# trojan problem



## soledad (Oct 17, 2010)

I have the same problem, i've already did the scan with HijackThis and Malware latest versions. Please help me! LOGS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:22, on 17-10-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\windows\system32\wuaucldt.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\SRS Labs\WOWHD and TSHD Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\maria soledad\wuaucldt.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: sysogp32.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Archivos de programa\SRS Labs\WOWHD and TSHD Driver\SRS_PostInstaller.exe

--
End of file - 4972 bytes




MALWARE:

Logfile created: 17-10-2010 03:20:29
Ad-Aware version: 8.3.4
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: MARIA SOLEDAD

*********************** Definitions database information ***********************
Lavasoft definition file: 150.126
Genotype definition file version: 2010/10/15 09:03:50
Extended engine definition file: 7071.0

******************************** Scan results: *********************************
Scan profile name: Inteligente  (ID: smart)
Objects scanned: 10654
Objects detected: 4


Type              Detected
==========================
Processes.......:        1
Registry entries:        0
Hostfile entries:        0
Files...........:        3
Folders.........:        0
LSPs............:        0
Cookies.........:        0
Browser hijacks.:        0
MRU objects.....:        0



Quarantined items:
Description: c:\windows\cfdrive32.exe Family Name: Win32.Backdoor.IRCBot/AV Engine: 1 Clean status: Success Item ID: 0 Family ID: 0
Description: c:\documents and settings\maria soledad\configuración local\archivos temporales de internet\content.ie5\dfecjnrw\adv2[1].exe Family Name: Trojan.Win32.Generic.pak!cobra Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c8953544af193b338ae28700e0460bfc
Description: c:\documents and settings\maria soledad\configuración local\temp\004884.exe Family Name: Trojan.Win32.Generic.pak!cobra Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 53ff9cb29604a0a174fa7cc8231bd8b5
Description: c:\documents and settings\maria soledad\configuración local\temp\600387.exe Family Name: Trojan.Win32.Generic.pak!cobra Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c8953544af193b338ae28700e0460bfc

Scan and cleaning complete: Finished correctly after 420 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Inteligente
  ID: folderstoscan, enabled:1, value: 
  ID: useantivirus, enabled:1, value: true
  ID: sections, enabled:1
    ID: scancriticalareas, enabled:1, value: true
    ID: scanrunningapps, enabled:1, value: true
    ID: scanregistry, enabled:1, value: true
    ID: scanlsp, enabled:1, value: true
    ID: scanads, enabled:1, value: false
    ID: scanhostsfile, enabled:1, value: false
    ID: scanmru, enabled:1, value: false
    ID: scanbrowserhijacks, enabled:1, value: true
    ID: scantrackingcookies, enabled:1, value: true
      ID: closebrowsers, enabled:1, value: false
  ID: filescanningoptions, enabled:1
    ID: archives, enabled:1, value: false
    ID: onlyexecutables, enabled:1, value: true
    ID: skiplargerthan, enabled:1, value: 20480
    ID: scanrootkits, enabled:1, value: true
      ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
    ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
  ID: addtocontextmenu, enabled:1, value: true
  ID: playsoundoninfection, enabled:1, value: false
    ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
  ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently
  ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
  ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
  ID: schedules, enabled:1, value: true
    ID: updatedaily1, enabled:1, value: Daily 1
      ID: time, enabled:1, value: Sat Oct 16 23:01:00 2010
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily2, enabled:1, value: Daily 2
      ID: time, enabled:1, value: Sat Oct 16 05:01:00 2010
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily3, enabled:1, value: Daily 3
      ID: time, enabled:1, value: Sat Oct 16 11:01:00 2010
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily4, enabled:1, value: Daily 4
      ID: time, enabled:1, value: Sat Oct 16 17:01:00 2010
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updateweekly1, enabled:1, value: Weekly
      ID: time, enabled:1, value: Sat Oct 16 23:01:00 2010
      ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: true
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: true
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
  ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
  ID: showtrayicon, enabled:1, value: true
  ID: autoentertainmentmode, enabled:1, value: true
  ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
  ID: language, enabled:1, value: es, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
  ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
  ID: layers, enabled:1
    ID: useantivirus, enabled:1, value: true
    ID: usespywareheuristics, enabled:1, value: true
  ID: modules, enabled:1
    ID: processprotection, enabled:1, value: true
    ID: onaccessprotection, enabled:1, value: false
    ID: registryprotection, enabled:1, value: true
    ID: networkprotection, enabled:1, value: true


