[Solved] Control F Virus

[hedzabel]

Hi, I know this thread is old, but I'm running into the same problem as the OP.

I'm using a netbook, model ASUS EeePC 1005-HAB, operating on Windows XP. I already reset to the fabric settings using the system image hosted in a hidden partition, and the search window (puppy dog included) keeps popping. It stops after a while, though, then comes back... quite randomly.

 

I already ran the MBAM and the OTL as suggested.

MBAM removed one registry entry. Anyway, here are the reports. I just noticed the MBAM report is in Spanish, sorry.

 

Thanks in advance.

 

[ATTACH]1051.vB5-legacyid=1977[/ATTACH]

[ATTACH]1049.vB5-legacyid=1975[/ATTACH]

[ATTACH]1050.vB5-legacyid=1976[/ATTACH]

 

*** MBAM-log.txt***

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Versión de la Base de Datos: v2013.07.19.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

Rafael Villar Liñán :: EEE-RAFAEL [administrador]

19/07/2013 20:29:19

mbam-log-2013-07-19 (20-29-19).txt

Tipos de Análisis: Análisis Completo (C:\|)

Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opciones de análisis desactivados: P2P

Objetos examinados: 217459

Tiempo transcurrido: 16 minuto(s), 33 segundo(s)

Procesos en Memoria Detectados: 0

(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0

(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0

(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0

(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 1

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Malo: (1) Bueno: (0) -> En cuarentena y reparado con éxito.

Carpetas Detectadas: 0

(No se han detectado elementos maliciosos)

Archivos Detectados: 0

(No se han detectado elementos maliciosos)

fin)

 

*** END OF MBAM-log.txt ***

 

*** OTL.txt ***

 

OTL logfile created on: 19/07/2013 20:55:38 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rafael Villar Liñán\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C0A | Country: Spain | Language: ESN | Date Format: dd/MM/yyyy

 

1015,17 Mb Total Physical Memory | 699,54 Mb Available Physical Memory | 68,91% Memory free

2,38 Gb Paging File | 2,18 Gb Available in Paging File | 91,23% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144,12 Gb Total Space | 137,22 Gb Free Space | 95,21% Space Free | Partition Type: NTFS

 

Computer Name: EEE-RAFAEL | User Name: Rafael Villar Liñán | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Rafael Villar Liñán\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 

========== Modules (No Company Name) ==========

 

 

========== Services (SafeList) ==========

 

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

 

 

========== Driver Services (SafeList) ==========

 

DRV - (WDICA) -- File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (lbrtfdc) -- File not found

DRV - (i2omgmt) -- File not found

DRV - (Changer) -- File not found

DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found

DRV - (btwhid) -- system32\DRIVERS\btwhid.sys File not found

DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found

DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found

DRV - (btaudio) -- system32\drivers\btaudio.sys File not found

DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()

DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)

DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)

DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 

 

 

O1 HOSTS File: ([2008/04/14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEF44FE1-B6BC-4DDA-9A6C-1876EC7119F9}: DhcpNameServer = 80.58.61.250 80.58.61.254

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/04/28 07:03:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/07/20 01:15:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Microsoft

[2013/07/20 01:15:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\SendTo

[2013/07/20 01:15:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Recent

[2013/07/20 01:15:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data

[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Startup

[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu

[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents\My Pictures

[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents\My Music

[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents

[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Favorites

[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Accessories

[2013/07/20 01:15:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rafael Villar Liñán\Cookies

[2013/07/20 01:15:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Templates

[2013/07/20 01:15:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\PrintHood

[2013/07/20 01:15:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\NetHood

[2013/07/20 01:15:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings\Application Data\SRS Labs

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents\My Videos

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents\My Office

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents\My Ebooks

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings\Application Data\Microsoft Help

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings\Application Data\Microsoft

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\InstallShield

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Identities

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Desktop

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings\Application Data\ApplicationHistory

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings\Application Data\Adobe

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Adobe

[2013/07/19 20:53:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\OTL.exe

[2013/07/19 20:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Malwarebytes

[2013/07/19 20:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/07/19 20:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2013/07/19 20:27:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/07/19 20:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/07/19 20:27:08 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\mbam-setup-1.75.0.1300.exe

[2013/07/19 20:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Macromedia

[2013/07/19 19:26:48 | 000,000,000 | ---D | C] -- C:\rom

[2013/07/19 19:25:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/07/20 01:15:49 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/07/20 01:15:43 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\Windows Media Player.lnk

[2013/07/20 01:14:45 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2013/07/20 01:13:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2013/07/20 01:13:07 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF

[2013/07/19 20:53:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\OTL.exe

[2013/07/19 20:52:47 | 000,401,964 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/07/19 20:52:47 | 000,063,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/07/19 20:47:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/07/19 20:27:22 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\mbam-setup-1.75.0.1300.exe

[2013/07/19 19:32:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/07/20 01:15:43 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\Windows Media Player.lnk

[2013/07/20 01:15:31 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/07/20 01:15:31 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\Install Norton Internet Security.lnk

[2013/07/20 01:15:31 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2013/07/20 01:15:30 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Remote Assistance.lnk

[2013/07/20 01:15:30 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Internet Explorer.lnk

[2013/07/20 01:15:30 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Windows Media Player.lnk

[2013/07/20 01:15:30 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Outlook Express.lnk

 

========== ZeroAccess Check ==========

 

[2009/05/05 18:13:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/03 01:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2009/05/05 18:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wireless LAN Card

 

========== Purity Check ==========

 

 

< End of report >

 

 

 

*** END OF OTL.txt ***

 

*** EXTRAS.txt***

 

OTL Extras logfile created on: 19/07/2013 20:55:38 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rafael Villar Liñán\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C0A | Country: Spain | Language: ESN | Date Format: dd/MM/yyyy

 

1015,17 Mb Total Physical Memory | 699,54 Mb Available Physical Memory | 68,91% Memory free

2,38 Gb Paging File | 2,18 Gb Available in Paging File | 91,23% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144,12 Gb Total Space | 137,22 Gb Free Space | 95,21% Space Free | Partition Type: NTFS

 

Computer Name: EEE-RAFAEL | User Name: Rafael Villar Liñán | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery

"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer

"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6

"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid

"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail

"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety

"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack

"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1

"{B9BDA46B-2E17-4F43-9D7A-9B1E09A0A4D8}" = Data Sync

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials

"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Eee Docking_is1" = Eee Docking 1.3.1.0

"EeePC_1005HA" = EeePC_1005HA Screen Saver

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versión 1.75.0.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

< End of report >

 

*** END OF EXTRAS.txt ***

OTL.Txt

Extras.Txt

mbam-log-2013-07-19 (20-29-19).txt

[Armageddon]

Hi Hedzabel and welcome to ExTS I have moved your post to its own thread since the other thread was 2 years old , I will leave the rest to our security guys to go over your reports

 

http://extremetechsupport.com/threads/11772-Control-F-Virus?highlight=Control sorry guys this is where I moved it from

[hedzabel]

Thanks Armageddon,

I'm sure this way it's more visible, thus more likely to get solve.

[etavares]

Hello, hedzabel.

 

 

This often is hardware related. Are you using any keyboard/mouse or just the touchpad and laptop keyboard? If you open up a program, do random character get types, or just the search box opens up?

 

 

We'll do a virus scan to be safe. Nothing really showing in that log.

 

 

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  • Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
    

  [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

  [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.

  [*]Accept any security warnings from your browser.

  [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

  [*]Push the Start button.

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

  [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  [*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.

  [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

 

 

etavares

[hedzabel]

Hi etavares, and thanks for your time and help.

 

As suggested, I ran ESET OnlineScan and no threats were found, so there isn't a report to post here.

 

At this moment, I'm using only the laptop's touchpad and keyboard.

Following this thread , I ran the System File Checker last night, and the problem seems to have been minimized.

The search windows now only pop up several times at system startup, but if I type random keys they stop popping up and I'm able to close them all and keep on working normally. They have showed up a few other times, for instance, while typing this text, the IE "Find" box appeared insistently for a minute or so and I had to close it several times.

 

I know this feels quite random. And although now I'm able to work more or less normally, it's still bothering.

 

Thanks again,

hedzabel.

[etavares]

Does the search box pop up in safe mode?

 

-etavares

[hedzabel]

Yes, it also pops up in safe mode.

[KenB]

Hi

 

Does the search box open if you double click a folder ?

If so - this fix from Kelly should sort it for you.

 

click here

Line 18 > right side

 

or this one from Doug Knox

 

click here

[hedzabel]

Hi, KenB.

Thanks for your suggestion, but it does not appear when I double click.

I've been working all morning with it, and it hasn't popped up once. Not the windows search, nor the find box in chrome or IE.

At this moment, it only shows up at system startup.

 

Much obliged,

hedzabel.

[etavares]

Check your F3 button, is it stuck down? PUsh it a few times, make sure it works. It should open a search box in a program you're in...e.g. click your desktop background and press F3 and window search should pop up. Press it in Chrome and the search window at the top right opens, etc. Try that, then reboot.

