Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

not able to connecct intertet using I.E.


  • This topic is locked This topic is locked
1 reply to this topic

#1 fullinlove

fullinlove

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 08 May 2011 - 12:37 AM

Hello, please help me with this. I'm unable to access the internet using my I.E. since a few weeks. And today still does not work. But now another issue has been added, my right click from the mouse it also has been disable. And i do not why. I run ComboFix and here is the log.txt


ComboFix 11-05-06.03 - Mendieta 06/05/2011 22:53:31.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.287.31 [GMT -5:00]
Running from: c:\documents and settings\Mendieta\Escritorio\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mendieta\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-02 20:13 . 2006-08-01 20:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2011-05-02 20:11 . 2011-05-02 20:11 -------- d-----w- c:\archivos de programa\Realtek AC97
2011-05-02 20:11 . 2006-07-31 16:19 315392 ----a-w- c:\windows\alcupd.exe
2011-05-02 20:09 . 2006-02-07 20:40 204800 ----a-w- c:\archivos de programa\Archivos comunes\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-05-02 20:09 . 2006-02-07 20:40 69715 ----a-w- c:\archivos de programa\Archivos comunes\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-05-02 20:09 . 2006-02-07 20:40 274432 ----a-w- c:\archivos de programa\Archivos comunes\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-05-02 20:09 . 2005-11-14 04:19 5632 ----a-w- c:\archivos de programa\Archivos comunes\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-05-02 20:09 . 2006-02-07 20:45 757760 ----a-w- c:\archivos de programa\Archivos comunes\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-05-02 20:09 . 2011-05-02 20:09 200836 ----a-w- c:\archivos de programa\Archivos comunes\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-05-02 20:09 . 2011-05-02 20:09 331908 ----a-w- c:\archivos de programa\Archivos comunes\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-05-01 15:46 . 2011-05-03 00:32 -------- d-----w- c:\documents and settings\Mendieta\Datos de programa\Alien Skin
2011-05-01 15:27 . 2011-05-01 15:27 -------- d-----w- c:\archivos de programa\Alien Skin
2011-05-01 15:22 . 2008-09-20 23:21 -------- d-----w- c:\archivos de programa\Adobe Photoshop CS3
2011-04-28 15:38 . 2011-04-28 15:38 -------- d-----w- c:\archivos de programa\FileZilla FTP Client
2011-04-22 14:53 . 2011-04-22 14:53 -------- d-----w- c:\documents and settings\Administrador\Configuración local\Datos de programa\Ares
2011-04-22 03:07 . 2011-04-29 20:12 -------- d-----w- c:\documents and settings\Mendieta\Configuración local\Datos de programa\LogMeIn Hamachi
2011-04-22 03:06 . 2011-04-29 19:42 -------- d-----w- c:\documents and settings\LocalService\Configuración local\Datos de programa\LogMeIn Hamachi
2011-04-22 03:04 . 2011-04-22 03:04 -------- d-----w- c:\archivos de programa\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-02-13_19.25.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-07 03:28 . 2011-05-07 03:28 16384 c:\windows\Temp\Perflib_Perfdata_6d4.dat
+ 2011-05-02 20:12 . 2005-11-11 06:07 90112 c:\windows\system32\ReinstallBackups\0001\DriverFiles\SOUNDMAN.EXE
+ 2011-05-02 20:11 . 2004-08-19 13:56 23552 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\wdmaud.drv
+ 2011-05-02 20:11 . 2004-08-04 04:08 48640 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\stream.sys
