Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with unknown malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 cannondalef700sx

cannondalef700sx

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 05 May 2009 - 11:16 AM

Hi guys,

My computer is a Compaq Pentium 4 with Windows XP Professional 2002 SP3 and IE8 and have the following problem: Some days ago it suddenly became painfully slow with no apparent reason, taking ages to load Windows XP and to run any program or load any page. Although I cannot prove that there is a virus or malware in my computer, there are signs that make me think that something is wrong.

As a clue to help you to solve my problem, my computer cannot boot in safe mode and, extrange as it sounds, has in the Task Manager currently 3 iexplore although at this moment although I have only one page open (the bleepingcomputer one).

I ran Adaware and Spybot also with no problems. Nevertheless, Spybot showed that Microsoft Windows Security Center is disabled. I corrected this manually but after reboot, it disabled it again. I also ran NIS, also with no problems.

Following forum instructions, below you will find the DDS report to help you guys in helping me. I also ran Hijackthis and got a log file, which I am attaching in case somebody thinks it might be helpful. Could anybody please help me with this?

Thanks a lot in advance to anybody who might help me.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Javier Poveda at 10:58:35.50 on 05/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.3082.18.894.428 [GMT -4.5:30]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Archivos de programa\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Archivos de programa\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Empre\Urbapharma\SAINT.EXE
C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\navw32.exe
C:\Archivos de programa\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archivos de programa\spybot - search & destroy\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\archivos de programa\archivos comunes\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\archiv~1\archiv~1\symant~1\ids\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre6\bin\ssv.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\archivos de programa\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\archivos de programa\windows live toolbar\msntb.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\archivos de programa\archivos comunes\symantec shared\coshared\browser\2.0\CoIEPlg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\archivos de programa\windows live\messenger\MsnMsgr.Exe" /background
uRun: [SpybotSD TeaTimer] c:\archivos de programa\spybot - search & destroy\TeaTimer.exe
mRun: [ccApp] "c:\archivos de programa\archivos comunes\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\archivos de programa\norton internet security\osCheck.exe"
mRun: [GrooveMonitor] "c:\archivos de programa\microsoft office\office12\GrooveMonitor.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\archiv~1\archiv~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\apcups~1.lnk - c:\archivos de programa\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\INICIO~3.LNK -
IE: &Windows Live Search - c:\archivos de programa\windows live toolbar\msntb.dll/search.htm
IE: Convertir a PDF de Adobe - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir a PDF existente - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir destino de vínculo a PDF existente - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir destino de vínculo en archivo PDF de Adobe - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir selección a archivo PDF existente - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir selección a PDF de Adobe - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir vínculos seleccionados a PDF de Adobe - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir vínculos seleccionados a PDF existente - c:\archivos de programa\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\archivos de programa\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archiv~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archivos de programa\spybot - search & destroy\SDHelper.dll
DPF: {00C7C2A0-8B82-11D1-8B57-00A0C98CD92B} - hxxps://secure.bnc.com.ve/Impresion/Bin/ARViewer/ARViewer.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171544728281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {976FFD05-FBA6-44EA-8C41-A4F0FD453395} - hxxp://localhost:1712/assets/itGrid6.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://adaptiveplanning.webex.com/client/T25L/webex/ieatgpc.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h20264.www2.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326
TCP: {4EB29F3E-1321-476E-B6E4-5BB88FD9CC29} = 200.44.32.12,200.44.32.13,200.82.134.7,200.82.134.8
TCP: {8AE78D1D-A1DD-4ECB-9AA7-5065EF8F47E1} = 200.44.32.12,200.44.32.13
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\archivos de programa\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellExecuteHook contra el software malintencionado de Microsoft: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\archiv~1\window~4\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-29 64160]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2007-10-15 4064]
R2 ccEvtMgr;Symantec Event Manager;c:\archivos de programa\archivos comunes\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\archivos de programa\archivos comunes\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\archivos de programa\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\archivos de programa\archivos comunes\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\archivos de programa\archivos comunes\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-5 101936]
R3 NAVENG;NAVENG;c:\archiv~1\archiv~1\symant~1\virusd~1\20090504.041\NAVENG.SYS [2009-5-5 89104]
R3 NAVEX15;NAVEX15;c:\archiv~1\archiv~1\symant~1\virusd~1\20090504.041\NAVEX15.SYS [2009-5-5 876144]
S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
S2 WinDefend;Windows Defender;c:\archivos de programa\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-8-11 16512]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-30 23888]
S3 Symantec Core LC;Symantec Core LC;c:\archiv~1\archiv~1\symant~1\ccpd-lc\symlcsvc.exe [2009-1-6 1251720]
S3 Tomcat6;Adaptive Planning;c:\archivos de programa\adaptive planning\runtime\tomcat-6.0.14\bin\tomcat6.exe [2008-10-1 57344]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]

