:\Documents and Settings\Gustavo\Configuración local\Temp\SIT35949.tmp\setup.exe
deleted: virus Net-Worm.Win32.Kido.ih	File: I:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx//PE_Patch.UPX//UPX
detected: riskware Hidden data sending	Running process: C:\Archivos de programa\MSN Messenger\msnmsgr.exe
deleted: virus Net-Worm.Win32.Kolab.aoe	File: G:\RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe
deleted: virus Net-Worm.Win32.Kido.ih	File: G:\Autorun.inf
detected: riskware Hidden data sending	Running process: C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
deleted: Trojan program Trojan.Win32.Delf.mtn	File: C:\Archivos de programa\H4S Advanced Password Retriever\H4S.exe
detected: riskware Trojan.generic	Running process: C:\Documents and Settings\Gustavo\Configuración local\Temp\Update-42750.exe
detected: riskware Trojan.generic	Running process: C:\Documents and Settings\Gustavo\Configuración local\Temp\Update-80411.exe
deleted: Trojan program Trojan.Win32.Delf.mng	File: C:\Archivos de programa\Internet Explorer\ods.exe
deleted: Trojan program Trojan.Win32.Delf.nkw	File: C:\Archivos de programa\Internet Explorer\msn.exe
detected: riskware Trojan.generic	Running process: C:\Documents and Settings\Gustavo\Menú Inicio\Programas\Inicio\taksman.exe
detected: riskware Trojan.generic	Running process: C:\WINDOWS\Help\secretfile.exe
detected: riskware Trojan.generic	Running process: C:\WINDOWS\Help\skitt.exe
detected: riskware Trojan.generic	Running process: C:\WINDOWS\Help\skiat.exe
detected: riskware Trojan.generic	Running process: C:\Documents and Settings\Gustavo\skiat.exe
detected: riskware Trojan.generic	Running process: C:\Documents and Settings\Gustavo\Menú Inicio\Programas\Inicio\SystemMON.exe
detected: riskware Trojan.generic	Running process: C:\Archivos de programa\Internet Explorer\Update.exe
deleted: Trojan program Trojan.Win32.Delf.mng	File: C:\System Volume Information\_restore{344D784C-91A5-408F-8501-BE2579439E4D}\RP117\A0053651.exe
deleted: Trojan program Trojan.Win32.Delf.nkw	File: C:\System Volume Information\_restore{344D784C-91A5-408F-8501-BE2579439E4D}\RP117\A0053652.exe
deleted: Trojan program Trojan.Win32.Delf.mtn	File: C:\Documents and Settings\Gustavo\Configuración local\Temp\Setup-14881.msi//_C8FF1DDB5B0F0AA15D1BDCFD24A261C5/_DCB03D1B707A4D89B200204465554083
deleted: Trojan program Trojan.Win32.Delf.mtn	File: C:\Documents and Settings\Gustavo\Configuración local\Temp\Setup-17520.msi//_C8FF1DDB5B0F0AA15D1BDCFD24A261C5
detected: riskware Invader	Running process: C:\ComboFix\Catchme.tmp

Reports
-------
Component	Status	Start	Finish	Size
---------	------	-----	------	----
Scan startup objects	completed	28/07/2009 11:51:41	28/07/2009 11:51:59	507,6 KB
Update	The updates source cannot be found	28/07/2009 11:51:26	28/07/2009 11:51:27	21,6 KB
Web Anti-Virus	running	28/07/2009 11:49:38		5,4 KB
Update	The updates source cannot be found	28/07/2009 11:49:38	28/07/2009 11:49:41	0 bytes
Parental control	running	28/07/2009 11:49:38		11,9 KB
Mail Anti-Virus	running	28/07/2009 11:49:38		0 bytes
File Anti-Virus	running	28/07/2009 11:49:38		909,1 KB
Proactive Defense	running	28/07/2009 11:49:38		0 bytes
Privacy Control	running	28/07/2009 11:49:38		0 bytes
Anti-Spam	running	28/07/2009 11:49:38		0 bytes
Firewall	running	28/07/2009 11:49:38		0 bytes


Quarantine
----------
Status	Object	Size	Added
------	------	----	-----
Possibly infected: riskware Trojan.generic	C:\Documents and Settings\Gustavo\Menú Inicio\Programas\Inicio\SystemMON.exe	622,4 KB	23/07/2009 23:30:00
Possibly infected: riskware Trojan.generic	C:\Documents and Settings\Gustavo\skiat.exe	622,4 KB	23/07/2009 14:40:21
Not infected (false operation)	C:\Documents and Settings\Gustavo\Configuración local\Temp\Update-42750.exe	1,2 MB	21/07/2009 13:21:47
Possibly infected: riskware Trojan.generic	C:\WINDOWS\Help\skitt.exe	622,4 KB	23/07/2009 12:52:59
Possibly infected: riskware Trojan.generic	C:\WINDOWS\Help\secretfile.exe	620,5 KB	22/07/2009 17:38:06
Possibly infected: riskware Trojan.generic	C:\Archivos de programa\Internet Explorer\Update.exe	622,4 KB	24/07/2009 0:03:10
Possibly infected: riskware Trojan.generic	C:\Documents and Settings\Gustavo\Menú Inicio\Programas\Inicio\taksman.exe	1,2 MB	24/07/2009 22:34:27