+ 2011-05-02 20:11 . 2004-08-04 04:08 60288 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\drmk.sys
+ 2009-03-18 22:35 . 2009-03-18 22:35 26176 c:\windows\system32\drivers\hamachi.sys
+ 2011-03-20 00:28 . 2006-09-26 18:57 28672 c:\windows\system32\AVEQT.dll
+ 2011-03-02 21:38 . 2011-03-02 21:38 65536 c:\windows\Installer\{2517B7EA-6C03-4D86-A1B1-F3FE1C3BC03B}\ARPPRODUCTICON.exe
+ 2011-05-02 20:11 . 2004-08-19 20:42 4096 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\ksuser.dll
+ 2008-12-06 21:04 . 2006-10-18 07:53 147456 c:\windows\system32\RtlCPAPI.dll
+ 2011-05-02 20:12 . 2005-09-16 06:14 157184 c:\windows\system32\ReinstallBackups\0001\DriverFiles\RTLCPAPI.dll
+ 2011-05-02 20:11 . 2004-08-04 04:15 145792 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\portcls.sys
+ 2011-05-02 20:11 . 2004-08-04 04:15 140928 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\ks.sys
+ 2011-05-02 20:12 . 2006-07-31 16:27 217088 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Alcrmv.exe
+ 2011-04-15 06:35 . 2011-04-15 06:35 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe
+ 2011-03-11 07:57 . 1997-04-07 18:19 391680 c:\windows\system32\I263_32.drv
+ 2011-03-11 07:57 . 2002-08-22 05:00 413760 c:\windows\system32\DivXc32f.dll
+ 2011-03-11 07:57 . 2002-08-01 10:03 413760 c:\windows\system32\DivXc32.dll
+ 2011-03-20 00:28 . 2007-04-12 19:19 129024 c:\windows\system32\AVERM.dll
+ 2008-12-06 21:04 . 2007-04-16 20:28 577536 c:\windows\soundman.exe
+ 2011-04-22 03:06 . 2011-04-22 03:06 886784 c:\windows\Installer\86906.msi
+ 2011-03-02 21:38 . 2011-03-02 21:38 743424 c:\windows\Installer\2d7efc.msi
+ 2008-12-06 21:04 . 2006-07-31 16:27 217088 c:\windows\Alcrmv.exe
- 2008-12-06 21:04 . 2005-11-18 03:20 217088 c:\windows\Alcrmv.exe
+ 2011-03-11 07:57 . 2011-01-17 20:20 2600448 c:\windows\system32\x264vfw.dll
+ 2011-05-02 20:11 . 2005-11-22 06:44 3804416 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ALCXWDM.SYS
+ 2011-04-15 06:35 . 2011-04-15 06:35 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-12-06 21:04 . 2008-09-24 15:40 4122368 c:\windows\system32\drivers\alcxwdm.sys
+ 2008-12-06 21:04 . 2006-12-08 20:20 10528768 c:\windows\system32\RTLCPL.exe
+ 2011-05-02 20:12 . 2005-11-22 05:38 10475008 c:\windows\system32\ReinstallBackups\0001\DriverFiles\RTLCPL.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-08 2145000]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-02-08 14:51 1015808 ----a-w- c:\archivos de programa\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-19 13:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3700 Series]
2007-01-25 10:00 179200 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIACL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 05:47 31016 ----a-w- c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-03-28 20:41 1910152 ----a-w- c:\archivos de programa\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-19 20:57 1667584 ------w- c:\archivos de programa\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2005-07-12 18:55 49152 ----a-r- c:\windows\system32\SiSPower.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 20:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
2009-01-26 20:31 5365592 --sha-r- c:\archivos de programa\Spybot - Search & Destroy\SpybotSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 17:19 15872 ----a-w- c:\archivos de programa\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"Hamachi2Svc"=2 (0x2)
"CCI Online Support"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"=
"c:\\Archivos de programa\\Ares\\Ares.exe"=
