1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Can't start a DCOM server:{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Discussion in 'Malware and Virus Removal Archive' started by eddie2000, 2010/04/14.

Page 1 of 2
  1. 2010/04/14
    eddie2000

    eddie2000 Inactive Thread Starter

    Joined:
    2010/04/13
    Messages:
    21
    Likes Received:
    0
    [Inactive] Can't start a DCOM server:{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

    My PC crashes all the time and the event viewer shows allways the same error:

    Tipo de suceso: Error
    Origen del suceso: DCOM
    Categoría del suceso: Ninguno
    Id. suceso: 10000
    Fecha: 10/04/2010
    Hora: 17:02:10
    Usuario: NT AUTHORITY\Servicio de red
    Equipo: PCEDU
    Descripción:
    No se puede iniciar un servidor DCOM: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. El error:
    "El sistema no puede hallar el archivo especificado. "
    Ha ocurrido mientras iniciaba este comando:
    -Embedding

    Para obtener más información, vea el Centro de ayuda y soporte técnico en http://go.microsoft.com/fwlink/events.asp.

    I allready posted in Winhdows XP forum and received a reply from Mallman tht says:
    Quote:
    Originally Posted by mattman
    Go to Control Panel -> Administrative Tools -> Event Viewer and you should find the errors listed. Double-click them to see the details. Let us know if that file is the one that is missing or another.

    Find what date they started happening. You can try doing a System Restore back to before that date.

    It seems something is trying to run a DCOM server. It could be malware like a trojan. It could be shoddy program that you installed that wants to contact it's server.

    You could run an online scan
    http://housecall.trendmicro.com/
    http://www.pandasecurity.com/homeuse...s/activescan/?
    http://www.emsisoft.com/en/software/ax/

    If you suspect malware you can post a thread in the Virus and Malware Removal forum, but you need to read this
    http://www.windowsbbs.com/malware-vi...uncements.html
    and post the relevant logs.

    If you have trouble with the language, you might want to find help in that language.

    I ran trendmicro which found 1 threat that I removed. I couldn't run panda because even in "a prueba de errores" Windows mode hanged the computer and Emisoft did not find any threat.
    Earlier I have run MalwareBytes which found 2 hotfixes that are now in Quarentine.

    I am copying the files requested:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)


    ==== Disk Partitions =========================


    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Actualización de seguridad para el Reproductor de Windows Media (KB952069)
    Actualización de seguridad para el Reproductor de Windows Media (KB954155)
    Actualización de seguridad para el Reproductor de Windows Media (KB968816)
    Actualización de seguridad para el Reproductor de Windows Media (KB973540)
    Actualización de seguridad para el Reproductor de Windows Media 11 (KB954154)
    Actualización de seguridad para Windows Internet Explorer 8 (KB971961)
    Actualización de seguridad para Windows Internet Explorer 8 (KB981332)
    Actualización de seguridad para Windows XP (KB923561)
    Actualización de seguridad para Windows XP (KB950760)
    Actualización de seguridad para Windows XP (KB950762)
    Actualización de seguridad para Windows XP (KB950974)
    Actualización de seguridad para Windows XP (KB951066)
    Actualización de seguridad para Windows XP (KB951376-v2)
    Actualización de seguridad para Windows XP (KB951748)
    Actualización de seguridad para Windows XP (KB952004)
    Actualización de seguridad para Windows XP (KB952954)
    Actualización de seguridad para Windows XP (KB955069)
    Actualización de seguridad para Windows XP (KB956572)
    Actualización de seguridad para Windows XP (KB956744)
    Actualización de seguridad para Windows XP (KB956802)
    Actualización de seguridad para Windows XP (KB956803)
    Actualización de seguridad para Windows XP (KB956844)
    Actualización de seguridad para Windows XP (KB958644)
    Actualización de seguridad para Windows XP (KB958869)
    Actualización de seguridad para Windows XP (KB959426)
    Actualización de seguridad para Windows XP (KB960803)
    Actualización de seguridad para Windows XP (KB960859)
    Actualización de seguridad para Windows XP (KB961501)
    Actualización de seguridad para Windows XP (KB969059)
    Actualización de seguridad para Windows XP (KB969947)
    Actualización de seguridad para Windows XP (KB970238)
    Actualización de seguridad para Windows XP (KB970430)
    Actualización de seguridad para Windows XP (KB971468)
    Actualización de seguridad para Windows XP (KB971657)
    Actualización de seguridad para Windows XP (KB971961)
    Actualización de seguridad para Windows XP (KB972270)
    Actualización de seguridad para Windows XP (KB973354)
    Actualización de seguridad para Windows XP (KB973507)
    Actualización de seguridad para Windows XP (KB973869)
    Actualización de seguridad para Windows XP (KB973904)
    Actualización de seguridad para Windows XP (KB974112)
    Actualización de seguridad para Windows XP (KB974318)
    Actualización de seguridad para Windows XP (KB974392)
    Actualización de seguridad para Windows XP (KB974571)
    Actualización de seguridad para Windows XP (KB975025)
    Actualización de seguridad para Windows XP (KB975467)
    Actualización de seguridad para Windows XP (KB975560)
    Actualización de seguridad para Windows XP (KB975713)
    Actualización de seguridad para Windows XP (KB977165-v2)
    Actualización de seguridad para Windows XP (KB977816)
    Actualización de seguridad para Windows XP (KB977914)
    Actualización de seguridad para Windows XP (KB978037)
    Actualización de seguridad para Windows XP (KB978251)
    Actualización de seguridad para Windows XP (KB978262)
    Actualización de seguridad para Windows XP (KB978338)
    Actualización de seguridad para Windows XP (KB978601)
    Actualización de seguridad para Windows XP (KB978706)
    Actualización de seguridad para Windows XP (KB979683)
    Actualización de seguridad para Windows XP (KB980232)
    Actualización para Windows Internet Explorer 8 (KB976662)
    Actualización para Windows Internet Explorer 8 (KB980182)
    Actualización para Windows Internet Explorer 8 (KB980302)
    Actualización para Windows XP (KB898461)
    Actualización para Windows XP (KB951978)
    Actualización para Windows XP (KB955759)
    Actualización para Windows XP (KB967715)
    Actualización para Windows XP (KB968389)
    Actualización para Windows XP (KB971737)
    Actualización para Windows XP (KB973687)
    Actualización para Windows XP (KB973815)
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.2 - Español
    Adobe Shockwave Player
    Ask Toolbar
    Auslogics Disk Defrag
    Babylon
    CCleaner
    Compresor WinRAR
    Download Accelerator Plus (DAP)
    Dream Aquarium
    ESET NOD32 Antivirus
    GoodSync
    Google Chrome
    HashTab 2.0.8
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB915800-v4)
    Ink Monitor
    Java(TM) 6 Update 6
    jv16 PowerTools 2009
    K-Lite Codec Pack 3.9.0 Standard
    Malwarebytes' Anti-Malware
    Manual de la C87
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Language Pack - ESN
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync
    Microsoft Office Access MUI (Spanish) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (Spanish) 2007
    Microsoft Office Groove MUI (Spanish) 2007
    Microsoft Office InfoPath MUI (Spanish) 2007
    Microsoft Office OneNote MUI (Spanish) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (Spanish) 2007
    Microsoft Office PowerPoint MUI (Spanish) 2007
    Microsoft Office Proof (Basque) 2007
    Microsoft Office Proof (Catalan) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Galician) 2007
    Microsoft Office Proof (Portuguese (Brazil)) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (Spanish) 2007
    Microsoft Office Publisher MUI (Spanish) 2007
    Microsoft Office Shared MUI (Spanish) 2007
    Microsoft Office Word MUI (Spanish) 2007
    Microsoft Software Update for Web Folders (Spanish) 12
    Microsoft Visual C++ 2005 Redistributable
    My DSC
    Nero 8.3.2.1
    NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
    Panda ActiveScan 2.0
    Paquete de idioma de Microsoft .NET Framework 2.0 - ESN
    Platform
    QT Lite 2.5.1
    Real Alternative 1.8.0 Lite
    Realtek AC'97 Audio
    Recuva (remove only)
    Registry Mechanic 8.0
    Revisión para el Reproductor de Windows Media 11 (KB939683)
    Revisión para Windows XP (KB952287)
    Revisión para Windows XP (KB961118)
    Revisión para Windows XP (KB979306)
    Security Update for Windows Search 4 - KB963093
    Software de impresora EPSON
    TaskSwitchXP
    TreeSize Professional 3.03
    TuneUp Utilities 2008
    TurboNote+
    Unlocker 1.8.7
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VIA Administrador de dispositivos de plataforma
    VIA Rhine-Family Fast Ethernet Adapter
    Weather Watcher Live
    Winamp
    Winamp Detector Plug-in
    Windows Installer Clean Up
    Windows Internet Explorer 8
    Windows Search 4.0
    Wocarson Windows Genuine Advantage Validation v1.9.9.1 Cracked V2

    ==== End Of File ===========================

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Administrador at 20:30:16,93 on 14/04/2010
    Internet Explorer: 8.0.6001.18702

    ============== Running Processes ===============


    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.babylon.com/home
    mWinlogon: SfcDisable=-99 (0xffffff9d)
    mWinlogon: UIHost=XPize_Logon.exe
    BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\archivos de programa\askbardis\bar\bin\askBar.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\archiv~1\micros~1\office12\GRA8E1~1.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre1.6.0_06\bin\ssv.dll
    BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\archiv~1\dap\DAPIEL~1.DLL
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\archivos de programa\askbardis\bar\bin\askBar.dll
    TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\administrador\configuración local\datos de programa\google\update\GoogleUpdate.exe" /c
    uRun: [GoodSync] "c:\archivos de programa\goodsync\GoodSync.exe" /min
    uRun: [H/PC Connection Agent] "c:\archivos de programa\microsoft activesync\Wcescomm.exe "
    uRun: [DownloadAccelerator] "c:\archivos de programa\dap\DAP.EXE" /STARTUP
    mRun: [egui] "c:\archivos de programa\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
    dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    StartupFolder: c:\docume~1\admini~1\menini~1\progra~1\inicio\recort~1.lnk - c:\archivos de programa\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\turbon~1.lnk - c:\archivos de programa\turbonote\tbnote.exe
    StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\window~1.lnk - c:\archivos de programa\windows desktop search\WindowsSearch.exe
    uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    uPolicies-explorer: NoSMMyPictures = 1 (0x1)
    uPolicies-explorer: NoResolveTrack = 1 (0x1)
    uPolicies-explorer: MaxRecentDocs = 16 (0x10)
    mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    dPolicies-explorer: NoSMHelp = 1 (0x1)
    dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    dPolicies-explorer: NoSMMyPictures = 1 (0x1)
    dPolicies-explorer: NoResolveTrack = 1 (0x1)
    IE: &Clean Traces - c:\archivos de programa\dap\privacy package\dapcleanerie.htm
    IE: &Download with &DAP - c:\archivos de programa\dap\dapextie.htm
    IE: Download &all with DAP - c:\archivos de programa\dap\dapextie2.htm
    IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~1\office12\EXCEL.EXE/3000
    IE: Translate with &Babylon - c:\archivos de programa\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\archivos de programa\java\jre1.6.0_06\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archiv~1\micros~1\office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\archiv~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\archiv~1\mi3aa1~1\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~1\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/pro/cabs/as2stubie.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\archiv~1\micros~1\office12\GR99D3~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\archiv~1\micros~1\office12\GRA8E1~1.DLL
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\archivos de programa\windows desktop search\MSNLNamespaceMgr.dll

