Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: something is using my system resources  (Read 2665 times)

0 Members and 1 Guest are viewing this topic.

kwisj

    Topic Starter


    Rookie

    something is using my system resources
    « on: January 25, 2010, 02:12:08 PM »
    Hi
    I have an XP service pack 3 system with an intel pentium R 3.6 processor, and 2 GB of Ram. (fujitsu siemens scaleo t PC)For quite a while now when I try to listen to some music, i have bouts of  every minute or so, something uses up my CPU power, so much so that the music makes a horrible scratchy sound and plays slow, and then after a few seconds goes back to normal. This doesn't happen constantly but maybe 4 or 5 times during listening to one album. Even when I am not playing music I have also noticed that when i move the mouse the cursor sometimes stutter acrosss the screen, which i guess is part of the same probem. Could anyone give me an idea what i could check to see what may be causing this. I have run the anti virus, and Mbam, and they have found nothing. Also i get the same problem if I close down or open a program, or even a web browser, I get the music sounding scratchy and stopping as if something is using my system resources. It happened just now when i opened the task manager, a huge spike shows up on the CPU usage window, and the music is distorted.
    thanks Kwisj
    PS i have asked this elsewhere but was directed to come here. I have carried out the do this before ask for help protocol, and nothing was found.
    I have used task manager to see what is using system resources and it appear to be winlogon.exe  It normally hovers around 0 cycles, but then suddenly jumps up to 35, or 40 and that's when i have the problem.
    here is a list of the logs
    thanks for your time in looking at this :)
    kwisj
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/25/2010 at 04:54 AM

    Application Version : 4.33.1000

    Core Rules Database Version : 4511
    Trace Rules Database Version: 2323

    Scan type       : Quick Scan
    Total Scan Time : 11:55:07

    Memory items scanned      : 499
    Memory threats detected   : 0
    Registry items scanned    : 464
    Registry threats detected : 0
    File items scanned        : 172830
    File threats detected     : 0


    Malwarebytes' Anti-Malware 1.44
    Database version: 3633
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    25/01/2010 12:52:36
    mbam-log-2010-01-25 (12-52-36).txt

    Scan type: Quick Scan
    Objects scanned: 118945
    Time elapsed: 5 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:14:15, on 25/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
    C:\Archivos de programa\LogMeIn\x86\LMIGuardian.exe
    C:\Archivos de programa\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\DeltaIITray.exe
    C:\Archivos de programa\Autorun Eater\oldmcdonald.exe
    C:\Archivos de programa\LogMeIn\x86\LogMeInSystray.exe
    C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\Solways Task Scheduler\tasksched.exe
    C:\Archivos de programa\LogMeIn\x86\LMIGuardian.exe
    C:\Archivos de programa\DisplayFusion\DisplayFusion.exe
    C:\Archivos de programa\Autorun Eater\billy.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\taskmgr.exe
    C:\Archivos de programa\Mozilla Firefox\firefox.exe
    C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\totalcmd\TOTALCMD.EXE
    C:\Archivos de programa\VideoLAN\VLC\vlc.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Archivos de programa\Java\jre6\bin\jqs.exe
    C:\Archivos de programa\Trend Micro\HijackThis\sniper.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\ARCHIV~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
    O4 - HKLM\..\Run: [Autorun Eater] C:\Archivos de programa\Autorun Eater\oldmcdonald.exe
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Archivos de programa\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Archivos de programa\CCleaner\CCleaner.exe" /AUTO
    O4 - HKCU\..\Run: [Solway's Task Scheduler] C:\Archivos de programa\Solways Task Scheduler\tasksched.exe
    O4 - HKCU\..\Run: [DisplayFusion] "C:\Archivos de programa\DisplayFusion\DisplayFusion.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Archivos de programa\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = M:\ERUNT\AUTOBACK.EXE
    O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\D-Link\Software Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\D-Link\Software Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\D-Link\Software Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/MaConfig_3_5_0_0.cab
    O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A1A2C6A9-41E0-41BB-BA02-4F35157D17F5}: NameServer = 80.58.61.250,80.58.61.254
    O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Archivos de programa\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

    --
    End of file - 6954 bytes

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Sage
    • Thanked: 857
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: something is using my system resources
    « Reply #1 on: January 26, 2010, 01:07:44 PM »
    Hello kwisj and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    I noticed in your HJT log that you are running a P2P file-sharing program ( uTorrent) on your computer. While the program itself is probably safe, the files you download with this program are a major source of infections. Therefore, I strongly urge you to uninstall it.


    -----------------------------------------------------------------------------

    Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

    Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

    Exit out of MessengerDisable then delete the two files that were put on the desktop.

    --------------------------------------------------------------------------------------------

    Please go to Jotti's malware scan
    (If more than one file needs scanned they must be done separately and logs posted for each one)

    * Copy the file path in the below Code box:

    Code: [Select]
    C:\Archivos de programa\Autorun Eater\billy.exe
    * At the upload site, click once inside the window next to Browse.
    * Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
    * Next click Submit file
    * Your file will possibly be entered into a queue which normally takes less than a minute to clear.
    * This will perform a scan across multiple different virus scanning engines.
    * Important: Wait for all of the scanning engines to complete.
    * Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

    -----------------------------------------------------------------------------
    Open HijackThis and select Do a system scan only

    Place a check mark next to the following entries: (if there)

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [uTorrent] "C:\Archivos de programa\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Archivos de programa\uTorrent\uTorrent.exe"
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe


    Important: Close all open windows except for HijackThis and then click Fix checked.

    Once completed, exit HijackThis.

    Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

    link # 1
    link #2

    Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

    Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
    Double-click combofix.exe and follow the prompts.
    When finished, ComboFix will produce a log for you.
    Post the ComboFix log and a new HijackThis log in your next reply.

    NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

    Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

    kwisj

      Topic Starter


      Rookie

      Re: something is using my system resources
      « Reply #2 on: January 27, 2010, 12:07:42 PM »
      thank you so much for the reply SD. I will get right on to your protocol when I  get home from work.
      thanks for your time
      Kwisj

      kwisj

        Topic Starter


        Rookie

        Re: something is using my system resources
        « Reply #3 on: January 28, 2010, 02:48:58 AM »
        Hi SD
        I completed your protocol: here are the results. How are things looking?
        thanks for your time
        kwisj

        here is the result of the Jotti scan
        http://virusscan.jotti.org/en/scanresult/097a62a45
        89fb1be17a17cc06e262bf26f1473c4/2c0b4616f6e3b8c
        75428cbd37cd54d647f7ce894


        ComboFix 10-01-27.03 - Christopher Jones 28/01/2010  10:32:57.1.2 - x86
        Microsoft Windows XP Home Edition  5.1.2600.3.1252.34.3082.18.2047.1426 [GMT 1:00]
        Running from: c:\documents and settings\Christopher Jones\Escritorio\ComboFix.exe
        AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
        .

        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        c:\documents and settings\All Users\Datos de programa\hpeE91D.dll

        .
        (((((((((((((((((((((((((   Files Created from 2009-12-28 to 2010-01-28  )))))))))))))))))))))))))))))))
        .

        2010-01-25 12:11 . 2010-01-25 12:11   --------   d-----w-   c:\archivos de programa\Trend Micro
        2010-01-25 12:06 . 2010-01-25 12:06   503808   ----a-w-   c:\documents and settings\Christopher Jones\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c0074e8-n\msvcp71.dll
        2010-01-25 12:06 . 2010-01-25 12:06   499712   ----a-w-   c:\documents and settings\Christopher Jones\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c0074e8-n\jmc.dll
        2010-01-25 12:06 . 2010-01-25 12:06   348160   ----a-w-   c:\documents and settings\Christopher Jones\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c0074e8-n\msvcr71.dll
        2010-01-25 12:06 . 2010-01-25 12:06   61440   ----a-w-   c:\documents and settings\Christopher Jones\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-58db67e0-n\decora-sse.dll
        2010-01-25 12:06 . 2010-01-25 12:06   12800   ----a-w-   c:\documents and settings\Christopher Jones\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-58db67e0-n\decora-d3d.dll
        2010-01-24 15:55 . 2010-01-24 15:55   52224   ----a-w-   c:\documents and settings\Christopher Jones\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
        2010-01-24 15:55 . 2010-01-24 15:55   117760   ----a-w-   c:\documents and settings\Christopher Jones\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
        2010-01-24 15:53 . 2010-01-24 15:53   --------   d-----w-   c:\documents and settings\All Users\Datos de programa\SUPERAntiSpyware.com
        2010-01-24 15:53 . 2010-01-24 15:53   --------   d-----w-   c:\archivos de programa\SUPERAntiSpyware
        2010-01-24 15:53 . 2010-01-24 15:53   --------   d-----w-   c:\documents and settings\Christopher Jones\Datos de programa\SUPERAntiSpyware.com
        2010-01-24 15:53 . 2010-01-24 15:53   --------   d-----w-   c:\archivos de programa\Archivos comunes\Wise Installation Wizard
        2010-01-23 21:44 . 2010-01-23 21:44   --------   d-----w-   c:\documents and settings\Christopher Jones\Datos de programa\Digiarty
        2010-01-23 21:43 . 2010-01-23 21:43   --------   d-----w-   c:\archivos de programa\Digiarty
        2010-01-18 20:37 . 2008-03-21 12:57   14640   ------w-   c:\windows\system32\spmsgXP_2k3.dll
        2010-01-18 20:28 . 2010-01-18 20:28   25512   ----a-w-   c:\windows\system32\drivers\ggsemc.sys
        2010-01-18 20:28 . 2010-01-18 20:28   13224   ----a-w-   c:\windows\system32\drivers\ggflt.sys
        2010-01-18 20:28 . 2010-01-18 20:28   1112288   ----a-w-   c:\windows\system32\WdfCoInstaller01007.dll
        2010-01-18 20:23 . 2010-01-18 20:23   --------   d-----w-   c:\documents and settings\All Users\Datos de programa\BVRP Software
        2010-01-18 20:21 . 2008-01-09 10:28   27632   ----a-w-   c:\windows\system32\drivers\seehcri.sys
        2010-01-18 20:20 . 2009-05-25 13:35   116904   ----a-w-   c:\windows\system32\drivers\s1029unic.sys
        2010-01-18 20:20 . 2009-05-25 13:34   10664   ----a-w-   c:\windows\system32\drivers\s1029cr.sys
        2010-01-18 20:20 . 2009-05-25 13:34   115880   ----a-w-   c:\windows\system32\drivers\s1029mgmt.sys
        2010-01-18 20:20 . 2009-05-25 13:34   111912   ----a-w-   c:\windows\system32\drivers\s1029obex.sys
        2010-01-18 20:20 . 2009-05-25 13:34   26024   ----a-w-   c:\windows\system32\drivers\s1029nd5.sys
        2010-01-18 20:20 . 2009-05-25 13:34   15016   ----a-w-   c:\windows\system32\drivers\s1029mdfl.sys
        2010-01-18 20:20 . 2009-05-25 13:34   122280   ----a-w-   c:\windows\system32\drivers\s1029mdm.sys
        2010-01-18 20:20 . 2009-05-25 13:34   12200   ----a-w-   c:\windows\system32\drivers\s1029cmnt.sys
        2010-01-18 20:20 . 2009-05-25 13:34   12200   ----a-w-   c:\windows\system32\drivers\s1029cm.sys
        2010-01-18 20:20 . 2009-05-25 13:34   12200   ----a-w-   c:\windows\system32\drivers\s1029whnt.sys
        2010-01-18 20:20 . 2009-05-25 13:34   12200   ----a-w-   c:\windows\system32\drivers\s1029wh.sys
        2010-01-18 20:20 . 2009-05-25 13:34   90280   ----a-w-   c:\windows\system32\drivers\s1029bus.sys
        2010-01-18 20:18 . 2010-01-18 20:27   --------   d-----w-   c:\archivos de programa\Sony Ericsson
        2010-01-18 20:18 . 2010-01-18 20:18   --------   d-----w-   c:\documents and settings\All Users\Datos de programa\Sony Ericsson
        2010-01-08 17:43 . 2010-01-08 17:43   --------   d-----w-   c:\archivos de programa\Real
        2010-01-08 17:34 . 2010-01-08 17:34   --------   d-----w-   c:\archivos de programa\RMVB Converter
        2010-01-07 17:59 . 2010-01-07 17:59   --------   d-----w-   c:\documents and settings\Christopher Jones\Datos de programa\ElevatedDiagnostics
        2010-01-07 17:53 . 2010-01-07 17:54   --------   d-----w-   c:\archivos de programa\Microsoft ATS
        2010-01-01 10:05 . 2010-01-05 12:35   --------   d-----w-   c:\documents and settings\Christopher Jones\Datos de programa\DisplayFusion
        2010-01-01 10:01 . 2010-01-01 10:01   --------   d-----w-   c:\archivos de programa\DisplayFusion
        2009-12-31 20:44 . 2009-12-31 20:45   --------   d-----w-   c:\documents and settings\Christopher Jones\Datos de programa\dvdcss