"c:\\Archivos de programa\\Orbitdownloader\\orbitdm.exe"=
"c:\\Archivos de programa\\Orbitdownloader\\orbitnet.exe"=
"c:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=
"c:\\Archivos de programa\\WinHTTrack\\WinHTTrack.exe"=
"c:\\Archivos de programa\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\Mozilla Firefox 4.0 Beta 5\\firefox.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"e:\\HP\\Cliente metin chino\\mc.exe"=
"e:\\HP\\Metin2\\lw.syt2.exe"=
"e:\\Metin2Colombia\\metin2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1876:TCP"= 1876:TCP:pnnlrtt
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [07/04/2010 21:08 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [07/04/2010 21:09 95872]
R2 ekrn;ESET Service;c:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe [07/04/2010 21:08 810120]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/02/2010 11:18 10064]
S2 gupdate;Servicio de actualización de Google (gupdate);"c:\archivos de programa\Google\Update\GoogleUpdate.exe" /svc --> c:\archivos de programa\Google\Update\GoogleUpdate.exe [?]
S2 jpbigwgh;Monitor System;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 8:43 14336]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [07/05/2010 16:56 1051976]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S4 CCI Online Support;CCI Online Support;"c:\cci\vdf6\bin\ccisrcot.exe" -service --> c:\cci\vdf6\bin\ccisrcot.exe [?]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\archivos de programa\LogMeIn Hamachi\hamachi-2.exe [28/03/2011 15:41 1242504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
jpbigwgh
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 94.23.246.105:32000
IE: &Download by Orbit - c:\archivos de programa\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\archivos de programa\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\archivos de programa\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\archivos de programa\Orbitdownloader\orbitmxt.dll/202
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {0F9C8CC2-7232-4635-AB2F-105341A5F565} = 200.125.192.3,200.125.192.4
FF - ProfilePath - c:\documents and settings\Mendieta\Datos de programa\Mozilla\Firefox\Profiles\oz189imd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431232&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.ftp - 192.168.1.2
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 192.168.1.2
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 192.168.1.2
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 192.168.1.2
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de programa\Mozilla Firefox 4.0 Beta 5\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: jormar182 Community Toolbar: {e3393441-609d-4d01-8fb6-7e9029a08c52} - %profile%\extensions\{e3393441-609d-4d01-8fb6-7e9029a08c52}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\archivos de programa\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-06 23:03
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\jpbigwgh]
"ServiceDll"="c:\windows\system32\brpbubix.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-789336058-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2792)
c:\windows\system32\msi.dll
.
Completion time: 2011-05-06 23:10:44
ComboFix-quarantined-files.txt 2011-05-07 04:10
ComboFix2.txt 2011-03-26 14:32
ComboFix3.txt 2011-02-13 19:32
ComboFix4.txt 2010-08-04 02:00
.
Pre-Run: 5.697.552.384 bytes libres
Post-Run: 5.810.622.464 bytes libres
.
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 9DAC2D4A369A63C3BEB27D32CAD06125