    ============= SERVICES / DRIVERS ===============


    =============== Created Last 30 ================

    2010-04-14 17:30:35 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-04-14 17:30:26 0 d-----w- c:\archivos de programa\Panda Security
    2010-04-14 16:23:38 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-04-13 16:35:32 0 d-----w- c:\docume~1\admini~1\datosd~1\Malwarebytes
    2010-04-13 16:35:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-13 16:35:20 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-13 16:35:20 0 d-----w- c:\docume~1\alluse~1\datosd~1\Malwarebytes
    2010-04-13 16:35:20 0 d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
    2010-04-13 15:59:34 0 d-----w- c:\docume~1\alluse~1\datosd~1\SpeedBit
    2010-04-13 15:59:20 172032 ----a-w- c:\windows\system32\AniGIF.ocx
    2010-04-13 15:59:13 0 d-----w- c:\archivos de programa\DAP
    2010-04-13 01:46:16 0 d-----w- c:\archivos de programa\GoodSync
    2010-04-13 01:21:07 0 d-----w- C:\00 FAMILIA TRANSIT
    2010-04-12 22:22:12 0 d-----w- c:\docume~1\admini~1\datosd~1\WeatherWatcherLive
    2010-04-12 21:03:50 102400 ----a-w- c:\windows\system32\unzip32.dll
    2010-04-12 21:03:50 0 d-----w- c:\archivos de programa\AskBarDis
    2010-04-12 21:03:49 0 d-----w- c:\archivos de programa\Weather Watcher Live
    2010-04-12 16:24:26 243712 ----a-w- c:\windows\system32\dllcache\netevent.dll
    2010-04-10 22:35:10 0 d-----w- c:\archivos de programa\TurboNote
    2010-04-10 22:01:13 0 d--h--w- c:\windows\PIF
    2010-04-10 21:00:28 352 ---ha-w- c:\windows\nod32fixtemdono.reg
    2010-04-10 20:59:06 0 d-----w- c:\archivos de programa\ESET
    2010-04-10 20:46:57 0 d-----w- c:\docume~1\admini~1\datosd~1\JungleDisk
    2010-04-10 20:27:18 0 d-----w- c:\archivos de programa\Winamp Detect
    2010-04-10 19:08:24 0 d-----w- c:\docume~1\admini~1\datosd~1\Windows Desktop Search
    2010-04-10 18:44:56 235576 ----a-w- c:\windows\system32\VSNetRdr.dll
    2010-04-10 18:44:56 137272 ----a-w- c:\windows\system32\VSMntNtf.dll
    2010-04-10 18:44:54 145504 ----a-w- c:\windows\system32\drivers\cbfs.sys
    2010-04-10 18:24:27 0 d-----w- c:\archivos de programa\Jungle Disk Desktop
    2010-04-09 15:11:31 0 d-----w- c:\archivos de programa\Error Repair Professional
    2010-04-07 16:14:41 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
    2010-04-07 16:14:41 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
    2010-04-07 16:06:38 0 d-----w- c:\archivos de programa\Microsoft ActiveSync
    2010-04-07 14:04:41 0 d-----w- c:\docume~1\alluse~1\datosd~1\LogMeIn
    2010-04-07 13:59:18 28984 ----a-w- c:\windows\system32\LMIport.dll
    2010-04-07 13:59:17 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-04-07 13:59:17 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
    2010-04-07 13:59:13 87352 ----a-w- c:\windows\system32\LMIinit.dll
    2010-04-07 13:59:11 1024 ----a-w- C:\.rnd
    2010-04-07 13:59:03 0 d-----w- c:\archivos de programa\LogMeIn
    2010-04-07 09:25:03 0 d-----w- c:\archivos de programa\Microsoft Office Outlook Connector
    2010-04-07 08:22:10 0 d-----w- c:\docume~1\admini~1\datosd~1\Windows Search
    2010-04-07 07:17:24 0 d-----w- c:\archivos de programa\TreeSize Professional
    2010-04-06 22:33:48 0 d-----w- c:\docume~1\alluse~1\datosd~1\GoodSync
    2010-04-06 22:33:48 0 d-----w- c:\docume~1\admini~1\datosd~1\GoodSync
    2010-04-06 19:43:41 94208 ----a-w- c:\windows\Dream Aquarium.scr
    2010-04-06 19:43:37 0 d-----w- c:\archivos de programa\Dream Aquarium
    2010-04-06 19:42:44 0 d-----w- c:\docume~1\alluse~1\datosd~1\Babylon
    2010-04-06 19:42:44 0 d-----w- c:\docume~1\admini~1\datosd~1\Babylon
    2010-04-06 19:41:57 0 d-----w- c:\archivos de programa\TaskSwitchXP
    2010-04-06 19:41:53 0 d-----w- c:\archivos de programa\DAEMON Tools Lite
    2010-04-06 19:41:43 0 d-----w- c:\archivos de programa\Alcohol Soft
    2010-04-06 19:41:12 0 d-----w- c:\archivos de programa\AIMP2
    2010-04-06 16:16:28 69 ----a-w- c:\windows\NeroDigital.ini
    2010-04-06 14:21:06 0 d-----w- c:\archivos de programa\EPSON
    2010-04-06 14:20:58 79679 ----a-w- c:\windows\system32\E_FLMABL.DLL
    2010-04-06 14:20:58 64000 ----a-w- c:\windows\system32\E_FBCBABL.DLL
    2010-04-06 14:20:57 34304 ----a-w- c:\windows\system32\E_FBCHABL.DLL
    2010-04-06 14:20:48 74 ----a-w- c:\windows\EPSONC87.ini
    2010-04-05 19:06:34 0 d-----w- C:\010 JUGUETES
    2010-04-05 18:59:51 0 d-----w- C:\203 OUTLOOK VARIOS
    2010-04-05 16:23:45 0 d-----w- c:\archivos de programa\Windows Installer Clean Up
    2010-04-05 16:23:34 0 d-----w- c:\archivos de programa\MSECACHE
    2010-04-05 16:13:26 140048 ----a-w- c:\windows\system32\drivers\jdfs.sys
    2010-04-05 14:17:31 0 d-----w- c:\docume~1\alluse~1\datosd~1\JungleDisk
    2010-04-05 13:20:22 0 d-----w- c:\archivos de programa\jv16 PowerTools 2009
    2010-04-05 12:39:11 0 d-----w- c:\archivos de programa\Babylon
    2010-04-05 12:36:26 1089883 ------w- c:\windows\system32\dllcache\ntprint.cat
    2010-04-05 00:38:45 0 d-----w- c:\docume~1\admini~1\datosd~1\Auslogics
    2010-04-05 00:38:37 0 d-----w- c:\archivos de programa\Auslogics
    2010-04-05 00:08:52 0 d-----w- c:\archivos de programa\CCleaner
    2010-04-04 21:02:04 0 d-----w- c:\windows\system32\XPSViewer
    2010-04-04 19:45:26 0 d-sh--w- c:\documents and settings\administrador\IECompatCache
    2010-04-04 19:41:06 0 d-sh--w- c:\documents and settings\administrador\PrivacIE
    2010-04-04 12:03:36 0 d-----w- c:\windows\pss
    2010-04-04 06:53:40 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2010-04-04 06:53:40 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2010-04-04 06:53:40 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2010-04-04 06:53:40 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2010-04-04 06:53:40 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2010-04-04 06:53:40 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2010-04-04 06:53:40 117760 ------w- c:\windows\system32\prntvpt.dll
    2010-04-04 06:53:40 0 d-----w- c:\windows\9e180f0592cf2d03432da6899645aa
    2010-04-04 06:53:28 0 d-----w- c:\windows\SxsCaPendDel
    2010-04-04 06:50:50 0 d-----w- c:\windows\2c6f6f3dd2bfac87ec2790ee18
    2010-04-04 06:50:47 0 d-----w- c:\windows\fc7f84f3ff80b6179d8e9f7a0b
    2010-04-04 06:40:09 592 ----a-w- c:\windows\chgkey.vbs
    2010-04-04 06:27:22 0 d-sh--w- c:\documents and settings\administrador\IETldCache
    2010-04-04 06:24:35 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2010-04-04 06:24:35 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-04-04 06:24:35 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-04-04 06:24:35 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
    2010-04-04 06:24:35 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-04-04 06:24:35 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-04-04 06:24:30 0 d-----w- c:\windows\ie8updates
    2010-04-04 06:24:28 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
    2010-04-04 06:22:48 0 dc-h--w- c:\windows\ie8
    2010-04-04 00:56:29 0 d-----w- c:\windows\system32\appmgmt
    2010-04-04 00:54:39 0 d-----w- c:\windows\system32\PreInstall
    2010-04-04 00:54:38 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2010-04-04 00:54:37 0 d--h--w- c:\windows\$hf_mig$
    2010-04-03 22:03:26 0 d-----w- c:\archivos de programa\Windows Desktop Search
    2010-04-03 22:03:25 0 d--h--w- c:\windows\system32\GroupPolicy
    2010-04-03 22:03:03 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
    2010-04-03 22:03:03 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
    2010-04-03 22:03:03 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
    2010-04-03 21:41:55 8192 ----a-w- c:\windows\REGLOCS.OLD
    2010-04-03 21:40:49 4456 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-03 21:40:38 3409 ----a-w- c:\windows\system32\wbem\Outlook_01cad3764cc57f76.mof
    2010-04-03 21:39:43 0 d-----w- c:\windows\system32\SoftwareDistribution
    2010-04-03 21:14:38 272512 ------w- c:\windows\system32\drivers\bthport.sys
    2010-04-03 21:14:38 272512 ------w- c:\windows\system32\dllcache\bthport.sys
    2010-04-03 21:14:21 138496 ------w- c:\windows\system32\dllcache\afd.sys
    2010-04-03 21:13:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
    2010-04-03 21:12:49 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2010-04-03 21:04:35 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
    2010-04-03 21:04:35 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
    2010-04-03 21:03:55 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
    2010-04-03 21:03:54 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
    2010-04-03 21:03:54 286720 ------w- c:\windows\system32\dllcache\pdh.dll
    2010-04-03 21:03:54 2192384 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-04-03 21:03:54 111104 ------w- c:\windows\system32\dllcache\services.exe
    2010-04-03 21:03:53 739328 ------w- c:\windows\system32\dllcache\ntdll.dll
    2010-04-03 21:03:53 685056 ------w- c:\windows\system32\dllcache\advapi32.dll
    2010-04-03 21:03:53 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
    2010-04-03 21:03:53 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
    2010-04-03 21:03:53 35328 ------w- c:\windows\system32\dllcache\sc.exe
    2010-04-03 21:03:52 2148864 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-04-03 21:03:51 2027008 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-04-03 21:00:34 153088 ------w- c:\windows\system32\dllcache\triedit.dll
    2010-04-03 21:00:25 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-04-03 21:00:05 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
    2010-04-03 20:59:09 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
    2010-04-03 20:58:38 331776 ------w- c:\windows\system32\dllcache\msadce.dll
    2010-04-03 20:58:33 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
    2010-04-03 20:46:54 0 d-----r- C:\500 INSTALADORES
    2010-04-03 20:46:05 0 d-----w- C:\002 OUTLOOK
    2010-04-03 20:45:28 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
    2010-04-03 20:41:46 32592 ----a-w- c:\windows\system32\msonpmon.dll
    2010-04-03 20:40:40 0 d-----w- c:\archivos de programa\archivos comunes\DESIGNER
    2010-04-03 20:38:10 0 d-----w- c:\archivos de programa\Microsoft Visual Studio 8
    2010-04-03 20:36:53 0 d-----w- c:\windows\SHELLNEW
    2010-04-03 20:35:07 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
    2010-04-03 20:34:57 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
    2010-04-03 20:33:29 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
    2010-04-03 20:33:29 1206508 ------w- c:\windows\system32\dllcache\sysmain.sdb
    2010-04-03 20:32:15 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
    2010-04-03 16:30:20 0 d-----w- c:\archivos de programa\VIA
    2010-04-03 16:28:19 0 d-----w- c:\archivos de programa\Realtek AC97
    2010-04-03 16:28:06 0 d-----w- c:\archivos de programa\archivos comunes\InstallShield
    2010-04-03 16:18:09 0 d-----w- c:\archivos de programa\archivos comunes\ODBC
    2010-04-03 16:18:06 0 d-----w- c:\archivos de programa\archivos comunes\SpeechEngines
    2010-04-03 16:18:06 0 d-----w- c:\archivos de programa\archivos comunes\Microsoft Shared
    2010-04-03 16:18:06 0 d-----w- c:\archivos de programa\Archivos comunes
    2010-04-03 16:17:45 0 d--h--w- c:\documents and settings\all users\Plantillas
    2010-04-03 16:17:45 0 d-----w- c:\documents and settings\all users\Favoritos
    2010-04-03 16:17:45 0 d-----w- c:\documents and settings\all users\Escritorio
    2010-04-03 16:17:45 0 d-----r- c:\documents and settings\all users\Menú Inicio
    2010-04-03 16:17:45 0 d-----r- c:\documents and settings\all users\Documentos
    2010-04-03 16:17:29 0 d--h--r- c:\documents and settings\all users\Datos de programa
    2010-04-03 15:41:57 0 d-----w- c:\archivos de programa\Unlocker
    2010-04-03 15:41:49 0 d-----w- c:\docume~1\admini~1\datosd~1\TuneUp Software
    2010-04-03 15:41:41 0 d-----w- c:\docume~1\alluse~1\datosd~1\TuneUp Software
    2010-04-03 15:41:36 0 d-----w- c:\archivos de programa\TuneUp Utilities 2008
    2010-04-03 15:41:26 0 d-----w- c:\archivos de programa\archivos comunes\Wise Installation Wizard
    2010-04-03 15:41:05 0 d-----w- c:\archivos de programa\Real Alternative
    2010-04-03 15:40:55 0 d-----w- c:\archivos de programa\QT Lite
    2010-04-03 15:39:48 0 d-----w- c:\docume~1\alluse~1\datosd~1\Nero
    2010-04-03 15:39:48 0 d-----w- c:\archivos de programa\Nero
    2010-04-03 15:39:48 0 d-----w- c:\archivos de programa\archivos comunes\Nero
    2010-04-03 15:36:38 0 d-----w- c:\archivos de programa\K-Lite Codec Pack
    2010-04-03 15:36:09 0 d-----w- c:\archivos de programa\archivos comunes\Java
    2010-04-03 15:35:57 0 d-----w- c:\archivos de programa\HashTab Shell Extension
    2010-04-03 15:35:40 0 d-----w- c:\archivos de programa\archivos comunes\Adobe
    2010-04-03 15:24:47 0 d-sh--w- c:\documents and settings\all users\DRM
    2010-04-03 15:24:31 0 d--h--w- c:\archivos de programa\WindowsUpdate
    2010-04-03 15:24:11 0 d-----w- c:\archivos de programa\archivos comunes\Services
    2010-04-03 15:24:09 0 d-----w- c:\archivos de programa\archivos comunes\MSSoap
    2010-04-03 15:23:51 0 d-----w- c:\archivos de programa\archivos comunes\System
    2010-04-03 15:22:37 0 d-----w- c:\archivos de programa\Windows Media Connect 2
    2010-04-03 15:22:22 0 d-----w- c:\archivos de programa\Windows NT

