1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Help WinAntiVirus 2006,2007,etc. Keeps popping up!

Discussion in 'Virus & Other Malware Removal' started by klopriz, Sep 29, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. klopriz

    klopriz Thread Starter

    Joined:
    Sep 28, 2007
    Messages:
    12
    Hello :)

    I have been having LOTS of problems with my computer. The few things I have been able to identify are the WinAntiVirus popups, 2006 and 2007, and some drive error cleaning or clean drive popups as well... I can't remember very well. And a suspicious khfecyy.dll (according to a VundoFix tool I found on a site on Internet). The computer has been acting really erratic lately.

    I found another post concerning this problem on this site, and I was SO DESPERATE that I just decided to go ahead and do what it was covered there for the removal of these pop ups.

    So... I ran Hijackthis and made an initial Log report, then I executed ComboFix, then I installed and ran Superantispyware (SAS) free home version, and finally made a second Hijackthis Log Report. I downloaded these programs from links provided in that post. I'm posting these reports in this thread.

    This is the link to the post I'm referring to: http://forums.techguy.org/malware-r...9310-solved-help-winantivirus-2006-keeps.html

    I don't know what to do now !!!!!!!:confused:

    Can someone help me? PLEASEEEEEEE REVIEW MY LOG REPORTS :eek:

    I'm using Windows XP
     
  2. klopriz

    klopriz Thread Starter

    Joined:
    Sep 28, 2007
    Messages:
    12
    FIRST HijackThis LOG I made...


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:04:17 PM, on 9/28/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
    C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
    C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S3tray2.exe
    C:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe
    C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
    C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
    C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe
    C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Archivos de programa\MSN Messenger\msnmsgr.exe
    C:\ARCHIV~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Archivos de programa\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Archivos de programa\Microsoft Office\Office10\WINWORD.EXE
    C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [IntelliType] "C:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Windows Update Firewall System] winmsfws.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copiar 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P30 "EPSON Stylus CX5400 (Copiar 1)" /O5 "LPT1:" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\RunServices: [Windows Update Firewall System] winmsfws.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Archivos de programa\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Archivos de programa\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Archivos de programa\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Archivos de programa\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144208298995
    O17 - HKLM\System\CCS\Services\Tcpip\..\{52D8D69A-62DF-4551-B297-0B8A64532EAE}: NameServer = 205.211.206.130
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINDOWS\System32\ssl.exe (file missing)
    O23 - Service: Windows Tune service - Unknown owner - C:\WINDOWS\tune.exe (file missing)

    --
    End of file - 7146 bytes
     
  3. klopriz

    klopriz Thread Starter

    Joined:
    Sep 28, 2007
    Messages:
    12
    ComboFix report...