Backup
------
Status	Object	Size
------	------	----
Infected: Trojan program Trojan.Win32.Delf.mtn	c:\documents and settings\gustavo\configuración local\temp\setup-14881.msi	649,5 KB
Infected: Trojan program Trojan.Win32.Delf.mtn	c:\documents and settings\gustavo\configuración local\temp\setup-17520.msi	649,5 KB
Infected: Trojan program Trojan.Win32.Delf.mtn	C:\Archivos de programa\H4S Advanced Password Retriever\H4S.exe	404,6 KB
Infected: Trojan program Trojan.Win32.Delf.mng	C:\System Volume Information\_restore{344D784C-91A5-408F-8501-BE2579439E4D}\RP117\A0053651.exe	310,2 KB
Infected: Trojan program Trojan.Win32.Delf.nkw	C:\Archivos de programa\Internet Explorer\msn.exe	324,7 KB
Infected: Trojan program Trojan.Win32.Delf.nkw	C:\System Volume Information\_restore{344D784C-91A5-408F-8501-BE2579439E4D}\RP117\A0053652.exe	324,7 KB
Infected: Trojan program Trojan.Win32.Delf.mng	C:\Archivos de programa\Internet Explorer\ods.exe	310,2 KB
0

I could do the scan, I didnt find a report so here are the results:

ilename: Sys.exe
Status:
Scan finished. 6 out of 21 scanners reported malware.
Scan taken on: Tue 28 Jul 2009 22:42:31 (CET) Permalink
ASquared found Gen.Trojan!IK
Antivir found TR/Spy.1218776
Bitdefender found Gen:Trojan.Heur.kH3@trAib7Fah
F-Secure found Trojan:W32/Agent.LDW
G-Data found Gen:Trojan.Heur.kH3@trAib7Fah
Ikarus found Gen.Trojan

0

I could do the scan, I didnt find a report so here are the results:
ilename: Sys.exe

-- You should delete C:\Sys.exe
I'm surprised nothing caught that......

-- It looks like you had a couple serious infections and possibly in the removal of the Conficker variant, your connection was borked....

* Be advised, though, you have an infected USB/External drive somewhere that could be reinfecting any number of machines!

-- Try running Kaspersky's stand alone tool as per the linky below and let us know the results:
http://support.kaspersky.com/faq/?qid=208279973

-- Also, taksman.exe has been known to to bork DNS server settings. Maybe you guys should run ipconfig and flush DNS?
Perhaps a reset of router or Wireless connection as well?

Best Luck :)
PP

0

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINDOWS\Help\secretfile.exe
C:\WINDOWS\Help\skitt.exe
C:\WINDOWS\Help\skiat.exe
C:\Documents and Settings\Gustavo\skiat.exe

================

1. Please open Notepad Click Start , then Run
Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:



KillAll::

File::
C:\Sys.exe
C:\Documents and Settings\Gustavo\Menú Inicio\Programas\Inicio\taksman.exe
FileLook::
C:\WINDOWS\Help\secretfile.exe
C:\WINDOWS\Help\skitt.exe
C:\WINDOWS\Help\skiat.exe
C:\Documents and Settings\Gustavo\skiat.exe


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter youre-enable all the programs that were disabled during the running of ComboFix:Combofix.txt
A new HijackThis log.
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Attachments CFScript.gif 27.09 KB
0

PhilliePhan, I did what you said but it didnt work. Thanks anyway..

Crunchie, those files are in Quarantine. I will restore and scan them, right now...

0

Filename: secretfile.exe
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Wed 29 Jul 2009 19:27:52 (CET) Permalink

Filename: skitt.exe
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Wed 29 Jul 2009 19:30:31 (CET) Permalink

When I try to scan skiat.exe, it says skitt.exe is the same and the file was already scanned.

My time is now gone... I'll do the other with ComboFix when I come back, at night.

0

These are the new logs:

ComboFix 09-07-25.08 - Gustavo 29/07/2009 21:12.2.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.34.3082.18.3582.2989 [GMT -4:00]
Running from: d:\downloads\ComboFix.exe
Command switches used :: d:\downloads\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\Gustavo\Menú Inicio\Programas\Inicio\taksman.exe"
"C:\Sys.exe"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Sys.exe

.
(((((((((((((((((((((((((   Files Created from 2009-06-28 to 2009-07-30  )))))))))))))))))))))))))))))))
.