    ==================== Find3M ====================

    2010-04-14 22:01:16 98304 ----a-w- c:\windows\DUMP6419.tmp
    2010-04-14 20:34:47 98304 ----a-w- c:\windows\DUMP6522.tmp
    2010-04-14 18:59:21 98304 ----a-w- c:\windows\DUMP6fd1.tmp
    2010-04-14 16:11:29 98304 ----a-w- c:\windows\DUMP7251.tmp
    2010-04-14 06:02:41 98304 ----a-w- c:\windows\DUMP6a81.tmp
    2010-04-14 05:48:45 98304 ----a-w- c:\windows\DUMP6f44.tmp
    2010-04-14 02:51:17 98304 ----a-w- c:\windows\DUMP6428.tmp
    2010-04-13 15:15:23 98304 ----a-w- c:\windows\DUMP5ff2.tmp
    2010-04-13 13:38:38 98304 ----a-w- c:\windows\DUMP5def.tmp
    2010-04-13 13:19:41 98304 ----a-w- c:\windows\DUMP597a.tmp
    2010-04-13 13:11:44 98304 ----a-w- c:\windows\DUMP59e8.tmp
    2010-04-13 01:29:55 98304 ----a-w- c:\windows\DUMP5cb6.tmp
    2010-04-12 22:23:17 98304 ----a-w- c:\windows\DUMP667a.tmp
    2010-04-12 21:20:15 98304 ----a-w- c:\windows\DUMP5861.tmp
    2010-04-11 20:19:33 98304 ----a-w- c:\windows\DUMP5bdb.tmp
    2010-04-11 19:51:39 98304 ----a-w- c:\windows\DUMP5cc6.tmp
    2010-04-11 14:42:02 98304 ----a-w- c:\windows\DUMP594b.tmp
    2010-04-11 13:49:36 98304 ----a-w- c:\windows\DUMP639c.tmp
    2010-04-11 04:00:28 98304 ----a-w- c:\windows\DUMP6263.tmp
    2010-04-11 01:38:16 98304 ----a-w- c:\windows\DUMP5bfa.tmp
    2010-04-10 19:07:58 98618 ----a-w- c:\windows\system32\perfc00A.dat
    2010-04-10 19:07:58 529298 ----a-w- c:\windows\system32\perfh00A.dat
    2010-04-10 17:53:34 98304 ----a-w- c:\windows\DUMP5a06.tmp
    2010-04-10 17:39:57 98304 ----a-w- c:\windows\DUMP5af2.tmp
    2010-04-10 14:44:49 98304 ----a-w- c:\windows\DUMP5302.tmp
    2010-04-08 21:29:03 98304 ----a-w- c:\windows\DUMP5841.tmp
    2010-04-08 05:35:05 836 ----a-w- c:\archivos de programa\Auslogics Disk Defrag.lnk
    2010-04-08 04:48:31 98304 ----a-w- c:\windows\DUMP5e0e.tmp
    2010-04-07 20:16:44 98304 ----a-w- c:\windows\DUMP73b9.tmp
    2010-04-07 15:01:27 98304 ----a-w- c:\windows\DUMP6978.tmp
    2010-04-07 14:04:19 98304 ----a-w- c:\windows\DUMP6d60.tmp
    2010-04-07 14:01:51 98304 ----a-w- c:\windows\DUMP6fe0.tmp
    2010-04-06 22:54:17 98304 ----a-w- c:\windows\DUMP5b6e.tmp
    2010-04-06 21:30:24 98304 ----a-w- c:\windows\DUMP5c58.tmp
    2010-04-06 21:23:30 98304 ----a-w- c:\windows\DUMP608e.tmp
    2010-04-06 16:39:13 98304 ----a-w- c:\windows\DUMP5b20.tmp
    2010-04-06 13:54:57 98304 ----a-w- c:\windows\DUMP49bb.tmp
    2010-04-05 20:48:45 98304 ----a-w- c:\windows\DUMP4ab5.tmp
    2010-04-05 20:47:36 98304 ----a-w- c:\windows\DUMP5227.tmp
    2010-04-05 13:14:26 98304 ----a-w- c:\windows\DUMP5af1.tmp
    2010-04-05 00:12:59 98304 ----a-w- c:\windows\DUMP64d4.tmp
    2010-04-04 15:36:25 98304 ----a-w- c:\windows\DUMP5d52.tmp
    2010-04-04 13:46:58 98304 ----a-w- c:\windows\DUMP468e.tmp
    2010-04-04 12:13:44 98304 ----a-w- c:\windows\DUMP5dee.tmp
    2010-04-04 11:45:19 98304 ----a-w- c:\windows\DUMP59e7.tmp
    2010-04-04 11:00:26 98304 ----a-w- c:\windows\DUMP5f56.tmp
    2010-04-04 01:29:00 98304 ----a-w- c:\windows\DUMP46ec.tmp
    2010-04-03 20:49:03 98304 ----a-w- c:\windows\DUMP4dc2.tmp
    2010-04-03 15:41:49 354560 ----a-w- c:\windows\system32\TuneUpDefragService.exe
    2010-04-03 15:25:51 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-04-03 15:23:17 21900 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-03-10 06:16:45 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-10 06:16:45 420352 ------w- c:\windows\system32\dllcache\vbscript.dll
    2010-02-25 06:16:45 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-25 06:16:45 916480 ------w- c:\windows\system32\dllcache\wininet.dll
    2010-02-25 06:16:45 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll
    2010-02-25 06:16:44 611840 ------w- c:\windows\system32\dllcache\mstime.dll
    2010-02-25 06:16:44 5944832 ------w- c:\windows\system32\dllcache\mshtml.dll
    2010-02-25 06:16:44 206848 ------w- c:\windows\system32\dllcache\occache.dll
    2010-02-25 06:16:40 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
    2010-02-25 06:16:38 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
    2010-02-25 06:16:32 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
    2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-24 09:54:59 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-02-16 19:07:04 2069248 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2010-02-16 19:06:59 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 19:06:56 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:34:05 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-12 04:34:05 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
    2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys

    ============= FINISH: 20:30:31,56 ===============
    Thank you
     
    eddie2000,
    #1
  2. 2010/04/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 3. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/04/15
    eddie2000

    eddie2000 Inactive Thread Starter

    Joined:
    2010/04/13
    Messages:
    21
    Likes Received:
    0
    Hello Broni. thank you for such detailed answer. I performed all the jobs you suggested and here are the logs:

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3990

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    15/04/2010 10:22:18
    mbam-log-2010-04-15 (10-22-18).txt

    Scan type: Quick scan
    Objects scanned: 98623
    Time elapsed: 3 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ______________________________________________

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-04-15 11:53:03
    Windows 5.1.2600 Service Pack 3
    Running: 3dgzcdi9.exe; Driver: C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\pxtdapob.sys


    ---- System - GMER 1.0.15 ----

    SSDT splr.sys ZwCreateKey [0xBA6A80E0]
    SSDT splr.sys ZwEnumerateKey [0xBA6C6CA2]
    SSDT splr.sys ZwEnumerateValueKey [0xBA6C7030]
    SSDT splr.sys ZwOpenKey [0xBA6A80C0]
    SSDT splr.sys ZwQueryKey [0xBA6C7108]
    SSDT splr.sys ZwQueryValueKey [0xBA6C6F88]
    SSDT splr.sys ZwSetValueKey [0xBA6C719A]

    INT 0x62 ? 89BE5BF8
    INT 0x82 ? 89BE5BF8
    INT 0x83 ? 89B75BF8
    INT 0xB4 ? 899DDD40
    INT 0xB4 ? 899DDD40
    INT 0xB4 ? 899DDD40
    INT 0xB4 ? 899DDD40
    INT 0xB4 ? 899DDD40
    INT 0xB4 ? 899DDD40