 

-etavares

[hedzabel]

My search features activate with Ctrl+F, not F3. Ctrl+F works properly, but I just noticed that whatever shortcut I assign to F3, it won't work... I guess that pretty much sums it all, doesn't it?

[hedzabel]

I just tried plugging an USB keyboard and its F3 works perfectly. So I believe I just lost a key on my laptop's keyboard, and all the fuzz was my F3 key dying. Still popping up at startup, though.

[hedzabel]

Update:

I guess I spoke too early. Now that I'm reinstalling software, and plugging in hard drives... it's showing up again.

For instance, I plugged in an external hard drive. I wanted to change the assigned letter, so I went to My Computer-Right Click-Manage... and before the Managing Window... it showed up.

Or, I tried to expand the icons on the right bottom to unplug the drive... and it showed again. I'm now running the Antivirus again, now through the External HD as well.

[Plastic Nev]

Hi, it looks like a definite hardware problem with the laptop keyboard. When you plug in an external keyboard, it may not not isolate or turn off the laptop keyboard unfortunately, so any fault with the "F" key or any other key will still show up.

The only real cure is to have a replacement keyboard fitted to your laptop, or at the very least to disconnect the cable internally.

In both cases that would mean dismantling the laptop, not something we normally recommend due to the difficulties of doing so if not experienced in that sort of dismantling.

 

Nev.

[hedzabel]

Thanks, Plastic Nev.

I think I'll manage for now, since it's only one key and it's not as bothersome as it was when it started. I'll keep you posted if something else happened.

 

Thanks to everyone for their contribution,

hedzabel.

[etavares]

OK, sounds good. Thanks for the update.

 

-etavares

[hedzabel]

Hi, guys...

So sorry to bother you again.

The search feature is being annoying again, and I noticed this began when I plugged in an external hard drive, so I ran ESET Online Scanner through both my system drive (C: ) and the external HD, which is partitioned in three units (K:, L:, M: ).

It found up to 29 threats, and although it said it had treated them (deleted or quarantined), the problem has not been solved.

 

K:\Antonio Oct2010 (90gb)\D_Docs\BAJADOS INTERNET\NOD32.FiX.v2.1-nsane.exe Win32/RiskWare.HackAV.HT application cleaned by deleting - quarantined

K:\Antonio Oct2010 (90gb)\D_Docs\BAJADOS INTERNET\NOD32 Anti-Virus System Personal v.2.51.26 Multilenguaje + Crack NOD Fix v.2.1_DnGnMsTr.zip Win32/RiskWare.HackAV.HT application deleted - quarantined

K:\Antonio Oct2010 (90gb)\D_Docs\BAJADOS INTERNET\NOD32.Antivirus.v2.50.41.FR.(Version.Windows_XP_2000_2003_NT).Incl-Crack.par.eMule-Paradise.com.rar Win32/RiskWare.HackAV.AI application deleted - quarantined

K:\Toshiba D-Datos\INSTALADORES\Plug-ins Adobe After Effects CS3\Pendientes\Genarts Sapphire V2.041\Crack\sapphire_all_keygen1.1.exe probably a variant of Win32/TrojanDownloader.Obfuscated.HNRJNQU trojan cleaned by deleting - quarantined

M:\DATOS\datos portatil antiguo ahead disco duro\sistema\Documents and Settings\MLV\Escritorio\kgnis.exe probably a variant of Win32/TrojanDownloader.Agent.DWSAILB trojan cleaned by deleting - quarantined

M:\DATOS\datos portatil antiguo ahead disco duro\datos\Varios\Norton Internet Secutity 2005 spanish\Norton Internet Secutity 2005 spanish\Activacion norton2005\SYMANTEC.NORTON.INTERNET.SECURITY.2005.KEYGEN-TDA.exe probably a variant of Win32/TrojanDownloader.Agent.DWSAILB trojan cleaned by deleting - quarantined

M:\DATOS\datos portatil antiguo ahead disco duro\datos\Varios\Norton Internet Secutity 2005 spanish\Norton Internet Secutity 2005 spanish\kgnis.exe probably a variant of Win32/TrojanDownloader.Agent.DWSAILB trojan cleaned by deleting - quarantined

M:\DATOS\datos portatil antiguo ahead disco duro\datos\Norton Internet Secutity 2005 spanish\Activacion norton2005\SYMANTEC.NORTON.INTERNET.SECURITY.2005.KEYGEN-TDA.exe probably a variant of Win32/TrojanDownloader.Agent.DWSAILB trojan cleaned by deleting - quarantined

M:\DATOS\datos portatil antiguo ahead disco duro\datos\Norton Internet Secutity 2005 spanish\kgnis.exe probably a variant of Win32/TrojanDownloader.Agent.DWSAILB trojan cleaned by deleting - quarantined