2009-07-28 17:30 . 2009-07-28 17:30	--------	d-sh--w-	c:\documents and settings\Gustavo\PrivacIE
2009-07-28 17:27 . 2009-07-28 17:27	--------	d-sh--w-	c:\documents and settings\Gustavo\IETldCache
2009-07-28 17:25 . 2009-07-28 17:25	--------	dc-h--w-	c:\windows\ie8
2009-07-26 18:49 . 2009-07-26 18:49	--------	d-----w-	c:\documents and settings\Gustavo\Datos de programa\Malwarebytes
2009-07-26 18:49 . 2009-07-13 17:36	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 18:49 . 2009-07-26 18:49	--------	d-----w-	c:\documents and settings\All Users\Datos de programa\Malwarebytes
2009-07-26 18:49 . 2009-07-13 17:36	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-07-26 18:49 . 2009-07-26 18:49	--------	d-----w-	c:\archivos de programa\Malwarebytes' Anti-Malware
2009-07-26 15:58 . 2009-07-26 15:58	--------	d-----w-	C:\backup
2009-07-26 15:58 . 2009-07-26 15:58	--------	d-----w-	C:\ERDNT
2009-07-23 18:35 . 2009-07-23 18:40	637320	----a-w-	c:\documents and settings\Gustavo\skiat.exe
2009-07-21 16:05 . 2009-07-21 16:05	--------	d-----w-	c:\archivos de programa\Axife Mouse Recorder DEMO
2009-07-21 03:58 . 2007-12-26 21:30	679936	----a-w-	c:\windows\system32\D3DX81ab.dll
2009-07-21 03:58 . 2007-12-26 21:30	1970176	----a-w-	c:\windows\system32\d3dx9.dll
2009-07-13 23:35 . 1998-01-09 17:27	253952	----a-w-	c:\windows\UN16040A.EXE
2009-07-09 13:55 . 2009-07-09 13:55	--------	d-----w-	C:\Student
2009-07-09 01:25 . 2009-07-09 01:25	--------	d-----w-	c:\documents and settings\Gustavo\.idlerc
2009-07-08 16:29 . 2005-03-30 13:14	1867776	----a-w-	c:\windows\system32\python24.dll
2009-07-08 16:28 . 2009-07-13 16:25	--------	d-----w-	c:\documents and settings\Gustavo\Datos de programa\ESRI
2009-07-08 16:22 . 2009-07-08 16:22	--------	d-----w-	c:\documents and settings\All Users\Datos de programa\ESRI
2009-07-08 16:21 . 2009-07-08 16:22	--------	d-----w-	c:\archivos de programa\Archivos comunes\ESRI
2009-07-08 16:20 . 2009-07-08 16:20	--------	d-----w-	c:\archivos de programa\Leica Geosystems
2009-07-08 16:19 . 2009-07-08 16:19	--------	d-----w-	c:\archivos de programa\Archivos comunes\AnswerWorks 4.0
2009-07-08 16:18 . 2009-07-08 16:29	--------	d-----w-	C:\Python24
2009-07-08 16:18 . 2009-07-08 16:21	--------	d-----w-	c:\archivos de programa\ArcGIS
2009-07-08 16:14 . 2009-07-30 01:18	--------	d-----w-	C:\flexlm
2009-07-08 16:10 . 2009-07-08 16:10	--------	d-----w-	c:\archivos de programa\Rainbow Technologies
2009-07-08 16:09 . 2009-07-08 16:09	--------	d-----w-	c:\archivos de programa\ESRI
2009-07-07 19:31 . 2009-07-07 19:31	--------	d--h--w-	c:\windows\PIF
2009-07-07 18:53 . 2009-07-07 18:53	--------	d-----w-	c:\archivos de programa\SQL Maestro Group
2009-07-07 18:53 . 2009-07-07 18:53	--------	d-----w-	c:\archivos de programa\Archivos comunes\SQL Maestro Group
2009-07-02 17:58 . 2009-07-02 18:16	--------	d-----w-	c:\documents and settings\Gustavo\.ireport
2009-07-02 17:58 . 2009-07-02 17:58	--------	d-----w-	c:\documents and settings\Gustavo\flexdock
2009-07-02 17:57 . 2009-07-02 17:57	--------	d-----w-	c:\archivos de programa\JasperSoft
2009-06-30 13:30 . 2009-06-30 13:30	--------	d-----w-	C:\vbroker
2009-06-30 13:27 . 2009-06-30 13:27	--------	d-----w-	C:\Inprise
2009-06-30 13:24 . 2009-06-30 13:24	--------	d-----w-	c:\archivos de programa\Borland