    ComboFix 07-09-21.2 - "Ceci" 2007-09-28 20:08:55.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.0.1252.34.3082.18.77 [GMT -6:00]
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Archivos de programa\icroso~1
    C:\check_LSA7.txt
    C:\DOCUME~1\CECI\DATOSD~1\ASEMBL~1
    C:\DOCUME~1\CECI\DATOSD~1\CROSOF~1
    C:\DOCUME~1\CECI\DATOSD~1\CURITY~1
    C:\DOCUME~1\CECI\DATOSD~1\DOBE~1
    C:\DOCUME~1\CECI\DATOSD~1\ECURIT~1
    C:\DOCUME~1\CECI\DATOSD~1\MANTEC~1
    C:\DOCUME~1\CECI\DATOSD~1\RACLE~1
    C:\DOCUME~1\CECI\DATOSD~1\SMANTE~1
    C:\DOCUME~1\CECI\DATOSD~1\STEM32~1
    C:\DOCUME~1\CECI\MISDOC~1\ASEMBL~1
    C:\DOCUME~1\CECI\MISDOC~1\SCURIT~1
    C:\DOCUME~1\CECI\MISDOC~1\SEMBLY~1
    C:\DOCUME~1\CECI\MISDOC~1\SKS~1
    C:\DOCUME~1\CECI\MISDOC~1\SMBOLS~1
    C:\WINDOWS\asembl~1
    C:\WINDOWS\asks~1
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\appatc~1
    C:\WINDOWS\system32\crosof~1
    C:\WINDOWS\system32\dobe~1
    C:\WINDOWS\system32\hxfwsybb.ini
    C:\WINDOWS\system32\hxfwsybb.ini2
    C:\WINDOWS\system32\hxfwsybb.tmp
    C:\WINDOWS\system32\illlm.bak1
    C:\WINDOWS\system32\illlm.bak2
    C:\WINDOWS\system32\illlm.ini
    C:\WINDOWS\system32\illlm.ini2
    C:\WINDOWS\system32\illlm.tmp
    C:\WINDOWS\system32\khfecyy.dll
    C:\WINDOWS\system32\onnnn.bak1
    C:\WINDOWS\system32\onnnn.bak2
    C:\WINDOWS\system32\onnnn.ini
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pqstv.bak1
    C:\WINDOWS\system32\pqstv.ini
    C:\WINDOWS\system32\qhfgkvxl.ini
    C:\WINDOWS\system32\qhfgkvxl.ini2
    C:\WINDOWS\system32\rfllkllh.ini
    C:\WINDOWS\system32\rfllkllh.ini2
    C:\WINDOWS\system32\sstem3~1
    C:\WINDOWS\system32\txtchwaq.ini
    C:\WINDOWS\system32\txtchwaq.ini2
    C:\WINDOWS\system32\txtchwaq.tmp
    C:\WINDOWS\system32\vuwvw.bak1
    C:\WINDOWS\system32\vuwvw.bak2
    C:\WINDOWS\system32\vuwvw.ini
    C:\WINDOWS\system32\wnsxs~1
    C:\WINDOWS\system32\yaccf.bak1
    C:\WINDOWS\system32\yaccf.bak2
    C:\WINDOWS\system32\yaccf.ini
    C:\WINDOWS\wnsxs~1

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_M_HOOK
    -------\nm


    ((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-29 )))))))))))))))))))))))))))))))
    .

    2007-09-28 20:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-28 20:03 <DIR> d-------- C:\Archivos de programa\Trend Micro
    2007-09-28 18:22 6,448 ---hs---- C:\WINDOWS\system32\wwvyb.bak1
    2007-09-28 18:22 311,392 --a------ C:\WINDOWS\system32\byvww.dll
    2007-09-28 07:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATOSD~1\Lavasoft
    2007-09-28 07:48 <DIR> d-------- C:\Archivos de programa\Lavasoft
    2007-09-27 23:50 4,456 --a------ C:\WINDOWS\system32\tmp.reg
    2007-09-27 22:55 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
    2007-09-27 17:54 13,584 --a------ C:\WINDOWS\system32\tlist.exe
    2007-09-27 16:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATOSD~1\Spybot - Search & Destroy
    2007-09-25 15:29 <DIR> d-------- C:\Archivos de programa\TightVNC
    2007-09-21 11:33 <DIR> d--hs---- C:\FOUND.002
    2007-09-20 16:02 <DIR> d--hs---- C:\FOUND.001
    2007-09-20 14:57 <DIR> d--hs---- C:\FOUND.000
    2007-09-08 16:39 <DIR> d-------- C:\WINDOWS\Content.IE5
    2007-09-06 18:14 <DIR> d-------- C:\Archivos de programa\Alwil Software
    2007-09-06 17:56 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Cisco Systems
    2007-09-06 17:54 <DIR> d-------- C:\Archivos de programa\Index.dat Analyzer
    2007-09-05 16:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATOSD~1\AOL Downloads

