Andrea,
That's fine. Just run ComboFix as is. Don't worry about disabling anything
 |
 |
 |
 |
|
|||||||
| [Pending] HJT Logs - Help!! posted in the Security & Safety forums; Andrea, That's fine. Just run ComboFix as is. Don't worry about disabling anything... |
|
08-22-2009
|
#8 |
|
Tech Support Team
 
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,112 PC Experience: Always Learning New Things
|
Re: Help!!
__________________
Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this |
|
|
| Advertisement - Register to Remove | |
|
|
08-22-2009
|
#9 |
|
Bronze Member
 Join Date: Aug 2009
Posts: 8 PC Experience: PC Illiterate
|
Re: Help!!
ok I did it!! I disabled my antivirus! yeih!
this is the log: ComboFix 09-08-21.01 - Andrea 21/08/2009 22:52.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.1022.503 [GMT -4:00] Running from: c:\documents and settings\Andrea\Mis documentos\Downloads\ComboFix.exe AV: avast! antivirus 4.8.1351 [VPS 090821-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\230faf.msi . ((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 ))))))))))))))))))))))))))))))) . 2009-08-21 22:56 . 2009-08-21 22:56 -------- d-----w- c:\documents and settings\Andrea\Datos de programa\Malwarebytes 2009-08-21 22:55 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-21 22:54 . 2009-08-21 22:56 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware 2009-08-21 22:54 . 2009-08-21 22:54 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes 2009-08-21 22:54 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-20 18:45 . 2009-08-22 00:32 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy 2009-08-20 18:45 . 2009-08-20 19:22 -------- d-----w- c:\archivos de programa\Spybot - Search & Destroy 2009-08-20 03:44 . 2009-08-20 03:44 -------- d-----w- c:\archivos de programa\Trend Micro 2009-08-19 13:38 . 2009-08-19 13:38 -------- d-----w- c:\archivos de programa\MSN Messenger 2009-08-17 23:17 . 2008-05-07 18:14 212992 ----a-w- c:\windows\system32\stacsv.exe 2009-08-17 23:17 . 2008-05-07 18:12 2129920 ----a-w- c:\windows\system32\stlang.dll 2009-08-17 23:17 . 2008-05-07 18:13 164352 ----a-w- c:\windows\system32\staco.dll 2009-08-17 23:17 . 2008-05-07 18:16 1271032 ----a-w- c:\windows\system32\drivers\sthda.sys 2009-08-17 23:17 . 2008-05-07 18:13 372736 ----a-w- c:\windows\system32\stacapi.dll 2009-08-17 23:17 . 2009-08-17 23:17 -------- d-----w- c:\archivos de programa\IDT 2009-08-06 02:58 . 2009-08-06 02:58 -------- d-----w- c:\windows\Applian FLV Player . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-08-22 00:14 . 2009-02-02 02:46 -------- d-----w- c:\documents and settings\Andrea\Datos de programa\LimeWire 2009-08-17 23:17 . 2009-01-28 21:51 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information 2009-08-17 16:10 . 2009-01-29 17:42 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2009-01-29 17:42 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2009-01-29 17:42 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:05 . 2009-01-29 17:42 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-17 16:05 . 2009-01-29 17:42 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-17 16:04 . 2009-01-29 17:42 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2009-01-29 17:42 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2009-01-29 17:42 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2009-01-29 17:42 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-17 13:03 . 2009-03-01 01:35 45056 ----a-w- c:\windows\NCUNINST.EXe 2009-08-15 20:40 . 2009-03-14 23:52 -------- d-----w- c:\documents and settings\All Users\Datos de programa\nView_Profiles 2009-08-13 00:23 . 2002-09-10 14:00 724612 ----a-w- c:\windows\system32\perfh00A.dat 2009-08-13 00:23 . 2002-09-10 14:00 150810 ----a-w- c:\windows\system32\perfc00A.dat 2009-08-09 23:13 . 2009-01-29 18:09 -------- d-----w- c:\archivos de programa\MultiKeyboard Driver 2009-08-08 03:11 . 2009-05-18 02:23 -------- d-----w- c:\documents and settings\Kimberly\Datos de programa\LimeWire 2009-08-06 01:27 . 2009-01-30 19:52 -------- d-----w- c:\documents and settings\PC\Datos de programa\LimeWire 2009-07-20 00:30 . 2009-07-20 00:30 -------- d-----w- c:\documents and settings\Kimberly\Datos de programa\vlc 2009-07-20 00:24 . 2009-07-20 00:24 -------- d-----w- c:\documents and settings\Kimberly\Datos de programa\CyberLink 2009-07-14 00:32 . 2009-07-14 00:12 -------- d-----w- c:\archivos de programa\Video Convert Premier 2009-07-14 00:19 . 2009-07-14 00:19 -------- d-----w- c:\archivos de programa\Xilisoft 2009-07-14 00:12 . 2009-07-14 00:12 -------- d-----w- c:\documents and settings\Andrea\Datos de programa\Vso 2009-07-14 00:12 . 2009-07-14 00:12 81920 ----a-w- c:\documents and settings\Andrea\Datos de programa\ezpinst.exe 2009-07-14 00:12 . 2009-07-14 00:12 81920 ----a-w- c:\documents and settings\Andrea\Datos de programa\ezpinst.exe 2009-07-14 00:12 . 2009-07-14 00:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-07-14 00:12 . 2009-07-14 00:12 47360 ----a-w- c:\documents and settings\Andrea\Datos de programa\pcouffin.sys 2009-07-14 00:12 . 2009-07-14 00:12 47360 ----a-w- c:\documents and settings\Andrea\Datos de programa\pcouffin.sys 2009-07-12 01:22 . 2009-07-08 19:59 -------- d-----w- c:\documents and settings\PC\Datos de programa\CyberLink 2009-07-12 01:22 . 2009-07-08 19:59 -------- d-----w- c:\documents and settings\All Users\Datos de programa\CyberLink 2009-07-12 01:02 . 2009-07-12 01:02 -------- d-----w- c:\documents and settings\PC\Datos de programa\InstallShield 2009-07-07 01:33 . 2009-07-07 01:33 -------- d-----w- c:\archivos de programa\Archivos comunes\SWF Studio 2009-06-30 18:00 . 2009-06-30 18:00 -------- d-----w- c:\documents and settings\Andrea\Datos de programa\HiYo 2009-06-30 15:17 . 2009-06-30 15:17 -------- d-----w- c:\documents and settings\PC\Datos de programa\HiYo 2009-06-30 01:42 . 2009-06-30 01:42 -------- d-----w- c:\documents and settings\Kimberly\Datos de programa\HiYo 2009-06-30 01:41 . 2009-06-30 01:41 -------- d-----w- c:\archivos de programa\HiYo 2009-06-30 01:41 . 2009-06-30 01:41 -------- d-----w- c:\documents and settings\All Users\Datos de programa\HiYo 2009-05-27 17:35 . 2009-01-29 21:01 147492 ----a-w- c:\windows\hpoins12.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c905b42-976e-43c1-bc30-fc5937017909}] 2009-05-26 23:45 2094616 ----a-w- c:\archivos de programa\shARES\tbshA0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{9c905b42-976e-43c1-bc30-fc5937017909}"= "c:\archivos de programa\shARES\tbshA0.dll" [2009-05-26 2094616] [HKEY_CLASSES_ROOT\clsid\{9c905b42-976e-43c1-bc30-fc5937017909}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{9C905B42-976E-43C1-BC30-FC5937017909}"= "c:\archivos de programa\shARES\tbshA0.dll" [2009-05-26 2094616] [HKEY_CLASSES_ROOT\clsid\{9c905b42-976e-43c1-bc30-fc5937017909}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "msnmsgr"="c:\archivos de programa\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "Google Update"="c:\documents and settings\Andrea\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" [2009-01-31 133104] "RGSC"="c:\archivos de programa\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-03-14 306088] "EA Core"="c:\archivos de programa\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992] "SpybotSD TeaTimer"="c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "avast!"="c:\archiv~1\ALWILS~1\Avast4\ashDisp. exe" [2009-08-17 81000] "HP Software Update"="c:\archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152] "SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-01-30 136600] "QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2009-02-01 155648] "Adobe Photo Downloader"="c:\archivos de programa\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "Hiyo"="c:\archivos de programa\HiYo\bin\HiYo.exe" [2009-06-09 202032] "SysTrayApp"="c:\archivos de programa\IDT\WDM\sttray.exe" [2008-05-07 413696] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] c:\documents and settings\PC\Men£ Inicio\Programas\Inicio\ MutiKeyboard Driver.lnk - c:\archivos de programa\MultiKeyboard Driver\KbdDrv.exe [2009-1-29 366080] c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\ Administrador de servicios.lnk - c:\archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] HP Digital Imaging Monitor.lnk - c:\archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Archivos de programa\\LimeWire\\LimeWire.exe"= "c:\\Archivos de programa\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Archivos de programa\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\\Archivos de programa\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"= "c:\\Archivos de programa\\Electronic Arts\\EADM\\Core.exe"= "d:\\Archivos de programa\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"= "c:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"= "c:\\Archivos de programa\\MSN Messenger\\livecall.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29/01/2009 01:42 p.m. 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [29/01/2009 01:42 p.m. 20560] R3 Usbfilt;UsbFilt;c:\windows\system32\drivers\usbfil t.sys [29/01/2009 02:09 p.m. 26166] S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?] S3 vmfilter302;vmfilter302;c:\windows\system32\driver s\vmfilter303.sys [31/01/2009 08:56 p.m. 428160] S3 ZSMC302;Vimicro USB PC Camera (ZC0302);c:\windows\system32\drivers\usbVM302.sys [31/01/2009 08:56 p.m. 389241] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2009-08-22 c:\windows\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job - c:\archivos de programa\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 21:39] . - - - - ORPHANS REMOVED - - - - HKCU-Run-ares - c:\archivos de programa\Ares\Ares.exe HKLM-Run-BigDog302 - c:\windows\VM_STI.EXE . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: &Windows Live Search - c:\archivos de programa\Windows Live Toolbar\msntb.dll/search.htm IE: Convert link target to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-08-21 22:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2009-08-22 22:58 ComboFix-quarantined-files.txt 2009-08-22 02:58 Pre-Run: 7,071,195,136 bytes libres Post-Run: 7,385,321,472 bytes libres 167 --- E O F --- 2009-02-11 22:42 THANK YOU!!!!!!!!!!!!!!! |
|
|
|
08-22-2009
|
#10 |
|
Tech Support Team
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,112 PC Experience: Always Learning New Things
|
Re: Help!!
Andrea,
We need to install the Windows Recovery Console. The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you,now and in the future, in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Download the file from this Microsoft page: For XP Home >> Download details: Windows XP Home Edition with Service Pack 2 Utility: Setup Disks for Floppy Boot Install For XP Pro >> Download details: Windows XP Professional with Service Pack 2 Utility: Setup Disks for Floppy Boot Install Do not be concerned that this file is for SP2 and you have SP3. It will work just fine on your system.  Download the file & save it as it's originally named, next to ComboFix.exe.  Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix. [*]Drag the setup package onto ComboFix.exe and drop it.[*]Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.[*]At the next prompt, click 'Yes' to run the full ComboFix scan.  [*]When the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
__________________
Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this |
|
|
|
|
08-22-2009
|
#11 |
|
Bronze Member
Join Date: Aug 2009
Posts: 8 PC Experience: PC Illiterate
|
Re: Help!!
bad news...
 I did it with both of the pages you gave me. none of them worked! the first ones says CFScript name error and the second one says is not compatible! what can I do now?? 
|
|
|
|
|
08-22-2009
|
#12 |
|
Tech Support Team
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,112 PC Experience: Always Learning New Things
|
Re: Help!!
Ok Andrea,
Let's try removing the current install of ComboFix and installing a new one. Please when prompted to install the Recovery Console this time, choose yes. This will clear away any of the files and folders that were created by ComboFix. Go to : Start > Run then copy and paste the following highlighted text below and click OK.
When ComboFix receives such an instruction, it will do the following: a) Deletes the following files/folders: * ComboFix.exe * %system%\swxcacls.exe * %system%\swsc.exe * %system%\VFind.exe * %system%\moveex.exe * %system%\swreg.exe * %systemroot%\catchme.exe * \ComboFix * \Qoobox * \VundoFix Backups * \Deckard * \_OTMoveIt * %systemroot%\erdnt\subs b) Resets the clock settings. c) Hides file extensions d) Hides System/Hidden files e) Clears System Restore cache and create new Restore point ========================================== Next, lets download ComboFix.exe. This will give me a better view to the files running, those that are hidden, and also those in the registry..Please download from one of these webpages . http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe Combofix -> Anti-malware Tools -> Downloads * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. Double-click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.  Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes to continue scanning for malware. When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.
__________________
Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this |
|
|
|
|
08-22-2009
|
#13 |
|
Bronze Member
Join Date: Aug 2009
Posts: 8 PC Experience: PC Illiterate
|
Re: Help!!
the same thing...
 nothing new happened... after all I did it restarted by itself and then a window opened about an error to find a file...  I`m starting to think this doesn`t have a solution... what`s next??thanks for your time!! 
|
|
|
|
|
08-22-2009
|
#14 |
|
Tech Support Team
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,112 PC Experience: Always Learning New Things
|
Re: Help!!
andrea,
This will show me more of your files. Please download DDS and save it to your desktop from here: http://download.bleepingcomputer.com/sUBs/dds.scr or here: http://www.forospyware.com/sUBs/dds Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs DDS.txt Attach.txt Save both reports to your desktop. Copy/Paste the contents of 'DDS.txt' in your next reply. These other two logs ... * attach.txt * ark.txt ... should be zipped/archived before attaching to the reply as well `
__________________
Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this |
|
|
|
|
| Bookmarks |
| Tags |
| Pending:, results |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