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 01:21 . 2008-11-15 01:48	18952224	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-07-30 01:20 . 2008-11-15 01:48	1399840	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
2009-07-30 01:17 . 2008-11-15 01:48	261044	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-07-30 01:17 . 2008-11-15 01:48	135344	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2009-07-30 01:05 . 2008-11-15 01:48	--------	d-----w-	c:\documents and settings\All Users\Datos de programa\Kaspersky Lab
2009-07-28 02:09 . 2002-09-10 12:00	661006	----a-w-	c:\windows\system32\perfh00A.dat
2009-07-28 02:09 . 2002-09-10 12:00	156396	----a-w-	c:\windows\system32\perfc00A.dat
2009-07-25 12:36 . 2008-12-14 18:49	--------	d-----w-	c:\documents and settings\Gustavo\Datos de programa\uTorrent
2009-07-23 16:58 . 2009-07-23 16:50	637320	----a-w-	c:\windows\Help\skitt.exe
2009-07-22 21:55 . 2009-07-22 21:35	635400	----a-w-	c:\windows\Help\secretfile.exe
2009-07-22 03:01 . 2008-11-18 17:52	--------	d-----w-	c:\documents and settings\Gustavo\Datos de programa\U3
2009-07-14 01:31 . 2008-11-14 23:05	42429	----a-w-	c:\windows\system32\nvModes.dat
2009-07-07 18:52 . 2009-05-17 17:16	--------	d-----w-	c:\documents and settings\Gustavo\Datos de programa\MySQL
2009-07-03 19:43 . 2008-12-14 16:46	--------	d-----w-	c:\archivos de programa\Acronis Disk Director Suite 10 build 2160
2009-07-03 19:42 . 2009-05-17 21:28	--------	d-----w-	c:\archivos de programa\Microsoft ActiveSync
2009-06-30 13:26 . 2008-11-21 03:28	--------	d-----w-	c:\archivos de programa\Archivos comunes\Borland Shared
2009-06-22 05:12 . 2008-11-14 23:26	--------	d--h--w-	c:\archivos de programa\InstallShield Installation Information
2009-06-19 03:59 . 2009-06-19 03:59	1878984	----a-w-	c:\documents and settings\Gustavo\Datos de programa\Macromedia\Flash Player\[url]www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe[/url]
2009-06-18 16:15 . 2009-06-18 16:15	--------	d-----w-	c:\documents and settings\All Users\Datos de programa\FLEXnet
2009-06-18 16:07 . 2009-06-18 16:07	--------	d-----w-	c:\archivos de programa\Bonjour
2009-06-18 16:07 . 2008-11-16 19:43	--------	d-----w-	c:\archivos de programa\Archivos comunes\Adobe
2009-06-18 15:59 . 2009-06-18 15:59	--------	d-----w-	c:\archivos de programa\Archivos comunes\Macrovision Shared
2009-06-18 02:12 . 2009-05-14 15:27	--------	d-----w-	c:\archivos de programa\GameSpy Arcade
2009-06-17 17:13 . 2009-06-17 17:13	--------	d-----w-	c:\archivos de programa\Conduit
2009-06-17 16:13 . 2009-06-17 16:13	--------	d-----w-	c:\archivos de programa\Macromedia
2009-06-17 16:13 . 2009-06-17 16:13	--------	d-----w-	c:\archivos de programa\Archivos comunes\Macromedia
2009-06-17 16:12 . 2008-11-14 23:04	--------	d-----w-	c:\archivos de programa\Archivos comunes\InstallShield
2009-06-14 16:23 . 2009-06-14 16:23	--------	d--h--w-	c:\documents and settings\All Users\Datos de programa\CanonBJ
2009-06-02 18:58 . 2009-05-07 23:14	--------	d-----w-	c:\archivos de programa\NetBeans 6.5
2009-06-02 18:41 . 2009-05-07 23:17	--------	d-----w-	c:\archivos de programa\Apache Software Foundation
2009-05-20 17:47 . 2008-11-15 01:49	94643	----a-w-	c:\windows\system32\drivers\klick.dat
2009-05-20 17:47 . 2008-11-15 01:49	105395	----a-w-	c:\windows\system32\drivers\klin.dat
2009-05-19 15:31 . 2009-06-17 17:12	51200	----a-w-	c:\documents and settings\Gustavo\Datos de programa\Mozilla\Firefox\Profiles\837ymwuy.default\extensions\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}\components\FFExternalAlert.dll
2009-05-19 15:31 . 2009-06-17 17:12	114688	----a-w-	c:\documents and settings\Gustavo\Datos de programa\Mozilla\Firefox\Profiles\837ymwuy.default\extensions\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}\components\npmozax.dll
2009-05-10 13:46 . 2009-05-10 13:47	410984	----a-w-	c:\windows\system32\deploytk.dll
2009-05-10 13:46 . 2009-05-10 13:46	152576	----a-w-	c:\documents and settings\Gustavo\Datos de programa\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-07 15:30 . 2009-05-07 15:01	1693344	----a-w-	c:\documents and settings\All Users\Datos de programa\Microsoft\VisualStudio\9.0\3082\ResourceCache.dll
2009-05-07 15:01 . 2009-05-07 15:01	18560	----a-w-	c:\documents and settings\All Users\Datos de programa\Microsoft\VSA\9.0\3082\ResourceCache.dll
2009-05-07 14:40 . 2009-05-07 14:40	416	----a-w-	c:\documents and settings\All Users\Datos de programa\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-05-07 13:29 . 2008-11-16 21:11	194320	----a-w-	c:\documents and settings\All Users\Datos de programa\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\klif.sys
2008-05-29 20:59 . 2008-11-15 01:48	134144	----a-w-	c:\archivos de programa\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\documents and settings\Gustavo\skiat.exe ---
Company: ------
File Description: 
File Version: 1.0.0.0
Product Name: ------
Copyright: Copyright ©  2009
Original Filename: a.exe
File size: 637320
Created time: 2009-07-23 18:35
Modified time: 2009-07-23 18:40
MD5: AB49F12C7EEEFCEE912FE3236C7703A4
SHA1: 45056343F4426C13ACBB6E3DA6EC929D8EA42A70


--- c:\windows\Help\secretfile.exe ---
Company: ------
File Description: 
File Version: 1.0.0.0
Product Name: ------
Copyright: Copyright ©  2009
Original Filename: a.exe
File size: 635400
Created time: 2009-07-22 21:35
Modified time: 2009-07-22 21:55
MD5: 45BBBBEDA25E6D7A3CF67E1ADBE49980
SHA1: 6380480B4FEC8D376B9B21C3A3289F0C9B78654C


--- c:\windows\Help\skitt.exe ---
Company: ------
File Description: 
File Version: 1.0.0.0
Product Name: ------
Copyright: Copyright ©  2009
Original Filename: a.exe
File size: 637320
Created time: 2009-07-23 16:50
Modified time: 2009-07-23 16:58
MD5: AB49F12C7EEEFCEE912FE3236C7703A4
SHA1: 45056343F4426C13ACBB6E3DA6EC929D8EA42A70