        .
        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2010-01-28 09:17 . 2009-05-31 16:42   1   ----a-w-   c:\documents and settings\Christopher Jones\Datos de programa\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
        2010-01-28 08:35 . 2009-07-18 17:22   --------   d-----w-   c:\documents and settings\Christopher Jones\Datos de programa\uTorrent
        2010-01-28 08:34 . 2009-05-22 16:50   --------   d-----w-   c:\archivos de programa\Autorun Eater
        2010-01-28 08:34 . 2009-06-16 00:57   --------   d-----w-   c:\archivos de programa\LogMeIn
        2010-01-27 18:59 . 2009-11-29 19:21   --------   d-----w-   c:\documents and settings\Christopher Jones\Datos de programa\vlc
        2010-01-26 20:36 . 2009-05-23 16:05   --------   d-----w-   c:\documents and settings\Christopher Jones\Datos de programa\LimeWire
        2010-01-26 20:33 . 2009-11-09 11:57   664   ----a-w-   c:\windows\system32\d3d9caps.dat
        2010-01-26 19:37 . 2009-05-22 17:26   --------   d-----w-   c:\documents and settings\Christopher Jones\Datos de programa\Spotify
        2010-01-25 12:08 . 2009-05-21 17:26   --------   d-----w-   c:\archivos de programa\Java
        2010-01-25 12:06 . 2009-05-21 17:26   --------   d-----w-   c:\archivos de programa\Archivos comunes\Java
        2010-01-25 11:44 . 2009-05-22 16:42   --------   d-----w-   c:\archivos de programa\Malwarebytes' Anti-Malware
        2010-01-25 11:43 . 2009-05-27 18:14   5115824   ----a-w-   c:\documents and settings\All Users\Datos de programa\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
        2010-01-25 11:00 . 2009-05-22 15:50   --------   d-----w-   c:\documents and settings\Christopher Jones\Datos de programa\Skype
        2010-01-24 17:03 . 2009-11-13 16:53   --------   d-----w-   c:\documents and settings\Christopher Jones\Datos de programa\Dropbox
        2010-01-24 11:48 . 2008-04-14 12:00   90396   ----a-w-   c:\windows\system32\perfc00A.dat
        2010-01-24 11:48 . 2008-04-14 12:00   504656   ----a-w-   c:\windows\system32\perfh00A.dat
        2010-01-18 20:38 . 2010-01-18 20:38   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
        2010-01-18 20:38 . 2010-01-18 20:38   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
        2010-01-18 20:18 . 2009-05-21 11:17   --------   d--h--w-   c:\archivos de programa\InstallShield Installation Information
        2010-01-07 17:33 . 2009-09-03 16:30   --------   d-----w-   c:\documents and settings\Christopher Jones\Datos de programa\Roxio
        2010-01-07 15:07 . 2009-05-22 16:42   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
        2010-01-07 15:07 . 2009-05-22 16:42   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
        2010-01-05 09:55 . 2008-04-14 12:00   832512   ----a-w-   c:\windows\system32\wininet.dll
        2010-01-05 09:55 . 2008-04-14 12:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
        2010-01-05 09:55 . 2008-04-14 12:00   17408   ----a-w-   c:\windows\system32\corpol.dll
        2009-12-23 18:35 . 2009-12-18 20:37   --------   d-----w-   c:\archivos de programa\Solway's Plain Backup
        2009-12-23 18:01 . 2009-12-18 20:37   --------   d-----w-   c:\documents and settings\Christopher Jones\Datos de programa\SolwaySoftware
        2009-12-23 18:01 . 2009-12-23 18:01   --------   d-----w-   c:\archivos de programa\Solways Task Scheduler
        2009-12-19 10:10 . 2009-05-24 21:10   --------   d---a-w-   c:\documents and settings\All Users\Datos de programa\TEMP
        2009-12-19 10:09 . 2009-05-24 21:10   --------   d-----w-   c:\archivos de programa\SpywareBlaster
        2009-12-18 20:38 . 2009-12-18 20:38   --------   d-----w-   c:\archivos de programa\SMagnify
        2009-12-17 16:14 . 2009-05-27 17:51   411368   ----a-w-   c:\windows\system32\deploytk.dll
        2009-12-02 10:10 . 2009-11-14 23:20   --------   d-----w-   c:\archivos de programa\MaxiVista Demo Viewer
        2009-11-29 19:18 . 2009-11-29 19:18   --------   d-----w-   c:\archivos de programa\VideoLAN
        2009-11-22 12:31 . 2009-09-01 19:34   532480   ----a-w-   c:\windows\system32\bcd2kcpan.exe
        2009-11-22 12:31 . 2009-09-01 19:34   86016   ----a-w-   c:\windows\system32\bcd2kasio.dll
        2009-11-22 12:31 . 2009-09-01 19:34   42400   ----a-w-   c:\windows\system32\drivers\BCD2000.SYS
        2009-11-22 12:31 . 2009-09-01 19:34   21632   ----a-w-   c:\windows\system32\drivers\BCD2000WDM.SYS
        2009-11-21 15:58 . 2008-04-14 12:00   471552   ----a-w-   c:\windows\AppPatch\aclayers.dll
        2009-11-13 21:14 . 2009-11-13 21:13   1962544   ----a-w-   c:\documents and settings\All Users\Datos de programa\NOS\Adobe_Downloads\install_flash_player_ax.exe
        2009-11-13 16:54 . 2009-11-13 16:54   89962   ----a-w-   c:\documents and settings\Christopher Jones\Datos de programa\Dropbox\bin\Uninstall.exe
        2009-04-15 20:24 . 2009-04-15 20:24   1044480   ----a-w-   c:\archivos de programa\mozilla firefox\plugins\libdivx.dll
        2009-04-15 20:24 . 2009-04-15 20:24   200704   ----a-w-   c:\archivos de programa\mozilla firefox\plugins\ssldivx.dll
        .