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-08-02 22:13 121344 --ahs---- C:\Archivos de programa\Thumbs.db
    2005-02-05 13:48 707182 ---hs---- C:\WINDOWS\Cursors\ipatcbdo.bak2
    2005-02-03 22:54 707313 --ahs---- C:\WINDOWS\inf\tnofgmi.bak1
    2005-01-09 14:13 721650 ---hs---- C:\WINDOWS\Tasks\avajbv.bak2
    2005-01-09 01:41 702948 ---hs---- C:\WINDOWS\Fonts\tacc.bak2
    2005-01-07 11:39 721578 ---hs---- C:\WINDOWS\inf\kabva.bak2
    2005-01-05 10:25 711264 ---hs---- C:\WINDOWS\Fonts\sabbew.bak2
    2005-01-02 11:23 672402 ---hs---- C:\WINDOWS\Fonts\bilcvs.bak2
    2004-12-30 00:48 651408 ---hs---- C:\WINDOWS\Tasks\dmcsys.bak2
    2004-12-28 17:31 628490 ---hs---- C:\WINDOWS\Fonts\bdbew.bak2
    2004-12-26 11:04 602049 ---hs---- C:\WINDOWS\Cursors\wcvsm.bak2
    2004-12-24 01:02 606257 ---hs---- C:\WINDOWS\Fonts\drahbac.bak2
    2004-12-22 23:03 606041 ---hs---- C:\WINDOWS\Fonts\bewpct.bak2
    2004-12-22 19:41 606134 ---hs---- C:\WINDOWS\Fonts\yalplmx.bak2
    2005-05-13 23:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
    2005-10-24 17:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
    2005-10-14 03:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
    2005-06-26 21:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-22 04:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    2005-10-08 01:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
    2004-01-25 06:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
    2004-01-25 06:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
    2005-02-28 19:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
    2005-07-14 18:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
    2006-04-27 16:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{023750C4-4E96-4DCC-9B92-11B9D1891088}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{249EA11B-546F-4AB6-AF8A-6ABE67571201}]
    2007-09-28 18:22 311392 --a------ C:\WINDOWS\System32\byvww.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D2BFD2B-8785-4FF9-92B7-47FD96FA3776}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4910D428-A542-4759-AAE4-5F4650162F7F}]
    C:\WINDOWS\System32\vtsqp.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D0DA871-E67E-40B1-B1E8-81A744543EDB}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{932AF90E-6CCC-4435-BFCF-46B6A89628C9}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "@"="" []
    "S3TRAY2"="S3tray2.exe" [2001-10-11 23:32 C:\WINDOWS\system32\S3tray2.exe]
    "PCTVOICE"="pctspk.exe" [2001-08-22 22:15 C:\WINDOWS\system32\pctspk.exe]
    "EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [2003-05-26 14:00]
    "IntelliType"="C:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe" [2001-06-12 02:20]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2006-05-21 11:46]
    "TkBellExe"="C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2007-03-27 18:36]
    "Windows Update Firewall System"="winmsfws.exe" []
    "HP Software Update"="C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
    "SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
    "Ink Monitor"="C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe" [2003-04-24 18:41]
    "EPSON Stylus CX5400 (Copiar 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [2003-05-26 14:00]
    "AVG7_CC"="C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe" [2007-09-25 18:25]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe" [2005-07-15 15:48]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-24 15:00]
    "Yahoo! Pager"="C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49]
    "SpybotSD TeaTimer"="C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "Windows Update Firewall System"=winmsfws.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dllacc]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fontrun]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Iomega Icons.lnk]
    backup=C:\WINDOWS\pss\Iomega Icons.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Iomega QuikSync.lnk]
    backup=C:\WINDOWS\pss\Iomega QuikSync.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Iomega Startup Options.lnk]
    backup=C:\WINDOWS\pss\Iomega Startup Options.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^IomegaWare.lnk]
    backup=C:\WINDOWS\pss\IomegaWare.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\areslite]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Explorer Key]