(((((((((((((((((((((((((((((   SnapShot@2009-07-26_23.38.41   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-30 01:18 . 2009-07-30 01:18	16384              c:\windows\temp\Perflib_Perfdata_42c.dat
+ 2008-11-17 23:57 . 2009-01-07 22:21	26144              c:\windows\system32\spupdsvc.exe
+ 2008-11-17 23:57 . 2009-01-07 22:21	18464              c:\windows\system32\spmsg.dll
+ 2009-07-25 17:02 . 2009-07-27 01:41	20204              c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-19 13:42 . 2009-03-08 08:31	46592              c:\windows\system32\pngfilt.dll
+ 2006-06-29 12:05 . 2009-01-07 22:20	23552              c:\windows\system32\normaliz.dll
+ 2006-06-28 21:59 . 2009-01-07 22:20	24576              c:\windows\system32\nlsdl.dll
+ 2004-08-19 13:39 . 2009-03-08 08:31	48128              c:\windows\system32\mshtmler.dll
+ 2004-08-19 13:42 . 2009-03-08 08:31	66560              c:\windows\system32\mshtmled.dll
+ 2004-08-19 13:42 . 2009-03-08 08:31	45568              c:\windows\system32\mshta.exe
+ 2007-08-13 22:36 . 2009-03-08 08:31	13312              c:\windows\system32\msfeedssync.exe
+ 2007-08-13 22:54 . 2009-03-08 08:31	55296              c:\windows\system32\msfeedsbs.dll
+ 2004-08-19 13:42 . 2009-03-08 08:34	43008              c:\windows\system32\licmgr10.dll
+ 2004-08-19 13:42 . 2009-03-08 08:33	25600              c:\windows\system32\jsproxy.dll
+ 2004-08-19 13:42 . 2009-03-08 08:32	94720              c:\windows\system32\inseng.dll
+ 2004-08-19 13:42 . 2009-03-08 08:31	34816              c:\windows\system32\imgutil.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32	36864              c:\windows\system32\ieudinit.exe
+ 2004-08-19 13:42 . 2009-03-08 08:32	71680              c:\windows\system32\iesetup.dll
+ 2004-08-19 13:42 . 2009-03-08 08:32	55808              c:\windows\system32\iernonce.dll
+ 2006-06-29 12:05 . 2009-01-07 22:20	26112              c:\windows\system32\idndl.dll
+ 2007-08-13 22:36 . 2009-03-08 08:31	59904              c:\windows\system32\icardie.dll
+ 2007-08-13 22:36 . 2009-03-08 08:31	46592              c:\windows\system32\dllcache\pngfilt.dll
+ 2007-08-13 22:01 . 2009-03-08 08:31	48128              c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 22:54 . 2009-03-08 08:31	66560              c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 22:32 . 2009-03-08 08:31	45568              c:\windows\system32\dllcache\mshta.exe
+ 2007-08-13 22:44 . 2009-03-08 08:34	43008              c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 22:54 . 2009-03-08 08:33	25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32	94720              c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 22:36 . 2009-03-08 08:31	34816              c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32	71680              c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32	55808              c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 22:44 . 2007-08-13 22:44	69120              c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 22:18 . 2009-03-08 08:24	68608              c:\windows\system32\dllcache\hmmapi.dll
- 2008-11-14 22:55 . 2008-04-14 02:18	33792              c:\windows\system32\dllcache\custsat.dll
+ 2008-11-14 22:55 . 2007-08-13 22:54	33792              c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 22:42 . 2009-03-08 08:33	18944              c:\windows\system32\dllcache\corpol.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32	72704              c:\windows\system32\dllcache\admparse.dll
+ 2004-08-19 13:41 . 2009-03-08 08:33	18944              c:\windows\system32\corpol.dll
- 2008-11-14 23:00 . 2009-07-26 23:25	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-14 23:00 . 2009-07-30 01:18	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-14 23:00 . 2009-07-30 01:18	32768              c:\windows\system32\config\systemprofile\Configuración local\Historial\History.IE5\index.dat
- 2008-11-14 23:00 . 2009-07-26 23:25	32768              c:\windows\system32\config\systemprofile\Configuración local\Historial\History.IE5\index.dat
+ 2009-07-30 01:19 . 2009-07-30 01:18	32768              c:\windows\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat
+ 2004-08-19 13:41 . 2009-03-08 08:32	72704              c:\windows\system32\admparse.dll
+ 2009-07-28 17:25 . 2009-03-09 00:55	58464              c:\windows\ie8\spuninst\iecustom.dll
+ 2009-07-28 17:25 . 2007-08-13 22:36	44544              c:\windows\ie8\pngfilt.dll
+ 2009-07-28 17:25 . 2007-08-13 22:01	48128              c:\windows\ie8\mshtmler.dll
+ 2009-07-28 17:25 . 2007-08-13 22:32	45568              c:\windows\ie8\mshta.exe
+ 2009-07-28 17:25 . 2007-08-13 22:36	12288              c:\windows\ie8\msfeedssync.exe
+ 2009-07-28 17:25 . 2007-08-13 22:54	50688              c:\windows\ie8\msfeedsbs.dll
+ 2009-07-28 17:25 . 2007-08-13 22:44	40960              c:\windows\ie8\licmgr10.dll
+ 2009-07-28 17:25 . 2007-08-13 22:54	27136              c:\windows\ie8\jsproxy.dll
+ 2009-07-28 17:25 . 2007-08-13 22:39	92672              c:\windows\ie8\inseng.dll
+ 2009-07-28 17:25 . 2007-08-13 22:36	36352              c:\windows\ie8\imgutil.dll
+ 2009-07-28 17:25 . 2007-08-13 22:39	55296              c:\windows\ie8\iesetup.dll
+ 2009-07-28 17:25 . 2007-08-13 22:39	43008              c:\windows\ie8\iernonce.dll
+ 2009-07-28 17:25 . 2007-08-13 22:45	78336              c:\windows\ie8\ieencode.dll
+ 2009-07-28 17:25 . 2007-08-13 22:39	54784              c:\windows\ie8\ie4uinit.exe
+ 2009-07-28 17:25 . 2007-08-13 22:36	61952              c:\windows\ie8\icardie.dll
+ 2009-07-28 17:25 . 2007-08-13 22:18	60416              c:\windows\ie8\hmmapi.dll
+ 2009-07-28 17:25 . 2007-08-13 22:42	17408              c:\windows\ie8\corpol.dll
+ 2009-07-28 17:25 . 2007-08-13 22:39	71680              c:\windows\ie8\admparse.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	37888              c:\windows\ie7\url.dll
+ 2009-07-28 02:06 . 2007-09-26 22:18	66048              c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2009-07-28 02:06 . 2007-09-26 22:25	33472              c:\windows\ie7\spuninst\iecustom.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	39424              c:\windows\ie7\pngfilt.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	97280              c:\windows\ie7\occache.dll
+ 2009-07-28 02:06 . 2008-04-14 01:51	57344              c:\windows\ie7\mshtmler.dll