        ------- Sigcheck -------

        [-] 2009-10-12 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
        [-] 2009-10-12 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
        [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
        [7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
        .
        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
        @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
        [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
        2009-10-08 21:18   77824   ----a-w-   c:\documents and settings\Christopher Jones\Datos de programa\Dropbox\bin\DropboxExt.3.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
        @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
        [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
        2009-10-08 21:18   77824   ----a-w-   c:\documents and settings\Christopher Jones\Datos de programa\Dropbox\bin\DropboxExt.3.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
        @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
        [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
        2009-10-08 21:18   77824   ----a-w-   c:\documents and settings\Christopher Jones\Datos de programa\Dropbox\bin\DropboxExt.3.dll

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "ccleaner"="c:\archivos de programa\CCleaner\CCleaner.exe" [2009-12-21 1803064]
        "Solway's Task Scheduler"="c:\archivos de programa\Solways Task Scheduler\tasksched.exe" [2008-04-16 60416]
        "DisplayFusion"="c:\archivos de programa\DisplayFusion\DisplayFusion.exe" [2009-12-09 645296]
        "msnmsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "M-Audio Taskbar Icon"="c:\windows\System32\DeltaIITray.exe" [2008-03-03 236040]
        "Autorun Eater"="c:\archivos de programa\Autorun Eater\oldmcdonald.exe" [2008-11-27 501768]
        "LogMeIn GUI"="c:\archivos de programa\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
        "egui"="c:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
        "SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2010-01-11 246504]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

        c:\documents and settings\Christopher Jones\Men£ Inicio\Programas\Inicio\
        ERUNT AutoBackup.lnk - m:\erunt\AUTOBACK.EXE [2005-10-20 38912]

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
        2009-09-03 13:21   548352   ----a-w-   c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
        2009-10-06 14:36   87352   ----a-w-   c:\windows\system32\LMIinit.dll

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
        @="Driver"

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^BTTray.lnk]
        path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\BTTray.lnk
        backup=c:\windows\pss\BTTray.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Launchy.lnk]
        path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Launchy.lnk
        backup=c:\windows\pss\Launchy.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Philips GoGear VIBE Device Manager.lnk]
        path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Philips GoGear VIBE Device Manager.lnk
        backup=c:\windows\pss\Philips GoGear VIBE Device Manager.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^Christopher Jones^Menú Inicio^Programas^Inicio^Dropbox.lnk]
        path=c:\documents and settings\Christopher Jones\Menú Inicio\Programas\Inicio\Dropbox.lnk
        backup=c:\windows\pss\Dropbox.lnkStartup