    R1 hpcd2k;hpcd2k;C:\WINDOWS\System32\drivers\hpcd2k.sys
    R1 ShldDrv;ShldDrv;C:\WINDOWS\System32\drivers\ShldDrv.sys
    R1 VIAPFD;VIAPFD;C:\WINDOWS\System32\Drivers\VIAPFD.SYS
    R2 SetupNT;SetupNT;C:\WINDOWS\System32\SetupNT.sys
    S2 ssl;Microsoft SSL;C:\WINDOWS\System32\ssl.exe
    S2 Windows Tune service;Windows Tune service;"C:\WINDOWS\tune.exe"
    S4 AvFlt;Antivirus Filter Driver;C:\WINDOWS\System32\drivers\av5flt.sys
    S4 ppa;Controlador de filtro de puerto paralelo Iomega Parallel;C:\WINDOWS\System32\DRIVERS\ppa.sys

    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-28 20:14:53
    Windows 5.1.2600 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-28 20:16:37 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-09-28 20:16
    .
    --- E O F ---
     
  4. klopriz

    klopriz Thread Starter

    Joined:
    Sep 28, 2007
    Messages:
    12
    SUPERAntiSpyware Scan Log - 09-28-2007 - 21-36-59.log...

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 09/28/2007 at 09:36 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3316
    Trace Rules Database Version: 1317

    Scan type : Complete Scan
    Total Scan Time : 01:12:03

    Memory items scanned : 412
    Memory threats detected : 1
    Registry items scanned : 5790
    Registry threats detected : 9
    File items scanned : 41270
    File threats detected : 57

    Unclassified.Unknown Origin/System
    C:\WINDOWS\SYSTEM32\BYVWW.DLL
    C:\WINDOWS\SYSTEM32\BYVWW.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2C637C0-FD93-4286-8AB9-9FEF426D3EA7}
    HKCR\CLSID\{E2C637C0-FD93-4286-8AB9-9FEF426D3EA7}
    HKCR\CLSID\{E2C637C0-FD93-4286-8AB9-9FEF426D3EA7}\InprocServer32
    HKCR\CLSID\{E2C637C0-FD93-4286-8AB9-9FEF426D3EA7}\InprocServer32#ThreadingModel

    Adware.Vundo Variant
    HKLM\Software\Classes\CLSID\{4910D428-A542-4759-AAE4-5F4650162F7F}
    HKCR\CLSID\{4910D428-A542-4759-AAE4-5F4650162F7F}
    HKCR\CLSID\{4910D428-A542-4759-AAE4-5F4650162F7F}\InprocServer32
    HKCR\CLSID\{4910D428-A542-4759-AAE4-5F4650162F7F}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\VTSQP.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4910D428-A542-4759-AAE4-5F4650162F7F}

    Adware.Tracking Cookie
    C:\Documents and Settings\Ceci\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ceci\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ceci\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ceci\Cookies\[email protected][1].txt
    C:\Documents and Settings\Ceci\Cookies\[email protected][2].txt

    Trojan.Security Toolbar
    C:\Documents and Settings\All Users\Menú Inicio\Online Security Guide.url
    C:\Documents and Settings\All Users\Menú Inicio\Security Troubleshooting.url

    Adware.eZula
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP122\A0052682.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065087.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065132.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065133.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065134.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065135.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065136.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065137.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065138.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065139.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065140.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065143.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065146.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065147.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065149.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065150.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065151.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065154.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065155.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065157.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065158.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065159.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065160.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065161.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065162.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065163.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065164.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065165.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065166.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065167.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065168.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065170.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065171.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065172.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065173.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065174.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065175.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065176.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065177.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065178.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065179.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065180.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065181.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065182.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065250.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP142\A0065277.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP142\A0065296.EXE

    Trojan.Downloader-Gen/HitItQuitIt
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP143\A0065424.DLL
     
  5. klopriz

    klopriz Thread Starter

    Joined:
    Sep 28, 2007
    Messages:
    12
    Second hijackthis.log Report after running ComboFix and SUPERAntiSpyware....