    ---- Kernel code sections - GMER 1.0.15 ----

    ? splr.sys El sistema no puede hallar el archivo especificado. !
    .text USBPORT.SYS!DllUnload B9C468AC 5 Bytes JMP 899DD320
    .text ag6sslqo.SYS B97FB384 1 Byte [20]
    .text ag6sslqo.SYS B97FB384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
    .text ag6sslqo.SYS B97FB3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
    .text ag6sslqo.SYS B97FB3C4 3 Bytes [00, 00, 00]
    .text ag6sslqo.SYS B97FB3C9 1 Byte [00]
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Archivos de programa\Internet Explorer\iexplore.exe[504] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 402E5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Archivos de programa\Internet Explorer\iexplore.exe[504] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 403BDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Archivos de programa\Internet Explorer\iexplore.exe[504] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 404B473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Archivos de programa\Internet Explorer\iexplore.exe[504] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 404B4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Archivos de programa\Internet Explorer\iexplore.exe[504] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 404B46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Archivos de programa\Internet Explorer\iexplore.exe[504] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 404B4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Archivos de programa\Internet Explorer\iexplore.exe[504] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 404B45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Archivos de programa\Internet Explorer\iexplore.exe[504] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 404B47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Archivos de programa\Internet Explorer\iexplore.exe[504] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 404B4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe[512] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
    .text C:\WINDOWS\system32\SearchIndexer.exe[1120] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] splr.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] splr.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] splr.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] splr.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] splr.sys
    IAT \SystemRoot\System32\Drivers\ag6sslqo.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
    IAT \SystemRoot\System32\Drivers\ag6sslqo.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
    IAT \SystemRoot\System32\Drivers\ag6sslqo.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
    IAT \SystemRoot\System32\Drivers\ag6sslqo.SYS[HAL.dll!KfRaiseIrql] 000000AF
    IAT \SystemRoot\System32\Drivers\ag6sslqo.SYS[HAL.dll!KfLowerIrql] 0000009C
    IAT \SystemRoot\System32\Drivers\ag6sslqo.SYS[HAL.dll!HalGetInterruptVector] 000000A4
    IAT \SystemRoot\System32\Drivers\ag6sslqo.SYS[HAL.dll!HalTranslateBusAddress] 00000072
    IAT \SystemRoot\System32\Drivers\ag6sslqo.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
    IAT \SystemRoot\System32\Drivers\ag6sslqo.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
    IAT \SystemRoot\System32\Drivers\ag6sslqo.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
    IAT \SystemRoot\System32\Drivers\ag6sslqo.SYS[HAL.dll!READ_PORT_USHORT] 00000093
    IAT \SystemRoot\System32\Drivers\ag6sslqo.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
    IAT \SystemRoot\System32\Drivers\ag6sslqo.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
    IAT \SystemRoot\System32\Drivers\ag6sslqo.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
    IAT \SystemRoot\System32\Drivers\ag6sslqo.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] splr.sys

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 00F1BFC0
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 00F1C030
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 00F1C560
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 00F1B230
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00F186C0
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00F19920
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00F19B90
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00F1C230
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 00F1C550
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA] 00F19CA0
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 00F1B340
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] 00F1B190
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] 00F1AFF0
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 00F1A3F0
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] 00F1AB80
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 00F1A830
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 00F1AFB0
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetACP] 00F1C570
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStrings] 00F19E00
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStringsW] 00F19E80
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 00F19F00
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] 00F1A070
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00F1A150
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] 00F1A000
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00F1C4C0
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00F1C470
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00F186C0
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00F19920
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00F1B230
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00F19B90
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00F199A0
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00F1A830
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00F1C170
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00F1C1B0
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00F1C550
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00F1C030
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00F1B190
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00F1A150
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00F19B00
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00F19E80
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00F1CAD0
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00F1AB80
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00F1AFF0
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00F1B6B0
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00F1B440
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00F1B630
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00F1BB10
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00F1B820
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00F19A70
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00F1A000
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00F1C290
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00F1B580
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00F1B130
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00F1AFB0
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00F1B340
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00F1C570
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00F1B380
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 00F1C810
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 00F1C7B0
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00F1CA00
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00F1CAA0
    IAT C:\Archivos de programa\DAP\DAP.EXE[2024] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 00F1C8D0

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 89B741F8

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

    Device \Driver\usbuhci \Device\USBPDO-0 899141F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 89B761F8
    Device \Driver\dmio \Device\DmControl\DmConfig 89B761F8
    Device \Driver\dmio \Device\DmControl\DmPnP 89B761F8
    Device \Driver\dmio \Device\DmControl\DmInfo 89B761F8
    Device \Driver\usbuhci \Device\USBPDO-1 899141F8
    Device \Driver\usbuhci \Device\USBPDO-2 899141F8
    Device \Driver\usbuhci \Device\USBPDO-3 899141F8
    Device \Driver\usbehci \Device\USBPDO-4 898FD1F8

    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

    Device \Driver\PCI_PNP0196 \Device\00000049 splr.sys
    Device \Driver\Ftdisk \Device\HarddiskVolume1 89BE61F8
    Device \Driver\CDRom \Device\CdRom0 8991F1F8
    Device \Driver\CDRom \Device\CdRom1 8991F1F8
    Device \Driver\atapi \Device\Ide\IdePort0 [BA5FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [BA5FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [BA5FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [BA5FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\ViPrt \Device\Ide\ViaIdePort0 89B751F8
    Device \Driver\ViPrt \Device\Ide\ViaIdePort1 89B751F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 894CF1F8
    Device \Driver\NetBT \Device\NetbiosSmb 894CF1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{F4D06146-B2F5-4B0B-8305-27F05FB06196} 894CF1F8
    Device \Driver\usbuhci \Device\USBFDO-0 899141F8
    Device \Driver\sptd \Device\86337696 splr.sys
    Device \Driver\usbuhci \Device\USBFDO-1 899141F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894D01F8
    Device \Driver\usbuhci \Device\USBFDO-2 899141F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 894D01F8
    Device \Driver\usbuhci \Device\USBFDO-3 899141F8
    Device \Driver\usbehci \Device\USBFDO-4 898FD1F8
    Device \Driver\Ftdisk \Device\FtControl 89BE61F8
    Device \Driver\ag6sslqo \Device\Scsi\ag6sslqo1Port4Path0Target0Lun0 898D21F8
    Device \Driver\ag6sslqo \Device\Scsi\ag6sslqo1 898D21F8
    Device \FileSystem\Cdfs \Cdfs 8946E1F8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Archivos de programa\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Archivos de programa\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA4 0x4C 0x01 0x04 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB2 0x87 0x4C 0x0C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x67 0x80 0x15 0x39 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Archivos de programa\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Archivos de programa\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA4 0x4C 0x01 0x04 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB2 0x87 0x4C 0x0C ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x67 0x80 0x15 0x39 ...

    ---- EOF - GMER 1.0.15 ----
    _____________________________________

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:14:17, on 15/04/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\GoodSync\GoodSync.exe
    C:\Archivos de programa\Microsoft ActiveSync\Wcescomm.exe
    C:\Archivos de programa\DAP\DAP.EXE
    C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\ARCHIV~1\MI3AA1~1\rapimgr.exe
    C:\Archivos de programa\TurboNote\tbnote.exe
    C:\Archivos de programa\Windows Desktop Search\WindowsSearch.exe
    C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Archivos de programa\Internet Explorer\iexplore.exe
    C:\Archivos de programa\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARCHIV~1\DAP\DAPIEL~1.DLL
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [GoodSync] "C:\Archivos de programa\GoodSync\GoodSync.exe" /min
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\Wcescomm.exe "
    O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Archivos de programa\DAP\DAP.EXE" /STARTUP
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
    O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - S-1-5-21-1715567821-261478967-1177238915-500 Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
    O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: TurboNote.lnk = C:\Archivos de programa\TurboNote\tbnote.exe
    O4 - Global Startup: Windows Search.lnk = C:\Archivos de programa\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/pro/cabs/as2stubie.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~1\Office12\GR99D3~1.DLL
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe

    --
    End of file - 7445 bytes

    THANK YOU AGAIN AND HOPE YOU CAN FIND SOMETHING TO SOLVE MY HANGING MY COMPUTER MANY TIMES IN AN HOUR..

    Eddie2000

     
    eddie2000,
    #3
  5. 2010/04/15
    eddie2000

    eddie2000 Inactive Thread Starter

    Joined:
    2010/04/13
    Messages:
    21
    Likes Received:
    0
    Hello Broni: Sometime between the antimalware runs whose logs I just sent them to you, not considering your remark about doing nothing in my computer, I dissabled Outlook Express because I was not using this application and it was prompting me to make a backup of the mails and there were not any mails to back up. Can this process have anything to do with my problem? This prompting after restarting the PC started sa few days ago. But I think I have the problem since 4 or 5 days ago.

    Thank you again,
    Eduardo

     
    eddie2000,
    #4
  6. 2010/04/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    So far, I don't see any threats....

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #5
  7. 2010/04/15
    eddie2000

    eddie2000 Inactive Thread Starter

    Joined:
    2010/04/13
    Messages:
    21
    Likes Received:
    0
    Hello Broni:

    I followed your instructions but did not get any combofix.txt file. Instead i got combofix as a folder on windows browser hanging from C and C hanging from combofix and combofix hanging from c in an endless chain. I tried to restore the system but it was impossible. must bI now reinstall Windows?

    Here is the lod for Hijack:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:43:43, on 15/04/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Archivos de programa\GoodSync\GoodSync.exe
    C:\Archivos de programa\Microsoft ActiveSync\Wcescomm.exe
    C:\Archivos de programa\DAP\DAP.EXE
    C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Archivos de programa\TurboNote\tbnote.exe
    C:\ARCHIV~1\MI3AA1~1\rapimgr.exe
    C:\Archivos de programa\Windows Desktop Search\WindowsSearch.exe
    C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARCHIV~1\DAP\DAPIEL~1.DLL
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [GoodSync] "C:\Archivos de programa\GoodSync\GoodSync.exe" /min
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\Wcescomm.exe "
    O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Archivos de programa\DAP\DAP.EXE" /STARTUP
    O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c (User '?')
    O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [GoodSync] "C:\Archivos de programa\GoodSync\GoodSync.exe" /min (User '?')
    O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\Wcescomm.exe" (User '?')
    O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [DownloadAccelerator] "C:\Archivos de programa\DAP\DAP.EXE" /STARTUP (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - S-1-5-21-1715567821-261478967-1177238915-500 Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
    O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: TurboNote.lnk = C:\Archivos de programa\TurboNote\tbnote.exe
    O4 - Global Startup: Windows Search.lnk = C:\Archivos de programa\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/pro/cabs/as2stubie.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~1\Office12\GR99D3~1.DLL
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe

    --
    End of file - 7754 bytes

    Thank you again for your help.

    Ps: The computer just crashed again and due to the same cause.

    Regards,

    Eddie2000

     
    eddie2000,
    #6
  8. 2010/04/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How did you end the loop and posted HJT log?
     
    broni,
    #7
  9. 2010/04/16
    eddie2000

    eddie2000 Inactive Thread Starter

    Joined:
    2010/04/13
    Messages:
    21
    Likes Received:
    0
    Hello Broni: When running combo-fix the PC restarted and stopped in rhe windoows "closing windows ". After a while -3 minutes or so- I restarted the system with the hard button on my PC. Then I ran HijackThis. Thank you.
    Eddie2000

     
    eddie2000,
    #8
  10. 2010/04/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, re-run Combofix from Safe Mode.
     
    broni,
    #9
  11. 2010/04/16
    eddie2000

    eddie2000 Inactive Thread Starter

    Joined:
    2010/04/13
    Messages:
    21
    Likes Received:
    0
    Hello Broni:

    Done my homework!

    Here are the Combo.fix and Hijack logs:

    ComboFix 10-04-14.04 - Administrador 16/04/2010 16:53:25.1.2 - x86 MINIMAL
    Running from: c:\500 instaladores\ComboFix\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\archivos de programa\Error Repair Professional
    c:\archivos de programa\Error Repair Professional\Backups\Backup_12-21-54_9-4-2010.reg
    c:\windows\system32\OgaCheckControl.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 )))))))))))))))))))))))))))))))
    .