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
        2008-06-19 14:42   2808832   ----a-w-   c:\windows\ALCWZRD.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
        2009-02-06 15:02   170496   ----a-w-   c:\archivos de programa\Archivos comunes\ArcSoft\Connection Service\Bin\ACDaemon.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCD2000]
        2009-11-22 12:31   532480   ----a-w-   c:\windows\system32\bcd2kcpan.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltaIITaskbarApp]
        2008-03-03 08:13   236040   ----a-w-   c:\windows\system32\DeltaIITray.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]
        2005-02-08 03:00   98304   ----a-w-   c:\windows\system32\spool\drivers\w32x86\3\E_FATIACE.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
        2006-09-29 19:58   49152   ------w-   c:\archivos de programa\CyberLink\PowerDVD\Language\Language.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
        2009-07-26 14:44   3883856   ----a-w-   c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
        2009-01-05 14:18   413696   ----a-w-   c:\archivos de programa\QuickTime\QTTask.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
        2006-09-18 09:08   29696   ------w-   c:\archivos de programa\CyberLink\PowerDVD\PDVDServ.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
        2003-07-15 10:36   319488   ----a-w-   c:\archivos de programa\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
        2003-07-16 22:19   868352   ----a-w-   c:\archivos de programa\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
        2003-05-01 16:44   65536   ----a-w-   c:\archivos de programa\Archivos comunes\Roxio Shared\System\EngUtil.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
        2009-09-24 13:41   434176   ----a-w-   c:\archivos de programa\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
        2008-08-19 11:26   77824   ----a-w-   c:\windows\SOUNDMAN.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
        2009-04-28 19:25   61440   ----a-w-   c:\archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
        2009-12-12 20:08   289584   ----a-w-   c:\archivos de programa\uTorrent\uTorrent.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
        2009-07-01 16:37   37888   ----a-w-   c:\archivos de programa\Winamp\winampa.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
        "iPod Service"=3 (0x3)
        "gusvc"=2 (0x2)
        "Bonjour Service"=2 (0x2)
        "ATI Smart"=2 (0x2)
        "Ati HotKey Poller"=2 (0x2)
        "ASKUpgrade"=2 (0x2)
        "ASKService"=2 (0x2)
        "Apple Mobile Device"=2 (0x2)
        "SLService"=2 (0x2)
        "maconfservice"=3 (0x3)
        "LMIMaint"=2 (0x2)
        "LightScribeService"=2 (0x2)
        "idsvc"=3 (0x3)
        "gupdate1c9e794273a8a36"=2 (0x2)
        "btwdins"=2 (0x2)
        "ACDaemon"=2 (0x2)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "%windir%\\system32\\sessmgr.exe"=
        "c:\\Documents and Settings\\Christopher Jones\\Escritorio\\spotify.exe"=
        "c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
        "c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
        "c:\\Archivos de programa\\LimeWire\\LimeWire.exe"=
        "c:\\Archivos de programa\\Opera\\opera.exe"=
        "c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
        "c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
        "c:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=
        "c:\\Documents and Settings\\Christopher Jones\\Escritorio\\MaxiVistaViewerA.exe"=
        "c:\\Documents and Settings\\Christopher Jones\\Escritorio\\MaxiVistaViewerB.exe"=
        "c:\\Archivos de programa\\Sony Ericsson\\Update Service\\Update Service.exe"=
        "c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

        R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/10/2008 19:53 34824]
        R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 7:56 9968]
        R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7:56 74480]
        R2 ekrn;Eset Service;c:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe [24/10/2008 19:51 468224]
        R2 LMIInfo;LogMeIn Kernel Information Provider;c:\archivos de programa\LogMeIn\x86\rainfo.sys [24/07/2008 17:46 12856]
        R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [16/06/2009 1:58 47640]
        R3 automap;Automap MIDI Driver Service;c:\windows\system32\drivers\automap.sys [22/05/2009 16:43 7168]
        R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaII.sys [22/05/2009 9:09 302728]
        R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [24/07/2008 17:45 12192]
        R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18/01/2010 21:21 27632]
        S2 OMSI download service;Sony Ericsson OMSI download service;c:\archivos de programa\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [18/01/2010 21:19 90112]
        S3 BCD2000;Behringer BCD2000 V1.1.1.0;c:\windows\system32\drivers\BCD2000.SYS [01/09/2009 20:34 42400]
        S3 BCD2000WDM;Behringer BCD2000WDM V1.1.1.0;c:\windows\system32\drivers\BCD2000WDM.SYS [01/09/2009 20:34 21632]
        S3 btiaa2dp;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btiaa2dp.sys [01/08/2009 17:54 67456]
        S3 BTiAPan;Bluetooth PAN Miniport;c:\windows\system32\drivers\btiapan.sys [01/08/2009 17:54 30720]
        S3 btiarcp;Bluetooth AVRCP Device;c:\windows\system32\drivers\btiarcp.sys [01/08/2009 17:54 9216]
        S3 BTIAUSB;Generic Bluetooth Device;c:\windows\system32\drivers\btiausb.sys [01/08/2009 17:54 23808]
        S3 BTPROT;Generic Bluetooth Filter;c:\windows\system32\drivers\btprot.sys [01/08/2009 17:54 484096]
        S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18/01/2010 21:28 13224]
        S3 iAnywhere_btAudio;Bluetooth Virtual SCO Device;c:\windows\system32\drivers\btiasco.sys [01/08/2009 17:54 19712]
        S3 MagixASIODrv;MAGIX_ASIO_BoostDriver;\??\c:\archivos de programa\MAGIX\Samplitude_10_SE\mxasio.sys --> c:\archivos de programa\MAGIX\Samplitude_10_SE\mxasio.sys [?]
        S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\drivers\nvnusbaudio.sys [22/05/2009 16:43 25600]
        S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [22/05/2009 19:43 31872]
        S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [18/01/2010 21:20 90280]
        S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [18/01/2010 21:20 15016]
        S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [18/01/2010 21:20 122280]
        S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [18/01/2010 21:20 115880]
        S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [18/01/2010 21:20 26024]
        S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [18/01/2010 21:20 111912]
        S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [18/01/2010 21:20 116904]
        S3 SASENUM;SASENUM;c:\archivos de programa\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7:56 7408]
        S4 gupdate1c9e794273a8a36;Servicio Google Update (gupdate1c9e794273a8a36);c:\archivos de programa\Google\Update\GoogleUpdate.exe [07/06/2009 18:19 133104]
        S4 LMIRfsClientNP;LMIRfsClientNP;

        S4 maconfservice;Ma-Config Service;c:\archivos de programa\ma-config.com\maconfservice.exe [13/05/2009 13:37 234864]