And here is the ComboFix.txt

ComboFix 11-05-06.03 - Mendieta 06/05/2011 22:53:31.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.287.31 [GMT -5:00]
Running from: c:\documents and settings\Mendieta\Escritorio\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mendieta\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-02 20:13 . 2006-08-01 20:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2011-05-02 20:11 . 2011-05-02 20:11 -------- d-----w- c:\archivos de programa\Realtek AC97
2011-05-02 20:11 . 2006-07-31 16:19 315392 ----a-w- c:\windows\alcupd.exe
2011-05-02 20:09 . 2006-02-07 20:40 204800 ----a-w- c:\archivos de programa\Archivos comunes\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-05-02 20:09 . 2006-02-07 20:40 69715 ----a-w- c:\archivos de programa\Archivos comunes\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-05-02 20:09 . 2006-02-07 20:40 274432 ----a-w- c:\archivos de programa\Archivos comunes\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-05-02 20:09 . 2005-11-14 04:19 5632 ----a-w- c:\archivos de programa\Archivos comunes\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-05-02 20:09 . 2006-02-07 20:45 757760 ----a-w- c:\archivos de programa\Archivos comunes\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-05-02 20:09 . 2011-05-02 20:09 200836 ----a-w- c:\archivos de programa\Archivos comunes\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-05-02 20:09 . 2011-05-02 20:09 331908 ----a-w- c:\archivos de programa\Archivos comunes\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-05-01 15:46 . 2011-05-03 00:32 -------- d-----w- c:\documents and settings\Mendieta\Datos de programa\Alien Skin
2011-05-01 15:27 . 2011-05-01 15:27 -------- d-----w- c:\archivos de programa\Alien Skin
2011-05-01 15:22 . 2008-09-20 23:21 -------- d-----w- c:\archivos de programa\Adobe Photoshop CS3
2011-04-28 15:38 . 2011-04-28 15:38 -------- d-----w- c:\archivos de programa\FileZilla FTP Client
2011-04-22 14:53 . 2011-04-22 14:53 -------- d-----w- c:\documents and settings\Administrador\Configuración local\Datos de programa\Ares
2011-04-22 03:07 . 2011-04-29 20:12 -------- d-----w- c:\documents and settings\Mendieta\Configuración local\Datos de programa\LogMeIn Hamachi
2011-04-22 03:06 . 2011-04-29 19:42 -------- d-----w- c:\documents and settings\LocalService\Configuración local\Datos de programa\LogMeIn Hamachi
2011-04-22 03:04 . 2011-04-22 03:04 -------- d-----w- c:\archivos de programa\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-02-13_19.25.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-07 03:28 . 2011-05-07 03:28 16384 c:\windows\Temp\Perflib_Perfdata_6d4.dat
+ 2011-05-02 20:12 . 2005-11-11 06:07 90112 c:\windows\system32\ReinstallBackups\0001\DriverFiles\SOUNDMAN.EXE
+ 2011-05-02 20:11 . 2004-08-19 13:56 23552 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\wdmaud.drv
+ 2011-05-02 20:11 . 2004-08-04 04:08 48640 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\stream.sys
+ 2011-05-02 20:11 . 2004-08-04 04:08 60288 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\drmk.sys
+ 2009-03-18 22:35 . 2009-03-18 22:35 26176 c:\windows\system32\drivers\hamachi.sys
+ 2011-03-20 00:28 . 2006-09-26 18:57 28672 c:\windows\system32\AVEQT.dll
+ 2011-03-02 21:38 . 2011-03-02 21:38 65536 c:\windows\Installer\{2517B7EA-6C03-4D86-A1B1-F3FE1C3BC03B}\ARPPRODUCTICON.exe
+ 2011-05-02 20:11 . 2004-08-19 20:42 4096 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\ksuser.dll
+ 2008-12-06 21:04 . 2006-10-18 07:53 147456 c:\windows\system32\RtlCPAPI.dll
+ 2011-05-02 20:12 . 2005-09-16 06:14 157184 c:\windows\system32\ReinstallBackups\0001\DriverFiles\RTLCPAPI.dll
+ 2011-05-02 20:11 . 2004-08-04 04:15 145792 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\portcls.sys
+ 2011-05-02 20:11 . 2004-08-04 04:15 140928 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\ks.sys
+ 2011-05-02 20:12 . 2006-07-31 16:27 217088 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Alcrmv.exe
+ 2011-04-15 06:35 . 2011-04-15 06:35 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe
+ 2011-03-11 07:57 . 1997-04-07 18:19 391680 c:\windows\system32\I263_32.drv
+ 2011-03-11 07:57 . 2002-08-22 05:00 413760 c:\windows\system32\DivXc32f.dll
+ 2011-03-11 07:57 . 2002-08-01 10:03 413760 c:\windows\system32\DivXc32.dll
+ 2011-03-20 00:28 . 2007-04-12 19:19 129024 c:\windows\system32\AVERM.dll
+ 2008-12-06 21:04 . 2007-04-16 20:28 577536 c:\windows\soundman.exe
+ 2011-04-22 03:06 . 2011-04-22 03:06 886784 c:\windows\Installer\86906.msi
+ 2011-03-02 21:38 . 2011-03-02 21:38 743424 c:\windows\Installer\2d7efc.msi
+ 2008-12-06 21:04 . 2006-07-31 16:27 217088 c:\windows\Alcrmv.exe
- 2008-12-06 21:04 . 2005-11-18 03:20 217088 c:\windows\Alcrmv.exe
+ 2011-03-11 07:57 . 2011-01-17 20:20 2600448 c:\windows\system32\x264vfw.dll
+ 2011-05-02 20:11 . 2005-11-22 06:44 3804416 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ALCXWDM.SYS
+ 2011-04-15 06:35 . 2011-04-15 06:35 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-12-06 21:04 . 2008-09-24 15:40 4122368 c:\windows\system32\drivers\alcxwdm.sys
+ 2008-12-06 21:04 . 2006-12-08 20:20 10528768 c:\windows\system32\RTLCPL.exe