    2010-04-15 15:13 . 2010-04-15 15:13 -------- d-----w- c:\archivos de programa\Trend Micro
    2010-04-14 17:30 . 2009-06-30 12:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-04-14 17:30 . 2010-04-14 17:30 -------- d-----w- c:\archivos de programa\Panda Security
    2010-04-14 16:23 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-04-13 16:35 . 2010-04-13 16:35 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
    2010-04-13 16:35 . 2010-03-30 03:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-13 16:35 . 2010-04-13 16:35 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
    2010-04-13 16:35 . 2010-04-13 16:35 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
    2010-04-13 16:35 . 2010-03-30 03:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-13 15:59 . 2010-04-13 15:59 -------- d-----w- c:\documents and settings\All Users\Datos de programa\SpeedBit
    2010-04-13 15:59 . 2010-04-13 16:01 -------- d-----w- c:\archivos de programa\DAP
    2010-04-13 01:46 . 2010-04-13 01:46 -------- d-----w- c:\archivos de programa\GoodSync
    2010-04-13 01:21 . 2010-04-14 20:08 -------- d-----w- C:\00 FAMILIA TRANSIT
    2010-04-12 22:22 . 2010-04-12 22:22 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\WeatherWatcherLive
    2010-04-12 21:03 . 2010-04-12 21:03 -------- d-----w- c:\archivos de programa\AskBarDis
    2010-04-12 21:03 . 2004-05-27 05:32 102400 ----a-w- c:\windows\system32\unzip32.dll
    2010-04-12 21:03 . 2010-04-12 21:03 -------- d-----w- c:\archivos de programa\Weather Watcher Live
    2010-04-12 16:24 . 2001-08-24 16:00 243712 ----a-w- c:\windows\system32\dllcache\netevent.dll
    2010-04-10 22:35 . 2010-04-10 22:40 -------- d-----w- c:\archivos de programa\TurboNote
    2010-04-10 22:01 . 2010-04-10 22:01 -------- d--h--w- c:\windows\PIF
    2010-04-10 21:00 . 2008-01-07 17:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg
    2010-04-10 20:59 . 2010-04-10 20:59 -------- d-----w- c:\archivos de programa\ESET
    2010-04-10 20:46 . 2010-04-14 02:35 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\JungleDisk
    2010-04-10 19:08 . 2010-04-10 19:08 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Windows Desktop Search
    2010-04-10 18:44 . 2010-02-05 16:38 235576 ----a-w- c:\windows\system32\VSNetRdr.dll
    2010-04-10 18:44 . 2010-02-05 16:38 137272 ----a-w- c:\windows\system32\VSMntNtf.dll
    2010-04-10 18:44 . 2010-02-05 16:38 145504 ----a-w- c:\windows\system32\drivers\cbfs.sys
    2010-04-10 18:24 . 2010-04-14 02:35 -------- d-----w- c:\archivos de programa\Jungle Disk Desktop
    2010-04-07 20:25 . 2008-04-14 05:48 26624 ----a-w- c:\documents and settings\LocalService\Datos de programa\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    2010-04-07 16:14 . 2008-04-13 20:26 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
    2010-04-07 16:14 . 2008-04-13 20:26 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
    2010-04-07 16:06 . 2010-04-07 16:06 -------- d-----w- c:\archivos de programa\Microsoft ActiveSync
    2010-04-07 14:04 . 2010-04-07 14:04 -------- d-----w- c:\documents and settings\All Users\Datos de programa\LogMeIn
    2010-04-07 13:59 . 2009-09-28 17:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2010-04-07 13:59 . 2009-09-28 17:34 28984 ----a-w- c:\windows\system32\LMIport.dll
    2010-04-07 13:59 . 2009-09-28 17:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-04-07 13:59 . 2008-08-11 10:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
    2010-04-07 13:59 . 2009-09-28 17:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
    2010-04-07 13:59 . 2010-04-07 13:59 -------- d-----w- c:\archivos de programa\LogMeIn
    2010-04-07 09:25 . 2010-04-07 09:25 -------- d-----w- c:\archivos de programa\Microsoft Office Outlook Connector
    2010-04-07 08:22 . 2010-04-07 08:22 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Windows Search
    2010-04-07 07:17 . 2010-04-07 07:18 -------- d-----w- c:\archivos de programa\TreeSize Professional
    2010-04-06 22:33 . 2010-04-16 19:43 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\GoodSync
    2010-04-06 22:33 . 2010-04-06 22:33 -------- d-----w- c:\documents and settings\All Users\Datos de programa\GoodSync
    2010-04-06 21:19 . 2010-04-07 09:04 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\DAEMON Tools
    2010-04-06 19:43 . 2006-10-09 10:00 94208 ----a-w- c:\windows\Dream Aquarium.scr
    2010-04-06 19:43 . 2010-04-07 08:44 -------- d-----w- c:\archivos de programa\Dream Aquarium
    2010-04-06 19:42 . 2010-04-15 00:18 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Babylon
    2010-04-06 19:42 . 2010-04-14 04:33 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Babylon
    2010-04-06 19:42 . 2010-04-06 19:42 -------- d-----w- c:\archivos de programa\Recuva
    2010-04-06 19:41 . 2010-04-06 19:41 -------- d-----w- c:\archivos de programa\TaskSwitchXP
    2010-04-06 19:41 . 2010-04-06 19:41 -------- d-----w- c:\archivos de programa\DAEMON Tools Lite
    2010-04-06 19:41 . 2010-04-06 19:41 -------- d-----w- c:\archivos de programa\Alcohol Soft
    2010-04-06 19:41 . 2010-04-07 08:38 -------- d-----w- c:\archivos de programa\AIMP2
    2010-04-06 14:21 . 2010-04-06 14:41 -------- d-----w- c:\archivos de programa\EPSON
    2010-04-06 14:20 . 2004-11-25 04:07 79679 ----a-w- c:\windows\system32\E_FLMABL.DLL
    2010-04-06 14:20 . 2003-05-21 00:27 64000 ----a-w- c:\windows\system32\E_FBCBABL.DLL
    2010-04-06 14:20 . 2000-06-06 23:01 34304 ----a-w- c:\windows\system32\E_FBCHABL.DLL
    2010-04-06 03:05 . 2010-04-06 03:05 -------- d-----w- c:\documents and settings\All Users\Datos de programa\ESET
    2010-04-05 19:06 . 2010-04-05 19:08 -------- d-----w- C:\010 JUGUETES
    2010-04-05 18:59 . 2010-04-06 13:48 -------- d-----w- C:\203 OUTLOOK VARIOS
    2010-04-05 16:23 . 2010-04-05 16:23 3584 ----a-r- c:\documents and settings\Administrador\Datos de programa\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
    2010-04-05 16:23 . 2010-04-05 16:23 -------- d-----w- c:\archivos de programa\Windows Installer Clean Up
    2010-04-05 16:23 . 2010-04-07 09:23 -------- d-----w- c:\archivos de programa\MSECACHE
    2010-04-05 16:13 . 2009-01-08 10:25 140048 ----a-w- c:\windows\system32\drivers\jdfs.sys
    2010-04-05 14:17 . 2010-04-10 18:24 -------- d-----w- c:\documents and settings\All Users\Datos de programa\JungleDisk
    2010-04-05 13:20 . 2010-04-05 13:22 -------- d-----w- c:\archivos de programa\jv16 PowerTools 2009
    2010-04-05 12:39 . 2010-04-05 15:14 -------- d-----w- c:\archivos de programa\Babylon
    2010-04-05 00:38 . 2010-04-05 00:38 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Auslogics
    2010-04-05 00:38 . 2010-04-05 00:38 -------- d-----w- c:\archivos de programa\Auslogics
    2010-04-05 00:22 . 2010-04-16 15:56 -------- d---a-w- c:\documents and settings\All Users\Datos de programa\TEMP
    2010-04-05 00:08 . 2010-04-11 23:42 -------- d-----w- c:\archivos de programa\CCleaner
    2010-04-04 21:02 . 2010-04-04 21:02 -------- d-----w- c:\windows\system32\XPSViewer
    2010-04-04 21:01 . 2010-04-04 21:01 -------- d-----w- c:\archivos de programa\Reference Assemblies
    2010-04-04 19:45 . 2010-04-04 19:45 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache
    2010-04-04 19:41 . 2010-04-04 19:41 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE
    2010-04-04 06:53 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2010-04-04 06:53 . 2010-04-04 06:53 -------- d-----w- c:\windows\9e180f0592cf2d03432da6899645aa
    2010-04-04 06:53 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2010-04-04 06:53 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2010-04-04 06:53 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2010-04-04 06:53 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2010-04-04 06:53 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2010-04-04 06:53 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2010-04-04 06:53 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2010-04-04 06:53 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2010-04-04 06:53 . 2010-04-04 10:35 -------- d-----w- c:\windows\SxsCaPendDel
    2010-04-04 06:50 . 2010-04-04 06:50 -------- d-----w- c:\windows\2c6f6f3dd2bfac87ec2790ee18
    2010-04-04 06:50 . 2010-04-04 10:27 -------- d-----w- c:\windows\fc7f84f3ff80b6179d8e9f7a0b
    2010-04-04 06:40 . 2010-04-04 06:40 592 ----a-w- c:\windows\chgkey.vbs
    2010-04-04 06:27 . 2010-04-04 06:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-04-04 06:27 . 2010-04-04 06:27 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache
    2010-04-04 06:24 . 2010-02-25 09:46 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-04-04 06:24 . 2010-02-25 06:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-04-04 06:24 . 2010-02-25 06:16 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2010-04-04 06:24 . 2010-02-25 06:16 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-04-04 06:24 . 2010-02-25 06:16 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
    2010-04-04 06:24 . 2010-02-25 06:16 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-04-04 06:24 . 2010-04-14 12:53 -------- d-----w- c:\windows\ie8updates
    2010-04-04 06:24 . 2010-02-16 04:50 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
    2010-04-04 06:22 . 2010-04-04 06:23 -------- dc-h--w- c:\windows\ie8
    2010-04-04 00:54 . 2009-05-12 13:12 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2010-04-04 00:54 . 2010-04-14 12:55 -------- d--h--w- c:\windows\$hf_mig$
    2010-04-03 22:03 . 2010-04-11 13:49 -------- d-----w- c:\archivos de programa\Windows Desktop Search
    2010-04-03 22:03 . 2010-04-04 21:57 -------- d--h--w- c:\windows\system32\GroupPolicy
    2010-04-03 22:03 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
    2010-04-03 22:03 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
    2010-04-03 22:03 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
    2010-04-03 21:40 . 2006-12-31 22:08 4456 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-03 21:14 . 2008-06-14 17:33 272512 ------w- c:\windows\system32\drivers\bthport.sys
    2010-04-03 21:14 . 2008-06-14 17:33 272512 ------w- c:\windows\system32\dllcache\bthport.sys
    2010-04-03 21:14 . 2008-08-14 10:04 138496 ------w- c:\windows\system32\dllcache\afd.sys
    2010-04-03 21:13 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
    2010-04-03 21:12 . 2009-11-21 15:58 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2010-04-03 21:04 . 2009-10-15 16:32 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
    2010-04-03 21:04 . 2009-10-15 16:32 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
    2010-04-03 21:03 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
    2010-04-03 21:03 . 2010-02-17 17:07 2192384 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-04-03 21:03 . 2009-03-06 14:20 286720 ------w- c:\windows\system32\dllcache\pdh.dll
    2010-04-03 21:03 . 2009-02-09 11:23 111104 ------w- c:\windows\system32\dllcache\services.exe
    2010-04-03 21:03 . 2009-02-09 10:52 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
    2010-04-03 21:03 . 2009-02-09 10:52 685056 ------w- c:\windows\system32\dllcache\advapi32.dll
    2010-04-03 21:03 . 2009-02-09 10:52 739328 ------w- c:\windows\system32\dllcache\ntdll.dll
    2010-04-03 21:03 . 2009-02-09 10:52 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
    2010-04-03 21:03 . 2009-02-09 10:52 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-16 13:21 . 2010-04-04 11:02 90112 ----a-w- c:\windows\DUMP5e4c.tmp
    2010-04-16 02:30 . 2010-04-04 11:02 90112 ----a-w- c:\windows\DUMP6979.tmp
    2010-04-16 02:11 . 2010-04-04 11:02 90112 ----a-w- c:\windows\DUMP6cd3.tmp
    2010-04-15 21:16 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP77c0.tmp
    2010-04-15 14:17 . 2001-08-24 16:00 98618 ----a-w- c:\windows\system32\perfc00A.dat
    2010-04-15 14:17 . 2001-08-24 16:00 529298 ----a-w- c:\windows\system32\perfh00A.dat
    2010-04-15 02:01 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP4390.tmp
    2010-04-15 01:56 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6447.tmp
    2010-04-14 22:01 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6419.tmp
    2010-04-14 20:34 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6522.tmp
    2010-04-14 18:59 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6fd1.tmp
    2010-04-14 16:11 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP7251.tmp
    2010-04-14 06:02 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6a81.tmp
    2010-04-14 05:48 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6f44.tmp
    2010-04-14 02:51 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6428.tmp
    2010-04-13 15:15 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5ff2.tmp
    2010-04-13 13:38 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5def.tmp
    2010-04-13 13:19 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP597a.tmp
    2010-04-13 13:11 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP59e8.tmp
    2010-04-13 01:29 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5cb6.tmp
    2010-04-12 22:23 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP667a.tmp
    2010-04-12 21:20 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5861.tmp
    2010-04-11 20:19 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5bdb.tmp
    2010-04-11 19:51 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5cc6.tmp
    2010-04-11 14:42 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP594b.tmp
    2010-04-11 13:49 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP639c.tmp
    2010-04-11 04:00 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6263.tmp
    2010-04-11 01:38 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5bfa.tmp
    2010-04-10 20:27 . 2010-04-03 15:42 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Winamp
    2010-04-10 20:27 . 2010-04-03 15:42 -------- d-----w- c:\archivos de programa\Winamp
    2010-04-10 20:27 . 2010-04-10 20:27 -------- d-----w- c:\archivos de programa\Winamp Detect
    2010-04-10 17:53 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5a06.tmp
    2010-04-10 17:39 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5af2.tmp
    2010-04-10 14:44 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5302.tmp
    2010-04-08 21:29 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5841.tmp
    2010-04-08 05:35 . 2010-04-08 05:35 836 ----a-w- c:\archivos de programa\Auslogics Disk Defrag.lnk
    2010-04-08 04:48 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5e0e.tmp
    2010-04-07 20:16 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP73b9.tmp
    2010-04-07 15:01 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6978.tmp
    2010-04-07 14:04 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6d60.tmp
    2010-04-07 14:01 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6fe0.tmp
    2010-04-06 22:54 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5b6e.tmp
    2010-04-06 21:30 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5c58.tmp
    2010-04-06 21:23 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP608e.tmp
    2010-04-06 16:39 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5b20.tmp
    2010-04-06 13:54 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP49bb.tmp
    2010-04-05 20:48 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP4ab5.tmp
    2010-04-05 20:47 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5227.tmp
    2010-04-05 14:27 . 2010-04-03 15:41 -------- d-----w- c:\archivos de programa\Unlocker
    2010-04-05 13:14 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5af1.tmp
    2010-04-05 00:12 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP64d4.tmp
    2010-04-04 15:36 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5d52.tmp
    2010-04-04 13:46 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP468e.tmp
    2010-04-04 12:13 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5dee.tmp
    2010-04-04 11:45 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP59e7.tmp
    2010-04-04 11:00 . 2010-04-03 17:13 98304 ----a-w- c:\windows\DUMP5f56.tmp
    2010-04-04 08:19 . 2010-04-03 15:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-04-04 06:40 . 2010-04-04 06:40 592 ----a-w- c:\windows\chgkey.vbs
    2010-04-04 01:29 . 2010-04-03 17:13 98304 ----a-w- c:\windows\DUMP46ec.tmp
    2010-04-03 20:49 . 2010-04-03 17:13 98304 ----a-w- c:\windows\DUMP4dc2.tmp
    2010-04-03 16:30 . 2010-04-03 16:30 -------- d-----w- c:\archivos de programa\VIA
    2010-04-03 16:28 . 2010-04-03 16:28 -------- d-----w- c:\archivos de programa\Realtek AC97
    2010-04-03 15:41 . 2010-04-03 15:41 354560 ----a-w- c:\windows\system32\TuneUpDefragService.exe
    2010-04-03 15:41 . 2010-04-03 15:41 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\TuneUp Software
    2010-04-03 15:41 . 2010-04-03 15:41 -------- d-----w- c:\archivos de programa\TuneUp Utilities 2008
    2010-04-03 15:41 . 2010-04-03 15:41 -------- d-----w- c:\documents and settings\All Users\Datos de programa\TuneUp Software
    2010-04-03 15:41 . 2010-04-03 15:41 -------- d-----w- c:\archivos de programa\Archivos comunes\Wise Installation Wizard
    2010-04-03 15:41 . 2010-04-03 15:41 -------- d-----w- c:\archivos de programa\Real Alternative
    2010-04-03 15:41 . 2010-04-03 15:41 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Apple Computer
    2010-04-03 15:41 . 2010-04-03 15:40 -------- d-----w- c:\archivos de programa\QT Lite
    2010-04-03 15:39 . 2010-04-03 15:39 -------- d-----w- c:\archivos de programa\Nero
    2010-04-03 15:39 . 2010-04-03 15:39 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Nero
    2010-04-03 15:39 . 2010-04-03 15:39 -------- d-----w- c:\archivos de programa\Archivos comunes\Nero
    2010-04-03 15:36 . 2010-04-03 15:36 -------- d-----w- c:\archivos de programa\K-Lite Codec Pack
    2010-04-03 15:36 . 2010-04-03 15:36 -------- d-----w- c:\archivos de programa\Java
    2010-04-03 15:36 . 2010-04-03 15:36 -------- d-----w- c:\archivos de programa\Archivos comunes\Java
    2010-04-03 15:35 . 2010-04-03 15:35 -------- d-----w- c:\archivos de programa\HashTab Shell Extension
    2010-04-03 15:35 . 2010-04-03 15:35 -------- d-----w- c:\archivos de programa\Archivos comunes\Adobe
    2010-04-03 15:25 . 2010-04-03 15:25 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-04-03 15:23 . 2010-04-03 15:23 21900 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-04-03 15:22 . 2010-04-03 15:22 -------- d-----w- c:\archivos de programa\Windows Media Connect 2
    2010-03-10 06:16 . 2008-04-14 05:48 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-25 06:16 . 2008-05-11 18:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2008-04-13 22:47 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 19:06 . 2008-04-14 05:27 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 19:06 . 2008-04-14 05:27 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:34 . 2008-04-14 05:48 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2008-04-13 22:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    .