        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
        2009-08-20 11:24   451872   ----a-w-   c:\archivos de programa\Archivos comunes\LightScribe\LSRunOnce.exe
        .
        .
        ------- Supplementary Scan -------
        .
        uStart Page = hxxp://uk.yahoo.com/
        uInternet Settings,ProxyOverride = *.local
        IE: Enviar a &Bluetooth - c:\archivos de programa\D-Link\Software Bluetooth\btsendto_ie_ctx.htm
        TCP: {A1A2C6A9-41E0-41BB-BA02-4F35157D17F5} = 80.58.61.250,80.58.61.254
        FF - ProfilePath - c:\documents and settings\Christopher Jones\Datos de programa\Mozilla\Firefox\Profiles\5bdzyo1i.default\
        FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
        FF - plugin: c:\archivos de programa\Google\Update\1.2.183.7\npGoogleOneClick8.dll
        FF - plugin: c:\archivos de programa\ma-config.com\nphardwaredetection.dll
        FF - plugin: c:\archivos de programa\Opera\program\plugins\nppl3260.dll
        FF - plugin: c:\archivos de programa\Opera\program\plugins\nprpjplug.dll
        FF - plugin: c:\documents and settings\Christopher Jones\Datos de programa\Mozilla\Firefox\Profiles\5bdzyo1i.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
        FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

        ---- FIREFOX POLICIES ----
        FF - user.js: yahoo.homepage.dontask - true.
        - - - - ORPHANS REMOVED - - - -

        MSConfigStartUp-iTunesHelper - c:\archivos de programa\iTunes\iTunesHelper.exe
        MSConfigStartUp-MSMSGS - c:\archivos de programa\Messenger\msmsgs.exe
        MSConfigStartUp-swg - c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        MSConfigStartUp-YouSendIt - c:\archivos de programa\YouSendIt\Express\YouSendIt.exe
        AddRemove-HijackThis - c:\archivos de programa\Trend Micro\HijackThis\HijackThis.exe



        **************************************************************************

        disk not found C:\

        please note that you need administrator rights to perform deep scan
        scanning hidden processes ... 

        scanning hidden autostart entries ...

        scanning hidden files ... 

        scan completed successfully
        hidden files:

        **************************************************************************
        .
        --------------------- DLLs Loaded Under Running Processes ---------------------

        - - - - - - - > 'winlogon.exe'(668)
        c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll
        c:\windows\system32\WININET.dll
        c:\windows\SYSTEM32\Ati2evxx.dll
        c:\windows\SYSTEM32\LMIinit.dll
        c:\windows\SYSTEM32\LMIRfsClientNP.dll
        .
        Completion time: 2010-01-28  10:39:11
        ComboFix-quarantined-files.txt  2010-01-28 09:39

        Pre-Run: 138.403.471.360 bytes libres
        Post-Run: 138.412.068.864 bytes libres

        WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
        [boot loader]
        timeout=2
        default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
        [operating systems]
        c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
        multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

        - - End Of File - - 566F594473C02BF700B625155151C5C0


        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 10:44:13, on 28/01/2010
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16981)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Archivos de programa\Java\jre6\bin\jqs.exe
        C:\Archivos de programa\LogMeIn\x86\RaMaint.exe
        C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
        C:\Archivos de programa\LogMeIn\x86\LMIGuardian.exe
        C:\WINDOWS\system32\MsPMSPSv.exe
        C:\WINDOWS\System32\DeltaIITray.exe
        C:\Archivos de programa\LogMeIn\x86\LogMeInSystray.exe
        C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
        C:\Archivos de programa\LogMeIn\x86\LMIGuardian.exe
        C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Archivos de programa\DisplayFusion\DisplayFusion.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\notepad.exe
        C:\WINDOWS\explorer.exe
        C:\Archivos de programa\Mozilla Firefox\firefox.exe
        C:\WINDOWS\SYSTEM32\taskmgr.exe
        C:\Archivos de programa\Trend Micro\HijackThis\sniper.exe.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
        O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\ARCHIV~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
        O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
        O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
        O4 - HKLM\..\Run: [Autorun Eater] C:\Archivos de programa\Autorun Eater\oldmcdonald.exe
        O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Archivos de programa\LogMeIn\x86\LogMeInSystray.exe"
        O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
        O4 - HKCU\..\Run: [ccleaner] "C:\Archivos de programa\CCleaner\CCleaner.exe" /AUTO
        O4 - HKCU\..\Run: [Solway's Task Scheduler] C:\Archivos de programa\Solways Task Scheduler\tasksched.exe
        O4 - HKCU\..\Run: [DisplayFusion] "C:\Archivos de programa\DisplayFusion\DisplayFusion.exe"
        O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: ERUNT AutoBackup.lnk = M:\ERUNT\AUTOBACK.EXE
        O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\D-Link\Software Bluetooth\btsendto_ie_ctx.htm
        O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\D-Link\Software Bluetooth\btsendto_ie.htm
        O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\D-Link\Software Bluetooth\btsendto_ie.htm
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/MaConfig_3_5_0_0.cab
        O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
        O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{A1A2C6A9-41E0-41BB-BA02-4F35157D17F5}: NameServer = 80.58.61.250,80.58.61.254
        O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
        O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
        O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
        O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
        O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Archivos de programa\LogMeIn\x86\RaMaint.exe
        O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
        O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Archivos de programa\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

        --
        End of file - 6026 bytes


        « Last Edit: February 06, 2010, 08:25:28 AM by SuperDave »

        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Sage
        • Thanked: 857
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Re: something is using my system resources
        « Reply #4 on: January 28, 2010, 01:04:38 PM »
        Did you re-name Autorun Eater to "billy.exe"?

        Download DeFogger by jpshortstuffand save it to your desktop.
         