=============== Created Last 30 ================

2009-05-05 10:56 360,021 a------- c:\archivos de programa\dds.scr
2009-05-05 08:33 <DIR> --d----- c:\archivos de programa\Trend Micro
2009-05-05 08:33 812,344 a------- c:\archivos de programa\HJTInstall.exe
2009-05-05 07:31 1,089,883 -------- c:\windows\system32\dllcache\ntprint.cat
2009-05-05 07:30 59,915 a------- c:\archivos de programa\EliBaglA.exe
2009-05-04 18:14 <DIR> --dsh--- c:\documents and settings\javier poveda\IECompatCache
2009-05-04 14:46 <DIR> --dsh--- c:\documents and settings\javier poveda\PrivacIE
2009-05-04 13:57 <DIR> --dsh--- c:\documents and settings\javier poveda\IETldCache
2009-05-04 13:31 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-05-04 13:15 <DIR> --d----- c:\windows\ie8updates
2009-05-04 13:14 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-04 13:10 <DIR> -cd-h--- c:\windows\ie8
2009-05-04 11:05 <DIR> --d----- c:\archivos de programa\CCleaner
2009-05-04 11:03 3,227,536 a------- c:\archivos de programa\ccsetup219.exe
2009-05-04 10:47 14,048 -------- c:\windows\system32\spmsg2.dll
2009-05-04 09:57 <DIR> --d----- c:\windows\system32\XPSViewer
2009-05-04 09:52 117,760 -------- c:\windows\system32\prntvpt.dll
2009-05-04 09:52 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-04 09:52 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-04 09:52 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-05-04 09:52 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-04 09:52 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-05-04 09:52 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-05-04 09:52 <DIR> --d----- C:\5b01e34b0963ba147a1942c5
2009-04-30 09:27 <DIR> --d----- c:\windows\pss
2009-04-29 13:34 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-29 08:13 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-29 08:09 <DIR> -cd-h--- c:\docume~1\alluse~1\datosd~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-29 08:00 37,452,296 a------- c:\archivos de programa\Ad-AwareAE.exe
2009-04-14 12:48 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 12:48 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-14 12:48 286,720 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-14 12:48 111,104 -------- c:\windows\system32\dllcache\services.exe
2009-04-14 12:48 685,056 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-14 12:48 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-14 12:48 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-14 12:48 739,328 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-14 12:48 733,696 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 12:48 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 12:45 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 12:45 219,136 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-05-05 08:16 429,936 a------- c:\windows\system32\perfh00A.dat
2009-05-05 08:16 63,500 a------- c:\windows\system32\perfc00A.dat
2009-03-25 14:08 304,957 a------- c:\archivos de programa\hjsplit.zip
2009-03-21 09:38 1,042,944 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 969,600 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 265,096 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 09:50 286,720 a------- c:\windows\system32\pdh.dll
2009-02-20 12:39 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
2009-02-20 05:50 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-19 12:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 12:03 207,240 a------- c:\windows\system32\SymRedir.dll
2009-02-11 16:20 16,974,176 a------- c:\archivos de programa\IE8-WindowsXP-x86-ESN.exe
2009-02-10 19:06 2,068,480 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-10 11:18 18,355,979 a------- c:\archivos de programa\123fileconvert.exe
2009-02-10 10:41 9,127,480 a------- c:\archivos de programa\InstallAble2Extract.exe
2009-02-09 09:36 1,846,912 a------- c:\windows\system32\win32k.sys