    ------- Sigcheck -------

    [-] 2008-04-14 . C6C729770D9C3A0AD4D2D28788E71684 . 1698816 . . [6.00.2900.5512] . . c:\windows\explorer.exe


    [-] 2008-04-14 . 97D44EE3E44CDC7035E3CB2EF20BABDB . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe


    [-] 2008-05-11 18:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

    c:\windows\System32\wscntfy.exe ... is missing !!
    c:\windows\System32\regsvc.dll ... is missing !!
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-09-22 17:38 284040 ----a-w- c:\archivos de programa\AskBarDis\bar\bin\askBar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\archivos de programa\AskBarDis\bar\bin\askBar.dll" [2008-09-22 284040]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98} "= "c:\archivos de programa\AskBarDis\bar\bin\askBar.dll" [2008-09-22 284040]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update "= "c:\documents and settings\Administrador\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" [2010-04-04 136176]
    "GoodSync "= "c:\archivos de programa\GoodSync\GoodSync.exe" [2010-04-10 4514232]
    "DownloadAccelerator "= "c:\archivos de programa\DAP\DAP.EXE" [2010-04-13 2803200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui "= "c:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 30208]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2 "= "shell32" [X]
    "nltide_3 "= "advpack.dll" [2009-03-08 128512]

    c:\documents and settings\Administrador\Men£ Inicio\Programas\Inicio\
    Recorte de pantalla e Inicio r*pido de OneNote 2007.lnk - c:\archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

    c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
    TurboNote.lnk - c:\archivos de programa\TurboNote\tbnote.exe [2010-4-10 757760]
    Windows Search.lnk - c:\archivos de programa\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms "= 1 (0x1)
    "NoSMMyPictures "= 1 (0x1)
    "NoResolveTrack "= 1 (0x1)
    "MaxRecentDocs "= 16 (0x10)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel "= 1 (0x1)
    "NoSMHelp "= 1 (0x1)
    "NoSMConfigurePrograms "= 1 (0x1)
    "NoSMMyPictures "= 1 (0x1)
    "NoResolveTrack "= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\archivos de programa\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost "=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Jungle Disk Desktop.lnk]
    backup=c:\windows\pss\Jungle Disk Desktop.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2007-12-19 20:13 486856 ----a-w- c:\archivos de programa\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C87 Series]
    2005-01-27 03:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIABL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2006-10-26 22:47 31016 ----a-w- c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
    2004-05-05 12:54 262210 ------w- c:\archivos de programa\EPSON\Ink Monitor\InkMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
    2008-07-08 14:41 2828184 ----a-w- c:\archivos de programa\Registry Mechanic\RegMech.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2005-11-11 12:07 90112 ----a-w- c:\windows\soundman.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
    2006-08-04 22:29 62976 ----a-w- c:\archivos de programa\TaskSwitchXP\TaskSwitchXP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    2005-03-08 02:33 53248 ----a-w- c:\windows\system32\VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
    2005-03-11 16:33 147456 ----a-w- c:\windows\system32\VTTrayp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc "=3 (0x3)
    "TuneUp.Defrag "=3 (0x3)
    "Microsoft Office Groove Audit Service "=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Archivos de programa\\ESET\\ESET NOD32 Antivirus\\egui.exe "=
    "c:\\Documents and Settings\\Administrador\\Configuración local\\Datos de programa\\Google\\Chrome\\Application\\chrome.exe "=
    "c:\\Archivos de programa\\TaskSwitchXP\\ConfigTsXP.exe "=
    "c:\archivos de programa\Microsoft ActiveSync\rapimgr.exe "= c:\archivos de programa\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\archivos de programa\Microsoft ActiveSync\wcescomm.exe "= c:\archivos de programa\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\archivos de programa\Microsoft ActiveSync\WCESMgr.exe "= c:\archivos de programa\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Archivos de programa\\TurboNote\\tbnote.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-03 717296]
    R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-02-05 145504]
    R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
    R1 JDFS;JDFS;c:\windows\system32\drivers\jdfs.sys [2009-01-08 140048]
    R2 ekrn;Eset Service;c:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\archivos de programa\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
    R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [x]
    R3 RkPavproc2;RkPavproc2;c:\windows\system32\drivers\RkPavproc2.sys [x]
    S0 VIBUS;VIBUS;c:\windows\system32\DRIVERS\ViBus.sys [2007-03-26 16896]
    S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2007-03-26 52224]


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-16 c:\windows\Tasks\Mantenimiento con 1 clic.job
    - c:\archivos de programa\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-21 09:45]

    2010-04-16 c:\windows\Tasks\User_Feed_Synchronization-{2BCA8274-14D5-4384-BC56-DBA06075878A}.job
    - c:\windows\system32\msfeedssync.exe [2008-05-11 02:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.lanacion.com.ar
    IE: &Clean Traces - c:\archivos de programa\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\archivos de programa\DAP\dapextie.htm
    IE: Abrir en ventana &nueva - c:\documents and settings\All Users\Datos de programa\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
    IE: Download &all with DAP - c:\archivos de programa\DAP\dapextie2.htm
    IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Translate with &Babylon - c:\archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-16 16:58
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1715567821-261478967-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,01,1d,1d,ed,6e,e4,49,b5,96,1e,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,01,1d,1d,ed,6e,e4,49,b5,96,1e,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,01,1d,1d,ed,6e,e4,49,b5,96,1e,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(240)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\cscui.dll

    - - - - - - - > 'lsass.exe'(296)
    c:\windows\system32\setupapi.dll
    .
    Completion time: 2010-04-16 17:00:31
    ComboFix-quarantined-files.txt 2010-04-16 20:00

    Pre-Run: 137.968.484.352 bytes libres
    Post-Run: 138.070.646.784 bytes libres

    - - End Of File - - 0C730560694D6D2491DDE76DF336F5D0


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:04:38, on 16/04/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe
    C:\Archivos de programa\GoodSync\GoodSync.exe
    C:\Archivos de programa\Microsoft ActiveSync\Wcescomm.exe
    C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Archivos de programa\DAP\DAP.EXE
    C:\Archivos de programa\TurboNote\tbnote.exe
    C:\ARCHIV~1\MI3AA1~1\rapimgr.exe
    C:\Archivos de programa\Windows Desktop Search\WindowsSearch.exe
    C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\msfeedssync.exe
    C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lanacion.com.ar
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARCHIV~1\DAP\DAPIEL~1.DLL
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [GoodSync] "C:\Archivos de programa\GoodSync\GoodSync.exe" /min
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\Wcescomm.exe "
    O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Archivos de programa\DAP\DAP.EXE" /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c (User '?')
    O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [GoodSync] "C:\Archivos de programa\GoodSync\GoodSync.exe" /min (User '?')
    O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\Wcescomm.exe" (User '?')
    O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [DownloadAccelerator] "C:\Archivos de programa\DAP\DAP.EXE" /STARTUP (User '?')
    O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - S-1-5-21-1715567821-261478967-1177238915-500 Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
    O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: TurboNote.lnk = C:\Archivos de programa\TurboNote\tbnote.exe
    O4 - Global Startup: Windows Search.lnk = C:\Archivos de programa\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
    O8 - Extra context menu item: Abrir en ventana &nueva - C:\Documents and Settings\All Users\Datos de programa\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/pro/cabs/as2stubie.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~1\Office12\GR99D3~1.DLL
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe

    --
    End of file - 7726 bytes


    THANK YOU AGAIN BRONI FOR YOUR TIME!