        * Double click DeFogger.exe to run the tool.
        * The application window will appear.
        * Click the Disable button to disable your CD Emulation drivers
        * Click Yes to continue.
        * A 'Finished!' message will appear.
        * Click OK.
        * DeFogger will now ask to reboot the machine...click OK.
         
        IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
         
        Do not re-enable these drivers until otherwise instructed.

        To re-enable your Emulation drivers, double click DeFogger to run the tool.

        * The application window will appear.
        * Click the Re-enable button to re-enable your CD Emulation drivers.
        * Click Yes to continue.
        * A 'Finished!' message will appear.
        * Click OK
        * DeFogger will now ask to reboot the machine, click OK

        IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

        Your Emulation drivers are now re-enabled.

        Download GMER Rootkit Detector and save it your desktop.
         
        * Extract it to your desktop and double-click GMER.exe
        * Make sure all of the boxes on the right of the screen are checked, EXCEPT for "Show All".
        * Click the Rootkit tab and then Scan.
        * Don't check the Show All box while scanning in progress!
        * When scanning is finished click Copy.
        * This copies the log to clipboard
        * Post the log in your reply.
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

        kwisj

          Topic Starter


          Rookie

          Re: something is using my system resources
          « Reply #5 on: January 28, 2010, 02:22:33 PM »
          Hi SD not sure about autorun eater. in its prgram file are two applications 1 old mcdonald, and the other billy. when I look at the task manager something is running called billy.exe
          I ran the defogger, and did not re enable my emulation drivers until after gmer ran. wasn't too sure about the steps re this application that is, was not sure if re enabling the drivers was something to do with an  application error for the defogger program. Please let me know if you want me to repeat this stage again. PS I have noticed that the winlogon.exe has not been jumping up to 30 to 40 cycles since I stared with your protocol. Not sure if that's relevant.
          thanks again for you time
          Kwisj
          here is the gmer log
          GMER 1.0.15.15281 - http://www.gmer.net
          Rootkit scan 2010-01-28 22:10:19
          Windows 5.1.2600 Service Pack 3
          Running: gmer.exe; Driver: C:\DOCUME~1\CHRIST~1\CONFIG~1\Temp\kwaiqpow.sys


          ---- Kernel code sections - GMER 1.0.15 ----

          .text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                 
           section is writeable [0xB95E1000, 0x1CBE76, 0xE8000020]

          ---- User code sections - GMER 1.0.15 ----

          .text           C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe[1464] kernel32.dll!SetUnhandledExceptionFilter  7C84495D 4 Bytes  [C2, 04, 00, 00]

          ---- Devices - GMER 1.0.15 ----

          AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                   
            eamon.sys (Amon monitor/ESET)
          AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                               
             epfwtdir.sys
          AttachedDevice  \FileSystem\Fastfat \Fat                                                                                 
           eamon.sys (Amon monitor/ESET)

          ---- EOF - GMER 1.0.15 ----
          w
          « Last Edit: February 06, 2010, 08:28:36 AM by SuperDave »

          SuperDave

          • Malware Removal Specialist
          • Moderator


          • Sage
          • Thanked: 857
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: something is using my system resources
          « Reply #6 on: January 31, 2010, 10:14:38 AM »
          Uninstall GMER

          Click on Start > Run and type in or copy/paste all of the Red text into the Run box.

          %windir%\gmer_uninstall.cmd

          Click OK to remove GMER.
          ESET Online Scan

          ----------------------------------------------------------------------------------
          Scan your computer with the ESET FREE Online Virus Scan

          * Click the ESET Online Scanner button.

          * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
          * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
          * Double click on the esetsmartinstaller_enu.exe icon on your desktop.
          * Place a check mark next to YES, I accept the Terms of Use.

          * Click the Start button.
          * Accept any security warnings from your browser.
          * Leave the check mark next to Remove found threats and place a check next to Scan archives.
          * Click the Start button.
          * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
          * When the scan completes, click List of found threats.
          * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
          * Click the <<Back button then click Finish.

          In your next reply please include the ESET Online Scan Log
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

          kwisj

            Topic Starter


            Rookie

            Re: something is using my system resources
            « Reply #7 on: February 04, 2010, 01:52:30 PM »
            Hi Sd
            I could not uninstall GMER using that command. I guess it may be that it is already uninstalled. There is no scan log for ESET as it did not find anything, and it did not give me any text files re that.  Like I said earlier we deleted something early on with hijackthis, and I have noticed that i do not seem to be getting the winlog.exe problem any more. So maybe you have fixed the problem.
            thanks again for your time
            Kwisj

            SuperDave

            • Malware Removal Specialist
            • Moderator


            • Sage
            • Thanked: 857
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Re: something is using my system resources
            « Reply #8 on: February 04, 2010, 04:58:31 PM »
            Scan your computer with Panda ActiveScan

            * Once you are on the Panda site click the Scan your PC now button.
            * A new window will open...click the Scan Now button.
            * If it wants to install an ActiveX component allow it.
            * It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes)
            * You may get a warning from Internet Explorer that Panda is ready to install, please allow it.
            * The scan will begin. Please be patient as it can take an hour or more to complete.
            * When the scan completes, if anything malicious is detected, click the Export to: button (looks like a little Notepad).
            * Save the ActiveScan.txt to a convenient location like your desktop.
            * Note: You do not need to select any of the Disinfect options. We will remove any threats manually.

            * Post the contents of the ActiveScan report in your next reply.