****************************** System information ******************************
Computer name: MARIASOLEDAD
Processor name:          Intel(R) Atom(TM) CPU N450   @ 1.66GHz
Processor identifier: x86 Family 6 Model 28 Stepping 10
Processor speed: ~1662MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 7178, number of processors 2, processor features: [MMX,SSE,SSE2]
Physical memory available: 463323136 bytes
Physical memory total: 1042104320 bytes
Virtual memory available: 1881169920 bytes
Virtual memory total: 2147352576 bytes
Memory load: 55%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 560 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 632 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 660 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 704 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 716 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 888 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 932 name: C:\WINDOWS\system32\svchost.exe owner: Servicio de red domain: NT AUTHORITY
PID: 1004 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1084 name: C:\WINDOWS\system32\svchost.exe owner: Servicio de red domain: NT AUTHORITY
PID: 1176 name: C:\WINDOWS\system32\svchost.exe owner: SERVICIO LOCAL domain: NT AUTHORITY
PID: 1308 name: C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1584 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1616 name: C:\WINDOWS\Explorer.EXE owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 2044 name: C:\SPLASH.SYS\config\DVMExportService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 180 name: C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe owner: SYSTEM domain: NT AUTHORITY
PID: 340 name: C:\windows\system32\wuaucldt.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 368 name: C:\WINDOWS\system32\svchost.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 524 name: C:\Archivos de programa\SRS Labs\WOWHD and TSHD Driver\SRS_PostInstaller.exe owner: SYSTEM domain: NT AUTHORITY
PID: 108 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 616 name: C:\WINDOWS\system32\ctfmon.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 1368 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1376 name: C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTMon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1400 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3004 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3096 name: C:\WINDOWS\System32\alg.exe owner: SERVICIO LOCAL domain: NT AUTHORITY
PID: 3248 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3400 name: C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 3756 name: C:\WINDOWS\cfdrive32.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 3792 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1540 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4344 name: C:\WINDOWS\system32\wuauclt.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 5916 name: C:\Archivos de programa\Lavasoft\Ad-Aware\Ad-Aware.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD
PID: 2856 name: C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe owner: MARIA SOLEDAD domain: MARIASOLEDAD

Startup items:
Name: PostBootReminder
          imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
          imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
          imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
          imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
          imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: wuaucldt
          imagepath: c:\windows\system32\wuaucldt.exe
Name: Microsoft Driver Setup
          imagepath: C:\WINDOWS\cfdrive32.exe
Name: Microsoft Driver Setup
          imagepath: C:\WINDOWS\cfdrive32.exe
Name: CTFMON.EXE
          imagepath: C:\WINDOWS\system32\CTFMON.EXE
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
          imagepath: Precargador Browseui
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
          imagepath: Demonio de caché de las categorías de componente
Name: 
          imagepath: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\desktop.ini
Name: 
          imagepath: C:\WINDOWS\system32\config\systemprofile\Menú Inicio\Programas\Inicio\desktop.ini

Bootexecute items:
Name: 
          imagepath: autocheck autochk *
Name: 
          imagepath: lsdelete

Running services:
Name: ALG
          displayname: Servicio de puerta de enlace de capa de aplicación
Name: AudioSrv
          displayname: Audio de Windows
Name: Browser
          displayname: Examinador de equipos
Name: CryptSvc
          displayname: Servicios de cifrado
Name: DcomLaunch
          displayname: Iniciador de procesos de servidor DCOM
Name: Dhcp
          displayname: Cliente DHCP
Name: Dnscache
          displayname: Cliente DNS
Name: DvmMDES
          displayname: DeviceVM Meta Data Export Service
Name: ekrn
          displayname: ESET Service
Name: ERSvc
          displayname: Servicio de informe de errores
Name: Eventlog
          displayname: Registro de sucesos
Name: EventSystem
          displayname: Sistema de sucesos COM+
Name: FastUserSwitchingCompatibility
          displayname: Compatibilidad de cambio rápido de usuario
Name: helpsvc
          displayname: Ayuda y soporte técnico
Name: HTTPFilter
          displayname: HTTP SSL
Name: IAANTMON
          displayname: Intel(R) Matrix Storage Event Monitor
Name: LanmanServer
          displayname: Servidor
Name: lanmanworkstation
          displayname: Estación de trabajo
Name: Lavasoft Ad-Aware Service
          displayname: Lavasoft Ad-Aware Service
Name: LmHosts
          displayname: Ayuda de NetBIOS sobre TCP/IP
Name: Netman
          displayname: Conexiones de red
Name: Nla
          displayname: NLA (Network Location Awareness)
Name: PlugPlay
          displayname: Plug and Play
Name: PolicyAgent
          displayname: Servicios IPSEC
Name: ProtectedStorage
          displayname: Almacenamiento protegido
Name: RasMan
          displayname: Administrador de conexión de acceso remoto
Name: RpcSs
          displayname: Llamada a procedimiento remoto (RPC)
Name: SamSs
          displayname: Administrador de cuentas de seguridad
Name: Schedule
          displayname: Programador de tareas
Name: seclogon
          displayname: Inicio de sesión secundario
Name: SENS
          displayname: Notificación de sucesos del sistema
Name: SharedAccess
          displayname: Firewall de Windows/Conexión compartida a Internet (ICS)
Name: ShellHWDetection
          displayname: Detección de hardware shell
Name: Spooler
          displayname: Cola de impresión
Name: SRS_PostInstaller
          displayname: SRS PostInstaller Service
Name: SSDPSRV
          displayname: Servicio de descubrimientos SSDP
Name: stisvc
          displayname: Adquisición de imágenes de Windows (WIA)
Name: TapiSrv
          displayname: Telefonía
Name: TermService
          displayname: Servicios de Terminal Server
Name: Themes
          displayname: Temas
Name: TrkWks
          displayname: Cliente de seguimiento de vinculos distribuidos
Name: W32Time
          displayname: Horario de Windows
Name: WebClient
          displayname: Cliente Web
Name: winmgmt
          displayname: Instrumental de administración de Windows
Name: wscsvc
          displayname: Centro de seguridad
Name: wuauserv
          displayname: Actualizaciones automáticas
Name: WZCSVC
          displayname: Configuración inalámbrica rápida


----------



## johnb35 (Oct 17, 2010)

Please perform the following procedure.

Please download Malwarebytes' Anti-Malware from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

Please post the malwarebytes log along with a new hijackthis log.


----------