    Eddie2000

     
    eddie2000,
    #10
  12. 2010/04/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're welcome :)

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    c:\windows\explorer.exe
    c:\windows\system32\ctfmon.exe
    c:\windows\system32\mspmsnsv.dll
    If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.

    =================================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::

Folder::

Driver::
RkPavproc1
RkPavproc2


Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


RegLockDel::

MIA:
c:\windows\System32\wscntfy.exe
c:\windows\System32\regsvc.dll

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    • A new HijackThis log.
     
    broni,
    #11
  13. 2010/04/16
    eddie2000

    eddie2000 Inactive Thread Starter

    Joined:
    2010/04/13
    Messages:
    21
    Likes Received:
    0
    This is what I got for explorer.exe:

    Exception

    Please report failure as: ErrorTime= "Apr 17 04:22:42 "

    This is the result for ctfmon:

    Análisis del archivo ctfmon.exe recibido el 2010.04.17 02:26:21 (UTC)
    Motor antivirus Versión Última actualización Resultado
    a-squared 4.5.0.50 2010.04.16 -
    AhnLab-V3 5.0.0.2 2010.04.16 -
    AntiVir 7.10.6.115 2010.04.16 -
    Antiy-AVL 2.0.3.7 2010.04.16 -
    Authentium 5.2.0.5 2010.04.16 -
    Avast 4.8.1351.0 2010.04.16 -
    Avast5 5.0.332.0 2010.04.16 -
    AVG 9.0.0.787 2010.04.16 -
    BitDefender 7.2 2010.04.17 -
    CAT-QuickHeal 10.00 2010.04.16 -
    ClamAV 0.96.0.3-git 2010.04.17 -
    Comodo 4620 2010.04.17 -
    DrWeb 5.0.2.03300 2010.04.17 -
    eSafe 7.0.17.0 2010.04.15 -
    eTrust-Vet 35.2.7430 2010.04.16 -
    F-Prot 4.5.1.85 2010.04.16 -
    F-Secure 9.0.15370.0 2010.04.16 -
    Fortinet 4.0.14.0 2010.04.16 -
    GData 19 2010.04.17 -
    Ikarus T3.1.1.80.0 2010.04.16 -
    Jiangmin 13.0.900 2010.04.16 -
    Kaspersky 7.0.0.125 2010.04.17 -
    McAfee 5.400.0.1158 2010.04.17 -
    McAfee-GW-Edition 6.8.5 2010.04.17 -
    Microsoft 1.5605 2010.04.16 -
    NOD32 5035 2010.04.16 -
    Norman 6.04.11 2010.04.16 -
    nProtect 2010-04-16.01 2010.04.16 -
    Panda 10.0.2.7 2010.04.16 -
    PCTools 7.0.3.5 2010.04.17 -
    Prevx 3.0 2010.04.17 -
    Rising 22.43.04.04 2010.04.16 -
    Sophos 4.52.0 2010.04.17 -
    Sunbelt 6186 2010.04.17 -
    Symantec 20091.2.0.41 2010.04.17 -
    TheHacker 6.5.2.0.263 2010.04.16 -
    TrendMicro 9.120.0.1004 2010.04.15 -
    VBA32 3.12.12.4 2010.04.15 -
    ViRobot 2010.4.16.2280 2010.04.16 -
    VirusBuster 5.0.27.0 2010.04.16 -
    Información adicional
    Tamano archivo: 30208 bytes
    MD5...: 97d44ee3e44cdc7035e3cb2ef20babdb
    SHA1..: 29b22673e76fbf3ab159e2de6f1cee1e1ff8f79d
    SHA256: 2933b7f002cccb4dfe91a9deceb3a58dedbf8d9c94d421c332b6db38f7843a66
    ssdeep: 384:YVy1Eo7NY8MPTIaW7/lumxlJHXTbM+Xu/D3dlY6GS8dZPNVX+l5wrv1WDlgW<br>:Y1opITIaWhuonADdlYrhzPNVa2rvYl<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x2e35<br>timedatestamp.....: 0x48025356 (Sun Apr 13 18:39:18 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2ab8 0x2c00 6.75 6911952c2b82d5a8c3ea9ff560a9e647<br>.data 0x4000 0x210 0x200 1.07 bd8c5cd346a9f53dc0dbc69260ab2240<br>.rsrc 0x5000 0x4273 0x4400 5.61 575ab774a6f82648a6d4117ce28604dc<br><br>( 6 imports ) <br>&gt; msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit<br>&gt; ADVAPI32.dll: RegDeleteValueA, RegOpenKeyExA, RegCloseKey, RegSetValueExA, RegCreateKeyA, RegCreateKeyExA<br>&gt; KERNEL32.dll: lstrcpynA, lstrlenA, GetSystemDirectoryA, GetSystemWindowsDirectoryA, GetVersionExA, GetACP, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LocalFree, CloseHandle, ResetEvent, OpenEventA, CreateProcessA, lstrcatA, GetSystemInfo, lstrcmpiA, FreeLibrary, LoadLibraryA, CreateEventA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, LocalAlloc, GetProcAddress<br>&gt; USER32.dll: EnumWindows, GetClassNameA, FindWindowA, PostMessageA, SetTimer, KillTimer, MsgWaitForMultipleObjects, PeekMessageA, TranslateMessage, DispatchMessageA, GetMessageA, SetWindowPos, LoadCursorA, RegisterClassExA, DefWindowProcA, PostQuitMessage, CreateWindowExA, GetSystemMetrics<br>&gt; MSCTF.dll: TF_InitSystem, TF_GetGlobalCompartment, TF_InvalidAssemblyListCacheIfExist, TF_InvalidAssemblyListCache, TF_PostAllThreadMsg, TF_CreateCicLoadMutex, TF_UninitSystem<br>&gt; MSUTB.dll: ClosePopupTipbar, GetPopupTipbar<br><br>( 0 exports ) <br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: CTF Loader<br>original name: CTFMON.EXE<br>internal name: CTFMON<br>file version.: 5.1.2600.5512 (xpsp.080413-2105)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

    And the result for mspmsnsv.dll:

    Motor antivirus Versión Última actualización Resultado
    a-squared 4.5.0.50 2010.04.16 -
    AhnLab-V3 5.0.0.2 2010.04.16 -
    AntiVir 7.10.6.115 2010.04.16 -
    Antiy-AVL 2.0.3.7 2010.04.16 -
    Authentium 5.2.0.5 2010.04.16 -
    Avast 4.8.1351.0 2010.04.16 -
    Avast5 5.0.332.0 2010.04.16 -
    AVG 9.0.0.787 2010.04.16 -
    BitDefender 7.2 2010.04.17 -
    CAT-QuickHeal 10.00 2010.04.17 -
    ClamAV 0.96.0.3-git 2010.04.17 -
    Comodo 4620 2010.04.17 -
    DrWeb 5.0.2.03300 2010.04.17 -
    eSafe 7.0.17.0 2010.04.15 -
    eTrust-Vet 35.2.7430 2010.04.16 -
    F-Prot 4.5.1.85 2010.04.16 -
    F-Secure 9.0.15370.0 2010.04.16 -
    Fortinet 4.0.14.0 2010.04.16 -
    GData 19 2010.04.17 -
    Ikarus T3.1.1.80.0 2010.04.16 -
    Jiangmin 13.0.900 2010.04.16 -
    Kaspersky 7.0.0.125 2010.04.17 -
    McAfee 5.400.0.1158 2010.04.17 -
    McAfee-GW-Edition 6.8.5 2010.04.17 -
    Microsoft 1.5605 2010.04.16 -
    NOD32 5035 2010.04.16 -
    Norman 6.04.11 2010.04.16 -
    nProtect 2010-04-16.01 2010.04.16 -
    Panda 10.0.2.7 2010.04.16 -
    PCTools 7.0.3.5 2010.04.17 -
    Prevx 3.0 2010.04.17 -
    Rising 22.43.04.04 2010.04.16 -
    Sophos 4.52.0 2010.04.17 -
    Sunbelt 6186 2010.04.17 -
    Symantec 20091.2.0.41 2010.04.17 -
    TheHacker 6.5.2.0.263 2010.04.16 -
    TrendMicro 9.120.0.1004 2010.04.15 -
    VBA32 3.12.12.4 2010.04.15 -
    ViRobot 2010.4.16.2280 2010.04.16 -
    VirusBuster 5.0.27.0 2010.04.16 -
    Información adicional
    Tamano archivo: 27136 bytes
    MD5...: c51b4a5c05a5475708e3c81c7765b71d
    SHA1..: c61095f51df41e64b3f034458958c918f0d6f8a8
    SHA256: f776d2680bd3407307b7072626f78460361fc5bc38623c9e16f394d300ab25de
    ssdeep: 768:DQrdsm8STScNCFnyXESZ9AAWng/WVRf+TSp+C:DQrdsm8STSXFncyAyoM+T9
    C
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x3b1e
    timedatestamp.....: 0x453711a3 (Thu Oct 19 05:48:19 2006)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x51c7 0x5200 6.53 fe7844e8d31ea87cacf25b675f903c2c
    .data 0x7000 0x68c 0x400 5.83 05e48ce95c056451a34b5764dd77504f
    .rsrc 0x8000 0x7f8 0x800 3.36 376cc5d3206409d33610ff4a71293149
    .reloc 0x9000 0x72c 0x800 4.27 a977a9009663c9ef81e9d15c87be2eec

    ( 3 imports )
    > msvcrt.dll: _adjust_fdiv, _amsg_exit, _initterm, free, malloc, _XcptFilter, ___U@YAPAXI@Z, ___V@YAXPAX@Z, __2@YAPAXI@Z, memmove, memset, memcpy, __3@YAXPAX@Z, _purecall
    > KERNEL32.dll: WideCharToMultiByte, WaitNamedPipeW, CreateFileA, CreateFileW, DeviceIoControl, CompareStringA, GetVersionExA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, QueryPerformanceCounter, RtlUnwind, InterlockedCompareExchange, InterlockedExchange, GetModuleFileNameA, FormatMessageA, LoadLibraryExA, GetProcAddress, FormatMessageW, FreeLibrary, LeaveCriticalSection, EnterCriticalSection, GetDriveTypeW, GetLastError, CreateEventA, DisconnectNamedPipe, WaitForSingleObject, CancelIo, CloseHandle, SetEvent, ConnectNamedPipe, ReadFile, WriteFile, WaitForMultipleObjects, GetOverlappedResult, ResetEvent, LocalFree, CreateNamedPipeA, LocalAlloc, DeleteCriticalSection, DisableThreadLibraryCalls, InitializeCriticalSection, SetLastError, Sleep, GetTickCount
    > ADVAPI32.dll: StartServiceA, TraceMessage, CreateServiceA, RegSetValueExA, RegCreateKeyA, RegQueryValueExW, RegSetValueExW, RegCloseKey, ControlService, DeleteService, RegDeleteKeyA, QueryServiceStatus, GetSecurityInfo, SetSecurityInfo, RegisterServiceCtrlHandlerA, AllocateAndInitializeSid, SetEntriesInAclA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, FreeSid, ImpersonateNamedPipeClient, RevertToSelf, SetServiceStatus, RegisterEventSourceA, ReportEventA, DeregisterEventSource, OpenSCManagerA, OpenServiceA, CloseServiceHandle

    ( 4 exports )
    DllMain, DllRegisterServer, DllUnregisterServer, ServiceMain
    RDS...: NSRL Reference Data Set
    -
    pdfid.: -
    trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    sigcheck:
    publisher....: Microsoft Corporation
    copyright....: (C) Microsoft Corporation. All rights reserved.
    product......: Windows Media Device Manager
    description..: Microsoft Media Device Service Provider
    original name: MsPMSNSv.dll
    internal name: MsPMSNSv.dll
    file version.: 11.0.5721.5145
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned

    I AM SENDING ONLY PART OF THE INFO REQUIRED IN CASE THE PC CRASHES. i'LL BE SENDING THE REST IMMEDIATELY

     
    eddie2000,
    #12
  14. 2010/04/16
    eddie2000

    eddie2000 Inactive Thread Starter

    Joined:
    2010/04/13
    Messages:
    21
    Likes Received:
    0
     
    eddie2000,
    #13
  15. 2010/04/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box into the main textfield:
      Code:
      :filefind
regsvc.dll
wscntfy.exe
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    ==============================================================

    Please download Profiles by noahdfear.