            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

            kwisj

              Topic Starter


              Rookie

              Re: something is using my system resources
              « Reply #9 on: February 06, 2010, 03:00:37 AM »
              Hi SD
              I ran the panda online scanner and it says that it has found 2 infected files on C. But, it did not complete the scan as the system crashed and I had to reboot the PC.  I have restarted the scan, but it seems to be going very, very slowly. The first scan took over 3 hours to reach 75% before it crashed. Although if it is scanning my entire system, I have 3 external back up hard drives of between 300 to 500 GB, so this maybe delaying everything. Although it has taken over an hour, and it is still on C drive at 19% completion. Please advise if I need to be doing something.
              thanks for your time
              kwisj

              kwisj

                Topic Starter


                Rookie

                Re: something is using my system resources
                « Reply #10 on: February 06, 2010, 04:22:40 AM »
                Hi SD
                OK this is the result for the scan to C drive. I did not let it scan my other drives, as it seemed to be getting really hung up on them, and I noticed that the infected files were on C. So this is the result for C only.
                I notice that the trojan is associated with combofix. Which is something that we have downloaded during this malware removal exercise. Does this mean that the panda av has picked up on something that is part of combofix, or is this malware? Please advise. Also could you advise on how to check the external hardrives to make sure they are malware free?
                thanks again for your time
                kwisj
                ;********************************************************************
                ANALYSIS: 2010-02-06 12:13:14
                PROTECTIONS: 1
                MALWARE: 2
                SUSPECTS: 0
                ;*************************************************************************
                PROTECTIONS
                Description                                  Version                       Active    Updated
                ;===========================================================================
                ESET NOD32 Antivirus 3.0                     3.0                           Yes       Yes
                ;============================================================================
                MALWARE
                Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
                ;============================================================================
                00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c

                :\documents and settings\christopher jones\cookies\christopher_jones@atdmt[2].txt
                05898765  Trj/Nabload.DPS                    Virus/Trojan        No        0         No             No           
                c:\documents and settings\christopher jones\escritorio\combofix.exe[32788r22fwjfw\catchme.cfxxe]
                ;=============================================================================
                SUSPECTS
                Sent      Location
                ;=============================================================================
                ;=============================================================================
                VULNERABILITIES
                Id        Severity       Description
                ;==============================================================================
                ;==============================================================================
                « Last Edit: February 06, 2010, 08:32:19 AM by SuperDave »

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Sage
                • Thanked: 857
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Re: something is using my system resources
                « Reply #11 on: February 06, 2010, 07:00:40 AM »
                That's ok. One is a tracking cookie which SAS should get rid of if you run it and the other belongs to ComboFix which we will also get rid of. How's your computer working?
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

                kwisj

                  Topic Starter


                  Rookie

                  Re: something is using my system resources
                  « Reply #12 on: February 06, 2010, 01:41:56 PM »
                  Hi Sd
                  My PC appears to be working fine. Like i said, I don't seem to be getting that winlog.exe jumping up to 35 40 cycles anymore since we deleted something with hijackthis.
                  cheers for your time
                  kwisj

                  SuperDave

                  • Malware Removal Specialist
                  • Moderator


                  • Sage
                  • Thanked: 857
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 8
                  Re: something is using my system resources
                  « Reply #13 on: February 06, 2010, 05:52:33 PM »
                  That's good. It looks like your computer is good to go. You can run SAS and MBAM on your other drives by configuring them to scan whichever drive you want to scan. It's highly unlikely that they are infected unless you transferred an infected file to them. If there is nothing else, it's time for some clean-up. You can uninstall HJT and ESET but keep SAS and MBAM. Update them and run them every so often depending on your internet activity.

                  To uninstall ComboFix

                  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
                  • In the field, type in ComboFix /uninstall


                  (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

                  • Then, press Enter, or click OK.
                  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
                  ============================================
                  Download OTC by OldTimer and save it to your desktop.

                  1. Double-click OTC to run it.
                  2. Click the CleanUp! button.
                  3. Select Yes when the "Begin cleanup Process?" prompt appears.
                  4. If you are prompted to Reboot during the cleanup, select Yes
                  5. OTC should delete itself once it finishes, if not delete it yourself.

                  ==========================================
                  Clean out your temporary internet files and temp files.

                  Download TFC by OldTimer to your desktop.

                  Double-click TFC.exe to run it.

                  Note: If you are running on Vista, right-click on the file and choose Run As Administrator

                  TFC will close all programs when run, so make sure you have saved all your work before you begin.

                  * Click the Start button to begin the cleaning process.
                  * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
                  * Please let TFC run uninterrupted until it is finished.

                  Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

                  =========================================
                  Looking over your log it seems you don't have any evidence of a third party firewall.

                  Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

                  Remember only install ONE firewall

                  1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
                  2) Online Armor
                  3) Agnitum Outpost
                  4) PC Tools Firewall Plus

                  If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

                  ===========================================
                  Use the Secunia Software Inspector to check for out of date software.

                  •Click Start Now

                  •Check the box next to Enable thorough system inspection.

                  •Click Start

                  •Allow the scan to finish and scroll down to see if any updates are needed.
                  •Update anything listed.
                  .
                  ----------

                  Go to Microsoft Windows Update and get all critical updates.

                  ----------

                  I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                  SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
                  * Using SpywareBlaster to protect your computer from Spyware and Malware
                  * If you don't know what ActiveX controls are, see here

                  Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

                  Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                  Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
                  Safe Surfing! ;D
                  Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

                  kwisj

                    Topic Starter


                    Rookie

                    Re: something is using my system resources
                    « Reply #14 on: February 07, 2010, 02:54:38 AM »
                    Hi SD
                    Well firstly thanks so much for helping me out on this topic. Re the firewall, I have the windows one running, I see now that that is not good enough, that's the same for my other 5 PCs, so I now need to go to my other 5 PCs and put on a third party firewall: good advice, I never knew that! I shall run through the clean up protocol, and I shall download a 3rd party firewall, as well as your other recommended security software.
                    Thanks again for your time
                    Kwisj
                    « Last Edit: February 07, 2010, 03:09:28 AM by kwisj »