+ 2009-07-28 02:06 . 2008-04-14 02:19	29184              c:\windows\ie7\mshta.exe
+ 2009-07-28 02:06 . 2008-04-14 02:18	22528              c:\windows\ie7\licmgr10.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	15872              c:\windows\ie7\jsproxy.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	96768              c:\windows\ie7\inseng.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	35840              c:\windows\ie7\imgutil.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	93184              c:\windows\ie7\iexplore.exe
+ 2009-07-28 02:06 . 2008-04-14 02:18	63488              c:\windows\ie7\iesetup.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	48640              c:\windows\ie7\iernonce.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	18432              c:\windows\ie7\iedw.exe
+ 2009-07-28 02:06 . 2008-04-14 02:18	34304              c:\windows\ie7\ie4uinit.exe
+ 2009-07-28 02:06 . 2008-04-14 02:18	38912              c:\windows\ie7\hmmapi.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	55808              c:\windows\ie7\extmgr.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	33792              c:\windows\ie7\custsat.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	61440              c:\windows\ie7\admparse.dll
- 2008-04-14 02:18 . 2008-04-14 02:18	121856              c:\windows\system32\xmllite.dll
+ 2008-04-14 02:18 . 2009-01-07 22:21	121856              c:\windows\system32\xmllite.dll
+ 2004-08-19 13:42 . 2009-03-08 08:34	914944              c:\windows\system32\wininet.dll
+ 2007-08-13 22:45 . 2009-03-08 08:34	208384              c:\windows\system32\WinFXDocObj.exe
+ 2004-08-19 13:42 . 2009-03-08 08:34	236544              c:\windows\system32\webcheck.dll
+ 2004-08-19 13:42 . 2009-03-08 08:33	420352              c:\windows\system32\vbscript.dll
+ 2004-08-19 13:42 . 2009-03-08 08:34	105984              c:\windows\system32\url.dll
- 2002-09-10 12:00 . 2009-07-25 17:08	575288              c:\windows\system32\perfh009.dat
+ 2002-09-10 12:00 . 2009-07-28 02:09	575288              c:\windows\system32\perfh009.dat
- 2002-09-10 12:00 . 2009-07-25 17:08	122828              c:\windows\system32\perfc009.dat
+ 2002-09-10 12:00 . 2009-07-28 02:09	122828              c:\windows\system32\perfc009.dat
+ 2004-08-19 13:42 . 2009-03-08 08:34	109568              c:\windows\system32\occache.dll
+ 2004-08-19 13:42 . 2009-03-08 08:32	611840              c:\windows\system32\mstime.dll
+ 2004-08-19 13:42 . 2009-03-08 08:34	193536              c:\windows\system32\msrating.dll
+ 2002-09-10 12:00 . 2009-03-08 08:22	156160              c:\windows\system32\msls31.dll
+ 2007-08-13 22:54 . 2009-03-08 08:32	594432              c:\windows\system32\msfeeds.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20	265720              c:\windows\system32\msdbg2.dll
+ 2004-08-19 13:42 . 2009-03-08 08:33	726528              c:\windows\system32\jscript.dll
+ 2009-05-16 02:14 . 2009-07-30 01:20	236381              c:\windows\system32\inetsrv\MetaBase.bin
+ 2007-08-13 22:54 . 2009-03-08 08:22	164352              c:\windows\system32\ieui.dll
+ 2004-08-19 13:42 . 2009-03-08 08:31	183808              c:\windows\system32\iepeers.dll
+ 2004-08-19 13:42 . 2009-03-08 18:09	391536              c:\windows\system32\iedkcs32.dll
+ 2007-07-11 16:27 . 2009-03-08 08:11	445952              c:\windows\system32\ieapfltr.dll
+ 2002-09-10 12:00 . 2009-03-08 08:32	163840              c:\windows\system32\ieakui.dll
+ 2004-08-19 13:42 . 2009-03-08 08:33	229376              c:\windows\system32\ieaksie.dll
+ 2004-08-19 13:42 . 2009-03-08 08:33	125952              c:\windows\system32\ieakeng.dll
+ 2004-08-19 13:42 . 2009-03-08 08:32	173056              c:\windows\system32\ie4uinit.exe
+ 2004-08-19 13:42 . 2007-08-13 22:54	131584              c:\windows\system32\extmgr.dll
+ 2004-08-19 13:42 . 2009-03-08 08:31	216064              c:\windows\system32\dxtrans.dll
+ 2004-08-19 13:42 . 2009-03-08 08:31	348160              c:\windows\system32\dxtmsft.dll
+ 2008-08-20 05:09 . 2009-03-08 08:34	914944              c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 22:54 . 2009-03-08 08:34	236544              c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 22:54 . 2009-03-08 08:33	759296              c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:55 . 2009-03-08 08:33	420352              c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-13 22:44 . 2009-03-08 08:34	105984              c:\windows\system32\dllcache\url.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20	134144              c:\windows\system32\dllcache\sqmapi.dll
+ 2006-09-23 17:12 . 2006-09-23 17:12	474624              c:\windows\system32\dllcache\shlwapi.dll
+ 2007-08-13 22:44 . 2009-03-08 08:34	109568              c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 22:54 . 2009-03-08 08:32	611840              c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 22:44 . 2009-03-08 08:34	193536              c:\windows\system32\dllcache\msrating.dll
+ 2002-09-10 12:00 . 2009-03-08 08:22	156160              c:\windows\system32\dllcache\msls31.dll
+ 2008-05-09 10:55 . 2009-03-08 08:33	726528              c:\windows\system32\dllcache\jscript.dll
+ 2007-08-13 22:43 . 2009-03-08 18:09	638816              c:\windows\system32\dllcache\iexplore.exe
+ 2007-08-13 22:54 . 2009-03-08 08:31	183808              c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 22:39 . 2009-03-08 18:09	391536              c:\windows\system32\dllcache\iedkcs32.dll
+ 2002-09-10 12:00 . 2009-03-08 08:32	163840              c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 22:39 . 2009-03-08 08:33	229376              c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 22:39 . 2009-03-08 08:33	125952              c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32	173056              c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 22:54 . 2007-08-13 22:54	131584              c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 22:35 . 2009-03-08 08:31	216064              c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-13 22:35 . 2009-03-08 08:31	348160              c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32	128512              c:\windows\system32\dllcache\advpack.dll
+ 2004-08-19 13:41 . 2009-03-08 08:32	128512              c:\windows\system32\advpack.dll