    * Save it to your desktop.
    * Double-click profiles.exe and post its log when you reply.

    ================================================================

    Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log.
     
    broni,
    #14
  16. 2010/04/17
    eddie2000

    eddie2000 Inactive Thread Starter

    Joined:
    2010/04/13
    Messages:
    21
    Likes Received:
    0
    Broni: the logs you requested:

    SystemLook v1.0 by jpshortstuff (11.01.10)
    Log created at 12:42 on 17/04/2010 by Administrador (Administrator - Elevation successful)

    ========== filefind ==========

    Searching for "regsvc.dll. "
    No files found.

    Searching for "wscntfy.exe "
    No files found.

    -=End Of File=-


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    DefaultUserProfile REG_SZ Default User
    AllUsersProfile REG_SZ All Users

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
    ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
    ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
    ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1715567821-261478967-1177238915-500
    ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrador

    SystemRoot REG_SZ C:\WINDOWS

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-04-17 14:00:10
    Windows 5.1.2600 Service Pack 3
    Running: z577ibl2.exe; Driver: C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\pxtdapob.sys


    ---- System - GMER 1.0.15 ----

    SSDT spvb.sys ZwCreateKey [0xBA6A80E0]
    SSDT spvb.sys ZwEnumerateKey [0xBA6C6CA2]
    SSDT spvb.sys ZwEnumerateValueKey [0xBA6C7030]
    SSDT spvb.sys ZwOpenKey [0xBA6A80C0]
    SSDT spvb.sys ZwQueryKey [0xBA6C7108]
    SSDT spvb.sys ZwQueryValueKey [0xBA6C6F88]
    SSDT spvb.sys ZwSetValueKey [0xBA6C719A]

    INT 0x62 ? 89BE5BF8
    INT 0x82 ? 89BE5BF8
    INT 0x83 ? 89B75BF8
    INT 0xB4 ? 89914BF8
    INT 0xB4 ? 89914BF8
    INT 0xB4 ? 89914BF8
    INT 0xB4 ? 89914BF8
    INT 0xB4 ? 89914BF8
    INT 0xB4 ? 89914BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spvb.sys El sistema no puede hallar el archivo especificado. !
    .text USBPORT.SYS!DllUnload B9BCA8AC 5 Bytes JMP 899141D8
    .text axmvs2pc.SYS B977F384 1 Byte [20]
    .text axmvs2pc.SYS B977F384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
    .text axmvs2pc.SYS B977F3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
    .text axmvs2pc.SYS B977F3C4 3 Bytes [00, 00, 00]
    .text axmvs2pc.SYS B977F3C9 1 Byte [00]
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe[1600] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
    .text C:\WINDOWS\system32\SearchIndexer.exe[1932] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 15, 00]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 15, 00]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 15, 00]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91EB1A
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 15, 00]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 15, 00]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 15, 00]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91EB8B
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 15, 00]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91ECB9
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 15, 00]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 15, 00]
    .text C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spvb.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spvb.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spvb.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spvb.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spvb.sys
    IAT \SystemRoot\System32\Drivers\axmvs2pc.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
    IAT \SystemRoot\System32\Drivers\axmvs2pc.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
    IAT \SystemRoot\System32\Drivers\axmvs2pc.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
    IAT \SystemRoot\System32\Drivers\axmvs2pc.SYS[HAL.dll!KfRaiseIrql] 000000AF
    IAT \SystemRoot\System32\Drivers\axmvs2pc.SYS[HAL.dll!KfLowerIrql] 0000009C
    IAT \SystemRoot\System32\Drivers\axmvs2pc.SYS[HAL.dll!HalGetInterruptVector] 000000A4
    IAT \SystemRoot\System32\Drivers\axmvs2pc.SYS[HAL.dll!HalTranslateBusAddress] 00000072
    IAT \SystemRoot\System32\Drivers\axmvs2pc.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
    IAT \SystemRoot\System32\Drivers\axmvs2pc.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
    IAT \SystemRoot\System32\Drivers\axmvs2pc.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
    IAT \SystemRoot\System32\Drivers\axmvs2pc.SYS[HAL.dll!READ_PORT_USHORT] 00000093
    IAT \SystemRoot\System32\Drivers\axmvs2pc.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
    IAT \SystemRoot\System32\Drivers\axmvs2pc.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
    IAT \SystemRoot\System32\Drivers\axmvs2pc.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
    IAT \SystemRoot\System32\Drivers\axmvs2pc.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spvb.sys

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 00F1BFC0
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 00F1C030
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 00F1C560
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 00F1B230
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00F186C0
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00F19920
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00F19B90
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00F1C230
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 00F1C550
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA] 00F19CA0
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 00F1B340
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] 00F1B190
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] 00F1AFF0
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 00F1A3F0
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] 00F1AB80
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 00F1A830
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 00F1AFB0
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetACP] 00F1C570
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStrings] 00F19E00
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStringsW] 00F19E80
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 00F19F00
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] 00F1A070
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00F1A150
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] 00F1A000
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00F1C4C0
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00F1C470
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00F186C0
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00F19920
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00F1B230
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00F19B90
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00F199A0
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00F1A830
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00F1C170
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00F1C1B0
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00F1C550
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00F1C030
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00F1B190
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00F1A150
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00F19B00
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00F19E80
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00F1CAD0
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00F1AB80
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00F1AFF0
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00F1B6B0
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00F1B440
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00F1B630
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00F1BB10
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00F1B820
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00F19A70
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00F1A000
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00F1C290
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00F1B580
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00F1B130
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00F1AFB0
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00F1B340
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00F1C570
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00F1B380
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 00F1C810
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 00F1C7B0
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00F1CA00
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00F1CAA0
    IAT C:\Archivos de programa\DAP\DAP.EXE[632] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 00F1C8D0

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 89B741F8

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

    Device \Driver\usbuhci \Device\USBPDO-0 899DA1F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 89B761F8
    Device \Driver\dmio \Device\DmControl\DmConfig 89B761F8
    Device \Driver\dmio \Device\DmControl\DmPnP 89B761F8
    Device \Driver\dmio \Device\DmControl\DmInfo 89B761F8
    Device \Driver\usbuhci \Device\USBPDO-1 899DA1F8
    Device \Driver\usbuhci \Device\USBPDO-2 899DA1F8
    Device \Driver\usbuhci \Device\USBPDO-3 899DA1F8
    Device \Driver\usbehci \Device\USBPDO-4 898FC1F8
    Device \Driver\sptd \Device\2464975264 spvb.sys

    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

    Device \Driver\PCI_PNP7764 \Device\00000049 spvb.sys
    Device \Driver\Ftdisk \Device\HarddiskVolume1 89BE61F8
    Device \Driver\CDRom \Device\CdRom0 8991D1F8
    Device \Driver\CDRom \Device\CdRom1 8991D1F8
    Device \Driver\atapi \Device\Ide\IdePort0 [BA5FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [BA5FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [BA5FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [BA5FBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\ViPrt \Device\Ide\ViaIdePort0 89B751F8
    Device \Driver\ViPrt \Device\Ide\ViaIdePort1 89B751F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 894BF1F8
    Device \Driver\NetBT \Device\NetbiosSmb 894BF1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{F4D06146-B2F5-4B0B-8305-27F05FB06196} 894BF1F8
    Device \Driver\usbuhci \Device\USBFDO-0 899DA1F8
    Device \Driver\usbuhci \Device\USBFDO-1 899DA1F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894AD1F8
    Device \Driver\usbuhci \Device\USBFDO-2 899DA1F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 894AD1F8
    Device \Driver\usbuhci \Device\USBFDO-3 899DA1F8
    Device \Driver\usbehci \Device\USBFDO-4 898FC1F8
    Device \Driver\Ftdisk \Device\FtControl 89BE61F8
    Device \Driver\axmvs2pc \Device\Scsi\axmvs2pc1Port4Path0Target0Lun0 899A51F8
    Device \Driver\axmvs2pc \Device\Scsi\axmvs2pc1 899A51F8
    Device \FileSystem\Cdfs \Cdfs 894B0500

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Archivos de programa\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Archivos de programa\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA4 0x4C 0x01 0x04 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB2 0x87 0x4C 0x0C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x67 0x80 0x15 0x39 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Archivos de programa\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Archivos de programa\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA4 0x4C 0x01 0x04 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB2 0x87 0x4C 0x0C ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x67 0x80 0x15 0x39 ...

    ---- EOF - GMER 1.0.15 ----

    Can you tell if there is an infection? Can it be only a Windows problem?

    Thank you

    Eddie2000
     
    eddie2000,
    #15
  17. 2010/04/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    So far, things look pretty clean, but we'll run couple more scans.

    First things, first, though.
    Combofix reports couple of system files missing, which are nowhere to find on your computer, so I'm attaching those files (zipped):
    regsvc.dll
    wscntfy.exe
    Unzip both, copy and paste both unzipped files into:
    c:\windows\System32
    folder.

    Re-run Combofix and post fresh log.
     
    broni,
    #16
  18. 2010/04/17
    eddie2000

    eddie2000 Inactive Thread Starter

    Joined:
    2010/04/13
    Messages:
    21
    Likes Received:
    0
    where are the attached files?
     
    eddie2000,
    #17
  19. 2010/04/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Oooops, sorry about that
     

    Attached Files:

    broni,
    #18
  20. 2010/04/17
    eddie2000

    eddie2000 Inactive Thread Starter

    Joined:
    2010/04/13
    Messages:
    21
    Likes Received:
    0
    A Windows message poped up saying (I translate from spanish: " The necesary files for Windows to execute correctly have been replaced by unknown versions. Windows must now restore the original versions of this files to maintain system stability

    Insert the CD windows XP sp3.

    I have this CD but it is not the one used to install the Windows program that is running now in my PC: it was installed by the service using a Windows xxp sp2 and after sp3.

    What shall I do?
     
    eddie2000,
    #19
  21. 2010/04/17
    eddie2000

    eddie2000 Inactive Thread Starter

    Joined:
    2010/04/13
    Messages:
    21
    Likes Received:
    0
    Before receiving your answer to my question about the files cpoied into system32folder, I ran ComboFix but did not get any log file. In stead I can see a folder named ComoFix with many temporary files.
     
    eddie2000,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...