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:44:00 PM, on 9/28/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
    C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
    C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S3tray2.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
    C:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe
    C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
    C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
    C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe
    C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Archivos de programa\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Archivos de programa\Microsoft Office\Office10\WINWORD.EXE
    C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
    O2 - BHO: (no name) - {023750C4-4E96-4DCC-9B92-11B9D1891088} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {249EA11B-546F-4AB6-AF8A-6ABE67571201} - (no file)
    O2 - BHO: (no name) - {2D2BFD2B-8785-4FF9-92B7-47FD96FA3776} - (no file)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
    O2 - BHO: (no name) - {4910D428-A542-4759-AAE4-5F4650162F7F} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {6D0DA871-E67E-40B1-B1E8-81A744543EDB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {932AF90E-6CCC-4435-BFCF-46B6A89628C9} - (no file)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Archivos de programa\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {A21F084D-312C-4962-9AD6-AB70E38EC418} - C:\WINDOWS\System32\byvww.dll (file missing)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\es\msntb.dll
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [IntelliType] "C:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Windows Update Firewall System] winmsfws.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copiar 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P30 "EPSON Stylus CX5400 (Copiar 1)" /O5 "LPT1:" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\RunServices: [Windows Update Firewall System] winmsfws.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Archivos de programa\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Archivos de programa\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Archivos de programa\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Archivos de programa\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144208298995
    O17 - HKLM\System\CCS\Services\Tcpip\..\{52D8D69A-62DF-4551-B297-0B8A64532EAE}: NameServer = 205.211.206.130
    O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: dllacc - C:\WINDOWS\
    O20 - Winlogon Notify: fontrun - C:\WINDOWS\
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINDOWS\System32\ssl.exe (file missing)
    O23 - Service: Windows Tune service - Unknown owner - C:\WINDOWS\tune.exe (file missing)

    --
    End of file - 9168 bytes
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis – mark them, close IE, click fix checked

    O2 - BHO: (no name) - {023750C4-4E96-4DCC-9B92-11B9D1891088} - (no file)

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

    O2 - BHO: (no name) - {249EA11B-546F-4AB6-AF8A-6ABE67571201} - (no file)

    O2 - BHO: (no name) - {2D2BFD2B-8785-4FF9-92B7-47FD96FA3776} - (no file)

    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

    O2 - BHO: (no name) - {4910D428-A542-4759-AAE4-5F4650162F7F} - (no file)

    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

    O2 - BHO: (no name) - {6D0DA871-E67E-40B1-B1E8-81A744543EDB} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: (no name) - {932AF90E-6CCC-4435-BFCF-46B6A89628C9} - (no file)

    O2 - BHO: (no name) - {A21F084D-312C-4962-9AD6-AB70E38EC418} - C:\WINDOWS\System32\byvww.dll (file missing)

    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

    O4 - HKLM\..\Run: [Windows Update Firewall System] winmsfws.exe

    O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k

    O4 - HKLM\..\RunServices: [Windows Update Firewall System] winmsfws.exe

    O20 - Winlogon Notify: dllacc - C:\WINDOWS\

    O20 - Winlogon Notify: fontrun - C:\WINDOWS\

    O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINDOWS\System32\ssl.exe (file missing)

    O23 - Service: Windows Tune service - Unknown owner - C:\WINDOWS\tune.exe (file missing)
    ==================
    Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find this exact name

    Microsoft SSL

    Rightclick and choose "Properties". Beside "Startup Type" in the dropdown menu select "Disabled". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Click Apply then OK. File-Exit the Services utility.

    Repeat the above for - Windows Tune service

    ==================
    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following line(s) one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.
    Be sure to note the EXACT spelling of the file

    C:\WINDOWS\System32\winmsfws.exe
    C:\WINDOWS\System32\mysvcc.exe
    C:\WINDOWS\system32\wwvyb.bak1
    C:\WINDOWS\system32\byvww.dll

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode



    How are things on the PC???????????
     