+ 2011-05-02 20:12 . 2005-11-22 05:38 10475008 c:\windows\system32\ReinstallBackups\0001\DriverFiles\RTLCPL.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-08 2145000]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-02-08 14:51 1015808 ----a-w- c:\archivos de programa\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-19 13:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3700 Series]
2007-01-25 10:00 179200 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIACL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 05:47 31016 ----a-w- c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-03-28 20:41 1910152 ----a-w- c:\archivos de programa\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-19 20:57 1667584 ------w- c:\archivos de programa\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2005-07-12 18:55 49152 ----a-r- c:\windows\system32\SiSPower.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 20:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
2009-01-26 20:31 5365592 --sha-r- c:\archivos de programa\Spybot - Search & Destroy\SpybotSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 17:19 15872 ----a-w- c:\archivos de programa\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"Hamachi2Svc"=2 (0x2)
"CCI Online Support"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"=
"c:\\Archivos de programa\\Ares\\Ares.exe"=
"c:\\Archivos de programa\\Orbitdownloader\\orbitdm.exe"=
"c:\\Archivos de programa\\Orbitdownloader\\orbitnet.exe"=
"c:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=
"c:\\Archivos de programa\\WinHTTrack\\WinHTTrack.exe"=
"c:\\Archivos de programa\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\Mozilla Firefox 4.0 Beta 5\\firefox.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"e:\\HP\\Cliente metin chino\\mc.exe"=
"e:\\HP\\Metin2\\lw.syt2.exe"=
"e:\\Metin2Colombia\\metin2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1876:TCP"= 1876:TCP:pnnlrtt
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [07/04/2010 21:08 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [07/04/2010 21:09 95872]
R2 ekrn;ESET Service;c:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe [07/04/2010 21:08 810120]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/02/2010 11:18 10064]
S2 gupdate;Servicio de actualización de Google (gupdate);"c:\archivos de programa\Google\Update\GoogleUpdate.exe" /svc --> c:\archivos de programa\Google\Update\GoogleUpdate.exe [?]
S2 jpbigwgh;Monitor System;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 8:43 14336]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [07/05/2010 16:56 1051976]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S4 CCI Online Support;CCI Online Support;"c:\cci\vdf6\bin\ccisrcot.exe" -service --> c:\cci\vdf6\bin\ccisrcot.exe [?]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\archivos de programa\LogMeIn Hamachi\hamachi-2.exe [28/03/2011 15:41 1242504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
jpbigwgh
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 94.23.246.105:32000
IE: &Download by Orbit - c:\archivos de programa\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\archivos de programa\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\archivos de programa\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\archivos de programa\Orbitdownloader\orbitmxt.dll/202
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {0F9C8CC2-7232-4635-AB2F-105341A5F565} = 200.125.192.3,200.125.192.4
FF - ProfilePath - c:\documents and settings\Mendieta\Datos de programa\Mozilla\Firefox\Profiles\oz189imd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431232&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.ftp - 192.168.1.2
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 192.168.1.2
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 192.168.1.2
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 192.168.1.2
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de programa\Mozilla Firefox 4.0 Beta 5\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: jormar182 Community Toolbar: {e3393441-609d-4d01-8fb6-7e9029a08c52} - %profile%\extensions\{e3393441-609d-4d01-8fb6-7e9029a08c52}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\archivos de programa\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-06 23:03
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\jpbigwgh]
"ServiceDll"="c:\windows\system32\brpbubix.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-789336058-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2792)
c:\windows\system32\msi.dll
.
Completion time: 2011-05-06 23:10:44
ComboFix-quarantined-files.txt 2011-05-07 04:10
ComboFix2.txt 2011-03-26 14:32
ComboFix3.txt 2011-02-13 19:32
ComboFix4.txt 2010-08-04 02:00
.
Pre-Run: 5.697.552.384 bytes libres
Post-Run: 5.810.622.464 bytes libres
.
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 9DAC2D4A369A63C3BEB27D32CAD06125

Please let me know wath do i have to do for fix this.
Thanks.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 08 May 2011 - 04:23 PM

As this topic is a duplicate of the topic here http://www.bleepingcomputer.com/forums/topic395970.html I am closing this one.

Please be patient. There are over 300 unanswered topics in this forum at present and the current average wait time to receive help is 8 days.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users