+ 2009-07-28 17:25 . 2007-08-13 22:54	818688              c:\windows\ie8\wininet.dll
+ 2009-07-28 17:25 . 2007-08-13 22:45	206336              c:\windows\ie8\winfxdocobj.exe
+ 2009-07-28 17:25 . 2007-08-13 22:54	231424              c:\windows\ie8\webcheck.dll
+ 2009-07-28 17:25 . 2007-08-13 22:54	765952              c:\windows\ie8\vgx.dll
+ 2009-07-28 17:25 . 2008-05-09 10:55	430080              c:\windows\ie8\vbscript.dll
+ 2009-07-28 17:25 . 2007-08-13 22:44	105984              c:\windows\ie8\url.dll
+ 2009-07-28 17:25 . 2009-01-07 22:21	400928              c:\windows\ie8\spuninst\updspapi.dll
+ 2009-07-28 17:25 . 2009-01-07 22:21	234016              c:\windows\ie8\spuninst\spuninst.exe
+ 2009-07-28 17:25 . 2006-09-06 21:43	215776              c:\windows\ie8\spuninst.exe
+ 2009-07-28 17:25 . 2007-08-13 22:44	101376              c:\windows\ie8\occache.dll
+ 2009-07-28 17:25 . 2007-08-13 22:54	670720              c:\windows\ie8\mstime.dll
+ 2009-07-28 17:25 . 2007-08-13 22:44	192000              c:\windows\ie8\msrating.dll
+ 2009-07-28 17:25 . 2007-08-13 22:54	156160              c:\windows\ie8\msls31.dll
+ 2009-07-28 17:25 . 2007-08-13 22:54	475648              c:\windows\ie8\mshtmled.dll
+ 2009-07-28 17:25 . 2007-08-13 22:54	458752              c:\windows\ie8\msfeeds.dll
+ 2009-07-28 17:25 . 2008-05-09 10:55	512000              c:\windows\ie8\jscript.dll
+ 2009-07-28 17:25 . 2007-08-13 22:43	622080              c:\windows\ie8\iexplore.exe
+ 2009-07-28 17:25 . 2007-08-13 22:54	180736              c:\windows\ie8\ieui.dll
+ 2009-07-28 17:25 . 2007-08-13 22:34	266752              c:\windows\ie8\iertutil.dll
+ 2009-07-28 17:25 . 2007-08-13 22:54	287744              c:\windows\ie8\ieproxy.dll
+ 2009-07-28 17:25 . 2007-08-13 22:54	191488              c:\windows\ie8\iepeers.dll
+ 2009-07-28 17:25 . 2007-08-13 22:39	382976              c:\windows\ie8\iedkcs32.dll
+ 2009-07-28 17:25 . 2007-07-11 16:27	383488              c:\windows\ie8\ieapfltr.dll
+ 2009-07-28 17:25 . 2007-08-13 21:56	161792              c:\windows\ie8\ieakui.dll
+ 2009-07-28 17:25 . 2007-08-13 22:39	229376              c:\windows\ie8\ieaksie.dll
+ 2009-07-28 17:25 . 2007-08-13 22:39	152064              c:\windows\ie8\ieakeng.dll
+ 2009-07-28 17:25 . 2007-08-13 22:35	214528              c:\windows\ie8\dxtrans.dll
+ 2009-07-28 17:25 . 2007-08-13 22:35	346624              c:\windows\ie8\dxtmsft.dll
+ 2009-07-28 17:25 . 2007-08-13 22:39	123904              c:\windows\ie8\advpack.dll
+ 2009-07-28 02:06 . 2008-10-16 01:01	668672              c:\windows\ie7\wininet.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	280576              c:\windows\ie7\webcheck.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	851968              c:\windows\ie7\vgx.dll
+ 2009-07-28 02:06 . 2008-10-16 01:01	619520              c:\windows\ie7\urlmon.dll
+ 2009-07-28 02:06 . 2006-09-06 21:43	389856              c:\windows\ie7\spuninst\updspapi.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	532480              c:\windows\ie7\mstime.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	146432              c:\windows\ie7\msrating.dll
+ 2009-07-28 02:06 . 2002-09-10 12:00	146432              c:\windows\ie7\msls31.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	449024              c:\windows\ie7\mshtmled.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	251904              c:\windows\ie7\iepeers.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	323584              c:\windows\ie7\iedkcs32.dll
+ 2009-07-28 02:06 . 2002-09-10 12:00	241664              c:\windows\ie7\ieakui.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	221184              c:\windows\ie7\ieaksie.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	143360              c:\windows\ie7\ieakeng.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	205312              c:\windows\ie7\dxtrans.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	357888              c:\windows\ie7\dxtmsft.dll
+ 2009-07-28 02:06 . 2008-04-14 02:18	101376              c:\windows\ie7\advpack.dll
+ 2004-08-19 13:42 . 2009-03-08 08:34	1206784              c:\windows\system32\urlmon.dll
+ 2004-08-19 13:42 . 2009-03-08 08:41	5937152              c:\windows\system32\mshtml.dll
+ 2007-08-13 22:34 . 2009-03-08 08:32	1985024              c:\windows\system32\iertutil.dll
+ 2007-02-12 20:10 . 2009-02-07 01:07	3698584              c:\windows\system32\ieapfltr.dat
+ 2008-08-20 05:09 . 2009-03-08 08:34	1206784              c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-20 05:09 . 2009-03-08 08:41	5937152              c:\windows\system32\dllcache\mshtml.dll
+ 2006-09-23 17:12 . 2006-09-23 17:12	1022976              c:\windows\system32\dllcache\browseui.dll
+ 2009-07-28 17:25 . 2007-08-13 22:54	1162240              c:\windows\ie8\urlmon.dll
+ 2009-07-28 17:25 . 2007-08-13 22:54	3578368              c:\windows\ie8\mshtml.dll
+ 2009-07-28 17:25 . 2007-08-13 22:54	6049280              c:\windows\ie8\ieframe.dll
+ 2009-07-28 17:25 . 2007-02-12 20:10	2451312              c:\windows\ie8\ieapfltr.dat
+ 2009-07-28 02:06 . 2008-10-16 01:01	3088896              c:\windows\ie7\mshtml.dll
+ 2007-08-13 22:54 . 2009-03-08 08:39	11063808              c:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 23:59	2953216	----a-w-	c:\archivos de programa\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 23:59	2953216	----a-w-	c:\archivos de programa\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"SynTPEnh"="c:\archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"PSQLLauncher"="c:\archivos de programa\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"SigmatelSysTrayApp"="c:\archivos de programa\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-05-10 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-11-17 1626112]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-11-17 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Administrador de servicios.lnk - c:\archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-11-26 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 23:46	90112	----a-w-	c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\Ares\\Ares.exe"=
"c:\\Archivos de programa\\Java\\jre1.6.0_05\\bin\\java.exe"=
"c:\\Archivos de programa\\Java\\jdk1.6.0_05\\bin\\java.exe"=
"c:\\Archivos de programa\\Java\\jdk1.6.0_05\\jre\\bin\\java.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=