  7. klopriz

    klopriz Thread Starter

    Joined:
    Sep 28, 2007
    Messages:
    12
    Should I check & fix these Hijackthis items also in Safe Mode or I fix them in Normal????????
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Normal is fine
     
  9. klopriz

    klopriz Thread Starter

    Joined:
    Sep 28, 2007
    Messages:
    12
    OK, I did it all. When I reenter on Normal mode this Spybot program I have prompted me about some deleted keys. I didn't know what it meant really, but I chose "Allow Change"

    Here is the new Hijackthis log.


    ----------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:57:37 PM, on 9/29/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\S3tray2.exe
    C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
    C:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe
    C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
    C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
    C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe
    C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
    C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
    C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
    C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
    C:\ARCHIV~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
    O2 - BHO: (no name) - {023750C4-4E96-4DCC-9B92-11B9D1891088} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {249EA11B-546F-4AB6-AF8A-6ABE67571201} - (no file)
    O2 - BHO: (no name) - {2D2BFD2B-8785-4FF9-92B7-47FD96FA3776} - (no file)
    O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
    O2 - BHO: (no name) - {4910D428-A542-4759-AAE4-5F4650162F7F} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {6D0DA871-E67E-40B1-B1E8-81A744543EDB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {932AF90E-6CCC-4435-BFCF-46B6A89628C9} - (no file)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Archivos de programa\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {A21F084D-312C-4962-9AD6-AB70E38EC418} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\es\msntb.dll
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [IntelliType] "C:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copiar 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P30 "EPSON Stylus CX5400 (Copiar 1)" /O5 "LPT1:" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Archivos de programa\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Archivos de programa\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Archivos de programa\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Archivos de programa\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144208298995
    O17 - HKLM\System\CCS\Services\Tcpip\..\{52D8D69A-62DF-4551-B297-0B8A64532EAE}: NameServer = 205.211.206.130
    O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: dllacc - C:\WINDOWS\
    O20 - Winlogon Notify: fontrun - C:\WINDOWS\
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    --
    End of file - 8594 bytes
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Disable Tea Timer - In SpyBot

    MODE - ADVANCED - TOOLS - RESIDENT - Un Check both boxes

    Redo post 6 - some entries will not be there
     
  11. klopriz

    klopriz Thread Starter

    Joined:
    Sep 28, 2007
    Messages:
    12
    Ok... I disabled the Spybot resident boxes...

    when you say redo post #6, should I go back and use killbox.exe in safe mode?

    I'm sorry I ask too much, it's just that I don't know much about computers :D
     
  12. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    I think you can skip killbox part - we just need to get the hijack entries
     
  13. klopriz

    klopriz Thread Starter

    Joined:
    Sep 28, 2007
    Messages:
    12
    Here's the new log...


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:36:45 PM, on 9/29/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
    C:\WINDOWS\System32\S3tray2.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
    C:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe
    C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
    C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
    C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
    C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
    C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe
    C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Archivos de programa\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Archivos de programa\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\es\msntb.dll
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [IntelliType] "C:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copiar 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P30 "EPSON Stylus CX5400 (Copiar 1)" /O5 "LPT1:" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Archivos de programa\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Archivos de programa\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Archivos de programa\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Archivos de programa\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144208298995
    O17 - HKLM\System\CCS\Services\Tcpip\..\{52D8D69A-62DF-4551-B297-0B8A64532EAE}: NameServer = 205.211.206.130
    O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    --
    End of file - 7239 bytes
     
  14. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  15. klopriz

    klopriz Thread Starter

    Joined:
    Sep 28, 2007
    Messages:
    12
    DONE!!! Now the log comes clean (without no files marks) (y)

    Sorry for my delay in answering, I've been having problems with my connection :(

    THANK YOU SO MUCH for helping me out. I really, really, appreciate it. My poor Dino (that is my computer ;) ) is gonna feel so much better now.

    Regards and greetings from Honduras!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/630706

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice