TechSpot

BSOD any time I shut down, no Internet connection

Inactive
By Chupadelpote
Sep 4, 2012
  1. As I posted in this thread I've been having some troubles
    http://www.techspot.com/community/topics/windows-7-x64-bsod-no-internet-since.184944/
    Basically a bsod appears any time I shut down and I don't have acces to the internet, not a router problem, I reinstalled the network card drivers', using a previous restore point and some other things.

    Eset Smart Security is disabled, I'm scaning with malwarebytes and it has found 1 infection so far, I was planning to run a registry check with Ccleaner after that.

    Thank you
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Please review the 5-Step removal instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
     
  3. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    ***** [Servicios] *****


    ***** [Ficheros / Carpetas] *****

    Carpeta Presente : C:\ProgramData\boost_interprocess

    ***** [Registro] *****


    ***** [Navegadores] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] El registro no contiene ninguna entrada ilegítima.

    -\\ Mozilla Firefox v [Imposible obtener la versión]

    Perfil : default
    Fichero : C:\Users\Héctor\AppData\Roaming\Mozilla\Firefox\Profiles\73lex1bf.default\prefs.js

    [OK] El fichero no contiene ninguna entrada ilegítima.

    -\\ Google Chrome v21.0.1180.83

    Fichero : C:\Users\Héctor\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] El fichero no contiene ninguna entrada ilegítima.

    *************************

    AdwCleaner[R1].txt - [719 octets] - [04/09/2012 22:26:02]

    ########## EOF - C:\AdwCleaner[R1].txt - [778 octets] ##########
     
  4. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Versión de la Base de Datos: v2012.08.14.07
    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Héctor :: HÉCTOR-PC [administrador]
    04/09/2012 15:25:32
    mbam-log-2012-09-04 (15-25-32).txt
    Tipos de Análisis: Análisis Completo (C:\|D:\|E:\|)
    Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
    Opciones de análisis desactivados: P2P
    Objetos examinados: 637110
    Tiempo transcurrido: 1 hora(s), 14 minuto(s), 20 segundo(s)
    Procesos en Memoria Detectados: 0
    (No se han detectado elementos maliciosos)
    Módulos de Memoria Detectados: 0
    (No se han detectado elementos maliciosos)
    Claves del Registro Detectados: 0
    (No se han detectado elementos maliciosos)
    Valores del Registro Detectados: 0
    (No se han detectado elementos maliciosos)
    Elementos de Datos del Registro Detectados: 0
    (No se han detectado elementos maliciosos)
    Carpetas Detectadas: 0
    (No se han detectado elementos maliciosos)
    Archivos Detectados: 1
    C:\$Recycle.Bin\S-1-5-21-2041811777-2680021307-3784352755-1001\$RZGD9TM.exe (Trojan.Agent.ck) -> En cuarentena y eliminado con éxito.
    fin)
     
  5. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Héctor at 22:58:16 on 2012-09-04
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.34.3082.18.6135.4587 [GMT 2:00]
    .
    AV: ESET Smart Security 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET Smart Security 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Cortafuegos personal de ESET *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files (x86)\Launchy\Launchy.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Héctor\AppData\Local\Facebook\Update\FacebookUpdate.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Héctor\Desktop\dds.com
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    uRun: [AdobeBridge]
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [<NO NAME>]
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    {AE7CD045-E861-484f-8273-0445EE161910}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    {F4971EE7-DAA0-4053-9964-665D8EE6A077}
    {47833539-D0C5-4125-9FA8-0819E2EAAC93}
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun-x64: [(Predeterminado)]
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2011-9-28 90112]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2009-11-16 735960]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-13 1262400]
    R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-2-24 6583160]
    R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-2-24 528760]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
    S3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-6 1431888]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
    S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\system32\DRIVERS\S3XXx64.sys --> C:\Windows\system32\DRIVERS\S3XXx64.sys [?]
    S3 SaiHF51A;SaiHF51A;C:\Windows\system32\DRIVERS\SaiHF51A.sys --> C:\Windows\system32\DRIVERS\SaiHF51A.sys [?]
    S3 SaiUF51A;SaiUF51A;C:\Windows\system32\DRIVERS\SaiUF51A.sys --> C:\Windows\system32\DRIVERS\SaiUF51A.sys [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
    .
    =============== Created Last 30 ================
    .
    2012-09-04 20:58:17--------d-----w-C:\Users\HÚctor\AppData\Local\Microsoft
    2012-09-02 20:13:0769000----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{995CAE10-840D-42C6-BD92-4E19738D6C08}\offreg.dll
    2012-08-31 13:41:209310152----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{995CAE10-840D-42C6-BD92-4E19738D6C08}\mpengine.dll
    2012-08-29 11:53:03--------d-----w-C:\Mudbox
    2012-08-28 19:30:58--------d-----w-C:\Windows\System32\SPReview
    2012-08-28 19:07:14--------d-----w-C:\Windows\CheckSur
    2012-08-28 18:27:57--------d-----w-C:\Windows\System32\EventProviders
    2012-08-15 10:13:08552448----a-w-C:\Windows\System32\drivers\bthport.sys
    2012-08-15 00:23:25--------d-----w-C:\Users\Héctor\AppData\Roaming\Malwarebytes
    2012-08-15 00:23:1724904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-08-15 00:23:17--------d-----w-C:\ProgramData\Malwarebytes
    2012-08-15 00:23:17--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-15 00:22:38--------d-----w-C:\Windows\pss
    .
    ==================== Find3M ====================
    .
    2012-07-30 21:03:43426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-30 21:03:4270344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-18 17:31:123146752----a-w-C:\Windows\System32\win32k.sys
    2012-07-04 22:01:3858880----a-w-C:\Windows\System32\browcli.dll
    2012-07-04 22:01:38136704----a-w-C:\Windows\System32\browser.dll
    2012-07-04 21:23:5541472----a-w-C:\Windows\SysWow64\browcli.dll
    2012-06-29 03:56:342312704----a-w-C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:111392128----a-w-C:\Windows\System32\wininet.dll
    2012-06-29 03:48:071494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:482382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:581800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:011129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:591427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-06-13 09:20:0197682----a-w-C:\cuda.exe
    .
    ============= FINISH: 22:58:36,71 ===============
     
  6. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    DDS' Attach.txt is too long so I've uploaded it
     

    Attached Files:

  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Remove the Adware.
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    Please post the log.

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  8. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    AdwCleaner stops during the process with an error message:

    Line 2058 (File "...adwcleamer.exe")
    Error: Variable used without beign declared
     
  9. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    That's the logfile

    ***** [Servicios] *****


    ***** [Ficheros / Carpetas] *****

    Carpeta Suprimido : C:\ProgramData\boost_interprocess

    ***** [Registro] *****


    ***** [Navegadores] *****

    -\\ Internet Explorer v9.0.8112.16421
     
  10. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    I've tried running it as administrator with the same result.
     
  11. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    I didn't know if I had to run Combofix after that, but I'm not a very patience guy

    ComboFix 12-09-04.03 - Héctor 05/09/2012 19:54:34.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.34.3082.18.6135.4990 [GMT 2:00]
    Running from: c:\users\HÚctor\Desktop\ComboFix.exe
    AV: ESET Smart Security 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    FW: Cortafuegos personal de ESET *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
    SP: ESET Smart Security 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Héctor\AppData\Local\DNIeService.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-04 20:58 . 2012-09-04 20:58--------d-----w-c:\users\HÚctor
    2012-08-31 13:41 . 2012-08-23 08:269310152----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{995CAE10-840D-42C6-BD92-4E19738D6C08}\mpengine.dll
    2012-08-29 11:56 . 2012-08-29 11:56--------d-----w-c:\users\HCTOR~3\AppData\Roaming\Dropbox
    2012-08-29 11:54 . 2012-08-29 11:54--------d-----w-c:\users\HCTOR~3\AppData\Local\Microsoft
    2012-08-29 11:54 . 2012-08-29 11:54--------d-----w-c:\users\HCTOR~3\AppData\Local\Google
    2012-08-29 11:53 . 2012-08-29 11:53--------d-----w-c:\users\HCTOR~3\AppData\Roaming\Autodesk
    2012-08-29 11:53 . 2012-08-29 11:53--------d-----w-C:\Mudbox
    2012-08-28 19:30 . 2012-08-28 19:30--------d-----w-c:\windows\system32\SPReview
    2012-08-28 19:07 . 2012-08-28 19:07--------d-----w-c:\windows\CheckSur
    2012-08-28 18:27 . 2012-08-28 18:27--------d-----w-c:\windows\system32\EventProviders
    2012-08-15 10:13 . 2012-07-06 19:58552448----a-w-c:\windows\system32\drivers\bthport.sys
    2012-08-15 10:11 . 2012-06-29 04:5517809920----a-w-c:\windows\system32\mshtml.dll
    2012-08-15 10:11 . 2012-06-29 04:0910925568----a-w-c:\windows\system32\ieframe.dll
    2012-08-15 00:23 . 2012-08-15 00:23--------d-----w-c:\users\Héctor\AppData\Roaming\Malwarebytes
    2012-08-15 00:23 . 2012-08-15 00:23--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-15 00:23 . 2012-08-15 00:23--------d-----w-c:\programdata\Malwarebytes
    2012-08-15 00:23 . 2012-07-03 11:4624904----a-w-c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-15 10:10 . 2011-09-30 13:0962134624----a-w-c:\windows\system32\MRT.exe
    2012-07-30 21:03 . 2012-05-19 21:35426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-30 21:03 . 2012-05-19 21:3570344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-13 09:20 . 2012-06-13 09:5197682----a-w-C:\cuda.exe
    2012-06-09 05:30 . 2012-07-11 20:4514165504----a-w-c:\windows\system32\shell32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:1794208----a-w-c:\users\Héctor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:1794208----a-w-c:\users\Héctor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:1794208----a-w-c:\users\Héctor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:1794208----a-w-c:\users\Héctor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-06-30 36864]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2011-9-28 380928]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
    R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-03-16 1847296]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-13 1431888]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
    R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2011-09-07 70016]
    R3 SaiHF51A;SaiHF51A;c:\windows\system32\DRIVERS\SaiHF51A.sys [2007-05-31 175880]
    R3 SaiUF51A;SaiUF51A;c:\windows\system32\DRIVERS\SaiUF51A.sys [2007-05-31 34432]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-28 1255736]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
    S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 136584]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-11-16 735960]
    S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-12-18 44944]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:1797792----a-w-c:\users\Héctor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:1797792----a-w-c:\users\Héctor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:1797792----a-w-c:\users\Héctor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:1797792----a-w-c:\users\Héctor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2716216]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2041811777-2680021307-3784352755-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-2041811777-2680021307-3784352755-1001\Software\SecuROM\License information*]
    "datasecu"=hex:2e,61,f5,30,b3,a8,92,88,e8,6e,3a,ca,aa,23,fb,fa,d2,f8,a8,b8,cb,
    03,aa,ba,be,07,04,02,e0,8e,48,50,90,91,01,12,cd,36,aa,de,ae,c9,9e,9d,14,53,\
    "rkeysecu"=hex:e0,08,db,30,b3,d4,e4,07,99,23,2f,bc,f3,e6,b8,ef
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:a4,32,7d,92,39,cd,04,9e,1b,9c,2d,c5,92,52,65,2f,9e,ac,6f,03,38,
    f7,da,68,5e,fd,b9,85,38,a3,f3,f7,44,d0,a1,77,4f,9b,90,54,d5,8e,cb,69,3d,1d,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:a4,32,7d,92,39,cd,04,9e,1b,9c,2d,c5,92,52,65,2f,9e,ac,6f,03,38,
    f7,da,68,5e,fd,b9,85,38,a3,f3,f7,44,d0,a1,77,4f,9b,90,54,d5,8e,cb,69,3d,1d,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    c:\program files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-05 20:03:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-05 18:03
    .
    Pre-Run: 66.353.328.128 bytes libres
    Post-Run: 65.822.760.960 bytes libres
    .
    - - End Of File - - 95567A8733947E19FACC5D68B5F72490
     
     
  12. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    Still crashes when trying to shut down, no internet and C-states still not working.
     
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
     
  14. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-06 12:59:39
    -----------------------------
    12:59:39.510 OS Version: Windows x64 6.1.7600
    12:59:39.510 Number of processors: 8 586 0x1A05
    12:59:39.510 ComputerName: HÉCTOR-PC UserName: Héctor
    12:59:42.131 Initialize success
    12:59:56.223 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    12:59:56.223 Disk 0 Vendor: Intel___ 1.0. Size: 614400MB BusType: 8
    12:59:56.223 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
    12:59:56.223 Disk 1 Vendor: Intel___ 1.0. Size: 169735MB BusType: 8
    12:59:56.239 Disk 0 MBR read successfully
    12:59:56.239 Disk 0 MBR scan
    12:59:56.239 Disk 0 Windows 7 default MBR code
    12:59:56.255 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    12:59:56.255 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149900 MB offset 206848
    12:59:56.270 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464397 MB offset 307202048
    12:59:56.301 Disk 0 scanning C:\Windows\system32\drivers
    13:00:03.633 Service scanning
    13:00:12.291 Modules scanning
    13:00:12.291 Disk 0 trace - called modules:
    13:00:12.307 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    13:00:12.307 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80071fb060]
    13:00:12.307 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800633b050]
    13:00:12.323 Scan finished successfully
    13:00:25.068 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
    13:00:25.099 The log file has been saved successfully to "G:\aswMBR.txt"
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    1. Download Autoruns and save it to the Desktop.
    2. Upload Dump Files:

      Please go to C:\Windows\Minidump and zip up the contents of the folder. Then upload/attach the .zip file with your post.

      Here's how to do it:
      • Left click on the first minidump file.
      • Hold down the "Shift" key and left click on the last minidump file.
      • Right click on the blue highlighted area and select "Send to"
      • Select "Compressed (zipped) folder" and note where the folder is saved.
      • Upload that .zip file with your post.
      Note: If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there. If it still won't let you zip them up, post in the thread about the error so we can give further advice.

      If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP. If you find it, zip it up and upload it to a free file hosting service . I recommend www.mediafire.com or another free, file-hosting service. Then post the link to it in your topic so that we can download it.

      Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file).
    3. Run a System Health Report, press Start > type in perfmon /report and hit Enter. Once it is done calculating, hit File > Save as..., give it a file name and make sure it will be a HTML Report, and lastly make sure it saves to the Desktop. Once it is on the Desktop, Zip it up. Attach that file as well in your post.
    While waiting for our reply, do the following:


    Note: If you do not have DMP files in your MiniDMP folder, please let us know, then move on to the next step.
     
  16. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    Here go the three last minidumps, I've some older ones saved onto my desktop.

    Performance report gave an error trying to create the log, it says something like that (my computer is in spanish as yo already have noticed): Service didn't awnser on time to the start or control request
     

    Attached Files:

  17. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    Oh, and I don't know what to do with autorun.exe :p
     
  18. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    Ok, I´ve started driver verification so I guess now I've to make normal use of my computer for a day to check any problems.

    About HDD diagnosis I've a RAID config and an external eSata drive so I'm not sure how to do it, and I don't know if I had to wait until driver verification finishes.

    I'm starting to think that it woul be easier to reinstall Windows and wait to see if another problems appears :p

    Thanks a lot
     
  19. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    Also, it gave me an error when I tried to create a restore point.
     
  20. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    I runned a HDD test using seagate tools, it took a few hours so I guess is a pretty stresfull test, everything was ok
     
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Run chkdsk:
    1. Right-click the Start button and select Explore (alternatively, hit WINDOWS key E on your keyboard).
    2. Using Windows Explorer, navigate to your C:\ drive, then right-click the drive and select Properties
    3. In the Properties window that pops up, click the Tools tab and then, under "Error-checking", click on the button that says Check Now...
    4. In the Check disk options window that pops up, place a checkmark in both boxes:
      • Automatically fix file system errors
      • Scan for and attempt recovery of bad sectors
    5. Now click on Start
      • A new window will pop up saying, "Windows can't check the disk while it's in use".
    6. Click Yes to schedule the disk check.
    7. Now shut down (do NOT restart!) your computer, and then turn your computer back on with its power button.
      • When your computer turns on, you will see a black screen with white lettering, this is chkdsk running.
    8. Let chkdsk run through its five stages. When the utility finishes, Windows will boot to the Desktop.
      NOTE: Running chkdsk may take some time to complete. Please be patient and do NOT use the computer, press any keys, or try to stop the chkdsk scan once it has started!

    ==

    Locate the chkdsk log and post it here:
    1. Click on Start, then click Run...
    2. Copy and paste the following text into the "Open:" box: eventvwr.msc /s
      NOTE there is a space between "eventvwr.msc" and "/s"!
    3. Click OK (or hit Enter).
      • This will bring up the Event Viewer window.
    4. In the left panel, click on Application
    5. The chkdsk log should be the first entry, with a source of Winlogon
      NOTE: If it is not the first log, click on View, and then on Newest First: that should place the chkdsk log at the top of the list.
    6. Click on the entry once.
    7. Right-click on the entry and choose Properties
    8. In the window that pops up, click on [​IMG] to copy the log.
    9. Paste the log in a reply to this topic.
     
  22. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    Nombre de registro:Application
    Origen: Microsoft-Windows-Winlogon
    Fecha: 11/09/2012 15:43:34
    Id. del evento:4101
    Categoría de la tarea:Ninguno
    Nivel: Información
    Palabras clave:Clásico
    Usuario: No disponible
    Equipo: HÉCTOR-PC
    Descripción:
    Licencia de Windows validada.
    XML de evento:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Winlogon" />
    <EventID Qualifiers="16384">4101</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-09-11T13:43:34.000000000Z" />
    <EventRecordID>27829</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>HÉCTOR-PC</Computer>
    <Security />
    </System>
    <EventData>
    <Data>0x00000000</Data>
    <Data>0x00000001</Data>
    </EventData>
    </Event>
     
  23. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    Not sure if that's the correct log
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Doesn't look like it, to be honest. :p
     
  25. Chupadelpote

    Chupadelpote TS Rookie Topic Starter Posts: 71

    Ok, now I found it at first look :p, it was under Wininit, not winlogon. It's in spanish

    Nombre de registro:Application
    Origen: Microsoft-Windows-Wininit
    Fecha: 11/09/2012 15:43:54
    Id. del evento:1001
    Categoría de la tarea:Ninguno
    Nivel: Información
    Palabras clave:Clásico
    Usuario: No disponible
    Equipo: HÉCTOR-PC
    Descripción:


    Comprobando el sistema de archivos en C:
    El tipo del sistema de archivos es NTFS.

    Se ha programado una comprobación del disco.
    Windows comprobará ahora el disco.

    CHKDSK está comprobando archivos (etapa 1 de 5)...
    334592 registros de archivos procesados.

    Comprobación de archivos completada.
    355 registros de archivos grandes procesados.

    0 registros de archivos no válidos procesados.

    0 registros de EA procesados.

    89 registros de análisis procesados.

    CHKDSK está comprobando índices (etapa 2 de 5)...
    423500 entradas de índice procesadas.

    Comprobación de índices completada.
    0 archivos no indizados examinados.

    0 archivos no indizados recuperados.

    CHKDSK está comprobando descriptores de seguridad (etapa 3 de 5)...
    334592 SD/SID de archivo procesados.

    Liberando 223 entradas de índice no usadas del índice $SII del archivo 0x9.
    Liberando 223 entradas de índice no usadas del índice $SDH del archivo 0x9.
    Liberando 223 descriptores de seguridad no usados.
    Comprobación de descriptores de seguridad completada.
    44455 archivos de datos procesados.

    CHKDSK está comprobando el diario USN...
    34716624 bytes de USN procesados.

    Se ha completado la comprobación del diario USN.
    CHKDSK está comprobando los datos de archivo (etapa 4 de 5)...
    334576 archivos procesados.

    Comprobación de datos de archivo completada.
    CHKDSK está comprobando el espacio disponible (etapa 5 de 5)...
    16069742 clústeres disponibles procesados.

    La comprobación del espacio disponible se completó.
    CHKDSK detectó espacio disponible marcado como asignado en el
    mapa de bits de la tabla maestra de archivos (MFT).
    Windows ha hecho algunas correciones en el sistema de archivos.

    153497599 KB de espacio total en disco.
    88652724 KB en 238891 archivos.
    125220 KB en 44456 índices.
    0 KB en sectores defectuosos.
    440687 KB en uso por el sistema.
    El archivo de registro ha ocupado 65536 kilobytes.
    64278968 KB disponibles en disco.

    4096 bytes en cada unidad de asignación.
    38374399 unidades de asignación en disco en total.
    16069742 unidades de asignación disponibles en disco.

    Información interna:
    00 1b 05 00 d9 52 04 00 71 01 08 00 00 00 00 00 .....R..q.......
    fb 02 00 00 59 00 00 00 00 00 00 00 00 00 00 00 ....Y...........
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

    Windows ha finalizado la comprobación del disco.
    Espere mientras se reinicia el sistema.

    XML de evento:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-09-11T13:43:54.000000000Z" />
    <EventRecordID>27838</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>HÉCTOR-PC</Computer>
    <Security />
    </System>
    <EventData>
    <Data>

    Comprobando el sistema de archivos en C:
    El tipo del sistema de archivos es NTFS.

    Se ha programado una comprobación del disco.
    Windows comprobará ahora el disco.

    CHKDSK está comprobando archivos (etapa 1 de 5)...
    334592 registros de archivos procesados.

    Comprobación de archivos completada.
    355 registros de archivos grandes procesados.

    0 registros de archivos no válidos procesados.

    0 registros de EA procesados.

    89 registros de análisis procesados.

    CHKDSK está comprobando índices (etapa 2 de 5)...
    423500 entradas de índice procesadas.

    Comprobación de índices completada.
    0 archivos no indizados examinados.

    0 archivos no indizados recuperados.

    CHKDSK está comprobando descriptores de seguridad (etapa 3 de 5)...
    334592 SD/SID de archivo procesados.

    Liberando 223 entradas de índice no usadas del índice $SII del archivo 0x9.
    Liberando 223 entradas de índice no usadas del índice $SDH del archivo 0x9.
    Liberando 223 descriptores de seguridad no usados.
    Comprobación de descriptores de seguridad completada.
    44455 archivos de datos procesados.

    CHKDSK está comprobando el diario USN...
    34716624 bytes de USN procesados.

    Se ha completado la comprobación del diario USN.
    CHKDSK está comprobando los datos de archivo (etapa 4 de 5)...
    334576 archivos procesados.

    Comprobación de datos de archivo completada.
    CHKDSK está comprobando el espacio disponible (etapa 5 de 5)...
    16069742 clústeres disponibles procesados.

    La comprobación del espacio disponible se completó.
    CHKDSK detectó espacio disponible marcado como asignado en el
    mapa de bits de la tabla maestra de archivos (MFT).
    Windows ha hecho algunas correciones en el sistema de archivos.

    153497599 KB de espacio total en disco.
    88652724 KB en 238891 archivos.
    125220 KB en 44456 índices.
    0 KB en sectores defectuosos.
    440687 KB en uso por el sistema.
    El archivo de registro ha ocupado 65536 kilobytes.
    64278968 KB disponibles en disco.

    4096 bytes en cada unidad de asignación.
    38374399 unidades de asignación en disco en total.
    16069742 unidades de asignación disponibles en disco.

    Información interna:
    00 1b 05 00 d9 52 04 00 71 01 08 00 00 00 00 00 .....R..q.......
    fb 02 00 00 59 00 00 00 00 00 00 00 00 00 00 00 ....Y...........
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

    Windows ha finalizado la comprobación del disco.
    Espere mientras se reinicia el sistema.
    </Data>
    </EventData>
    </Event>
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.