2009-02-09 09:36 1,846,912 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 08:00 388,558 a------- c:\archivos de programa\ChkFlsh.zip
2009-02-09 06:54 2,191,488 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 06:54 2,026,496 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-09 06:54 2,026,496 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 06:53 2,147,840 a------- c:\windows\system32\ntoskrnl.exe
2009-02-09 06:53 111,104 a------- c:\windows\system32\services.exe
2009-02-09 06:53 2,147,840 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 06:22 733,696 a------- c:\windows\system32\lsasrv.dll
2009-02-09 06:22 685,056 a------- c:\windows\system32\advapi32.dll
2009-02-09 06:22 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:22 739,328 a------- c:\windows\system32\ntdll.dll
2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-06 13:19 41,887,008 a------- c:\archivos de programa\TrainingCenterForWindows_343.exe
2009-02-06 13:06 61,044,000 a------- c:\archivos de programa\MapSource_6153.exe
2009-02-06 08:51 38,778,834 a------- c:\archivos de programa\Venrut4.2.exe
2009-02-06 08:48 16,554,694 a------- c:\archivos de programa\Ventopo1.0.exe
2009-02-06 06:09 35,328 a------- c:\windows\system32\sc.exe
2009-01-20 07:48 655,216 a------- c:\archivos de programa\WindowsXP-KB958644-x86-ESN.exe
2009-01-20 07:47 648,560 a------- c:\archivos de programa\WindowsXP-KB958644-x86-ENU.exe
2008-12-30 16:32 6,039,616 a------- c:\archivos de programa\converter.exe
2008-12-23 11:45 71 a------- c:\archivos de programa\puppy-4.1.2-k2.6.25.16-seamonkey.iso.md5.txt
2008-12-14 08:26 299,442,176 a------- c:\archivos de programa\Norton.Internet.Security.2008.ISO
2008-12-03 09:07 13,870,456 a------- c:\archivos de programa\clj2600n-HB-pd-win32-en.exe
2008-11-30 17:50 59,634 a------- c:\archivos de programa\Norton 2008 - Keygen - EDGE.rar
2008-10-06 07:35 55,594,920 a------- c:\archivos de programa\Visio2003SP3-KB923620-FullFile-ESN.exe
2008-09-18 13:34 8,145,864 a------- c:\archivos de programa\yahoo_firefox_setup-3.0(2).exe
2008-09-18 13:33 8,145,864 a------- c:\archivos de programa\yahoo_firefox_setup-3.0.exe
2008-09-18 13:33 486,128 a------- c:\archivos de programa\ChromeSetup.exe
2008-08-26 13:24 14,968,808 a------- c:\archivos de programa\spybotsd160.exe
2008-08-26 10:40 4,460,280 a------- c:\archivos de programa\petst.exe
2008-08-21 08:48 1,487,613 a------- c:\archivos de programa\Install_Flash_Player_9_ActiveX.zip
2008-08-14 18:05 9,868,672 a------- c:\archivos de programa\Alcohol120_trial_1.9.7.6022.exe
2008-08-13 14:35 6,043,220 a------- c:\archivos de programa\dbfd-trial-setup.exe
2008-08-13 14:31 3,612,952 a------- c:\archivos de programa\dbf_man.zip
2008-08-11 10:02 1,031,904 a------- c:\archivos de programa\audiomp3maker.exe
2008-08-08 15:41 717,393 a------- c:\archivos de programa\divx_3.11alpha.zip
2008-08-07 16:09 9,396,600 a------- c:\archivos de programa\112175_intl_i386_zip.exe
2008-08-07 14:21 3,499,226 a------- c:\archivos de programa\uiso9_pe.exe
2008-08-07 10:28 4,427,696 a------- c:\archivos de programa\IsoBuster_2.4_(Multi_Language)_Softonic_Setup.exe
2008-08-06 18:06 6,629,784 a------- c:\archivos de programa\WINWORDff.msp
2008-08-06 18:06 5,676,428 a------- c:\archivos de programa\WINWORD.msp
2008-08-06 18:06 6,631 a------- c:\archivos de programa\readme.txt
2008-08-06 18:06 1,804 a------- c:\archivos de programa\hotfix.txt
2008-07-18 09:59 264,047 a------- c:\archivos de programa\MetFileRegenerator v3.0.16.exe
2008-07-07 14:40:25 A------- 25,983,045 c:\archivos de programa\InstalarMecAM2v1.exe
2008-09-01 07:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\configuración local\historial\history.ie5\mshist012008090120080902\index.dat

============= FINISH: 10:59:46.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:03:54 AM

Posted 18 May 2009 - 03:06 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:03:54 AM

Posted 22 May 2009 - 03:50 AM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users