R2 ArcGIS License Manager;ArcGIS License Manager;c:\archiv~1\ESRI\License\arcgis9x\lmgrd.exe [08/07/2009 12:09 467968]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [04/04/2007 14:58 24344]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [03/10/2008 19:51 37296]
S3 Tomcat6;Apache Tomcat;c:\archivos de programa\Apache Software Foundation\Tomcat 6.0.18\bin\tomcat6.exe [21/07/2008 20:01 57344]

--- Other Services/Drivers In Memory ---

*Deregistered* - project

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://localhost/WebSiteSMS/Service.asmx
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {08298320-A95F-4E73-9F5D-7F91783FEAA7} = 200.58.160.25,200.58.161.25
FF - ProfilePath - c:\documents and settings\Gustavo\Datos de programa\Mozilla\Firefox\Profiles\837ymwuy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.bo/
FF - component: c:\documents and settings\Gustavo\Datos de programa\Mozilla\Firefox\Profiles\837ymwuy.default\extensions\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}\components\FFExternalAlert.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2009-07-29 21:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\archivos de programa\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\archivos de programa\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1540)
c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
c:\windows\system32\psqlpwd.dll
c:\archivos de programa\Protector Suite QL\homefus2.dll
c:\archivos de programa\Protector Suite QL\infra.dll
c:\archivos de programa\Protector Suite QL\homepass.dll
c:\archivos de programa\Protector Suite QL\bio.dll
c:\archivos de programa\Protector Suite QL\remote.dll
c:\archivos de programa\Protector Suite QL\crypto.dll

- - - - - - - > 'lsass.exe'(1596)
c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\windows\system32\psqlpwd.dll
c:\archivos de programa\Protector Suite QL\homefus2.dll
c:\archivos de programa\Protector Suite QL\infra.dll
c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

- - - - - - - > 'explorer.exe'(2888)
c:\archivos de programa\Protector Suite QL\farchns.dll
c:\archivos de programa\Protector Suite QL\infra.dll
c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\archivos de programa\Bonjour\mDNSResponder.exe
c:\archivos de programa\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\archiv~1\ESRI\License\arcgis9x\ARCGIS.EXE
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\archivos de programa\Microsoft Analysis Services\Bin\msmdsrv.exe
c:\archivos de programa\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\windows\system32\nvsvc32.exe
c:\archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
c:\archivos de programa\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\archivos de programa\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
c:\archivos de programa\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\archivos de programa\Protector Suite QL\psqltray.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2009-07-30 21:25 - machine was rebooted
ComboFix-quarantined-files.txt  2009-07-30 01:25
ComboFix2.txt  2009-07-26 23:43

Pre-Run: 22.407.872.512 bytes libres
Post-Run: 22.360.170.496 bytes libres

482	--- E O F ---	2008-12-13 04:22
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:10, on 29/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\ARCHIV~1\ESRI\License\arcgis9x\ARCGIS.EXE
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Microsoft Analysis Services\Bin\msmdsrv.exe
C:\Archivos de programa\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Archivos de programa\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Archivos de programa\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://localhost/WebSiteSMS/Service.asmx[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Archivos de programa\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Administrador de servicios.lnk = C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226872996453[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{08298320-A95F-4E73-9F5D-7F91783FEAA7}: NameServer = 200.58.160.25,200.58.161.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{08298320-A95F-4E73-9F5D-7F91783FEAA7}: NameServer = 200.58.160.25,200.58.161.25
O23 - Service: ArcGIS License Manager - Unknown owner - C:\ARCHIV~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - C:\Archivos.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Archivos de programa\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Archivos de programa\Apache Software Foundation\Tomcat 6.0.18\bin\tomcat6.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8227 bytes
0
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • Select it and click Remove.
  • Then Download and install the newest version from here:
  • http://www.java.com/en/download/manual.jsp


==

1. Please open Notepad Click Start , then Run
Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:



KillAll::

File::
C:\WINDOWS\Help\secretfile.exe
C:\WINDOWS\Help\skitt.exe
C:\WINDOWS\Help\skiat.exe
C:\Documents and Settings\Gustavo\skiat.exe


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter youre-enable all the programs that were disabled during the running of ComboFix:Combofix.txt
A new HijackThis log.
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Attachments CFScript.gif 27.09 KB
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.