K:\Antonio Oct2010 (90gb)\E_Antonio\TEMP USB\AE7 - Keygen\K2\ae7keygen.exe probably a variant of Win32/Agent.NEZOCKA trojan cleaned by deleting - quarantined

K:\Antonio Oct2010 (90gb)\E_Antonio\TEMP USB\AE7 - Keygen\K1\keygen.exe probably a variant of Win32/Agent.NEZOCKA trojan cleaned by deleting - quarantined

K:\Antonio Oct2010 (90gb)\E_Antonio\bajados\AAE7.0 KEYGEN\ae7keygen.exe probably a variant of Win32/Agent.NEZOCKA trojan cleaned by deleting - quarantined

K:\Antonio Oct2010 (90gb)\D_Docs\BAJADOS INTERNET\ADOBE_AFTER_EFFECTS_V7.0_PRO_KEYGEN_ONLY-XFORCE.rar probably a variant of Win32/Agent.NEZOCKA trojan deleted - quarantined

K:\Antonio Oct2010 (90gb)\D_Docs\BAJADOS INTERNET\Adobe After Effects 7 keygen.rar probably a variant of Win32/Agent.NEZOCKA trojan deleted - quarantined

K:\Toshiba D-Datos\INSTALADORES\Plug-ins Adobe After Effects CS3\Pendientes\Digital Film Tools\55 mm v7.0\DFT.Multikeygen.v1.2-SCOTCH\DigitalFilmTools.Multikeygen.v1.2.exe probably a variant of Win32/Agent.KTUZPFW trojan cleaned by deleting - quarantined

K:\Toshiba C-Sistema\PROGRAMAS\eMule\Incoming\Bajados\Adobe_ALL Cracks\Adobe_ALL\HAZE\FrameMaker 8 Keygen.exe probably a variant of Win32/Agent.IVTUTBQ trojan cleaned by deleting - quarantined

K:\Toshiba C-Sistema\Emule\Incoming\Bajados\Adobe_ALL Cracks\Adobe_ALL\HAZE\FrameMaker 8 Keygen.exe probably a variant of Win32/Agent.IVTUTBQ trojan cleaned by deleting - quarantined

K:\Toshiba D-Datos\INSTALADORES\Plug-ins Adobe After Effects CS3\Instalados\IcePattern V1.2 For Adobe After Effects\KeyGen\Panopticum.IcePattern.v1.2.for.AE.Keygen.exe probably a variant of Win32/Agent.IVMJJJP trojan cleaned by deleting - quarantined

K:\Toshiba D-Datos\INSTALADORES\Plug-ins Adobe After Effects CS3\Pendientes\Trapcode Starglow V1.0.3 For Adobe After Effects\KeyGen\Trapcode.Multikeygen.v1.3.exe probably a variant of Win32/Agent.HLERQNY trojan cleaned by deleting - quarantined

K:\Toshiba D-Datos\INSTALADORES\Plug-ins Adobe After Effects CS3\Instalados\fnord ProEXR V1.2 For Adobe After Effects\KeyGen\ProEXR.v1.2.for.Photoshop.Keygen.exe probably a variant of Win32/Agent.GUQOTFJ trojan cleaned by deleting - quarantined

K:\006. Instaladores\PARTICLE ILLUSION\Particle.Illusion\Plugins_for_Particle_Illusion\Plugins for Particle Illusion\illusionbench_1_1.zip probably a variant of Win32/Agent.DHRLGKM trojan deleted - quarantined

K:\006. Instaladores\PARTICLE ILLUSION\Wondertouch Particleillusion Particle Illusion v3.01A+PLUG.rar probably a variant of Win32/Agent.DHRLGKM trojan deleted - quarantined

K:\Toshiba C-Sistema\Documents and Settings\pdi\Datos de programa\Sun\Java\Deployment\cache\6.0\45\76ea242d-2a7b9fb1 multiple threats cleaned by deleting - quarantined

K:\Antonio Oct2010 (90gb)\D_Docs\BAJADOS INTERNET\english second language Total free.zip multiple threats deleted - quarantined

K:\Toshiba D-Datos\Juegos\Monkey\mono2\AUTORUN.INF INF/Autorun.gen worm cleaned by deleting - quarantined

K:\Toshiba D-Datos\Juegos\Monkey\Mono\AUTORUN.INF INF/Autorun.gen worm cleaned by deleting - quarantined

K:\Toshiba D-Datos\Juegos\Monkey.island.1.y.2.espa_ol.rar INF/Autorun.gen worm deleted - quarantined

L:\RECUDG2\recup_dir.33\f99018296.dll a variant of Win32/Kryptik.CD trojan cleaned by deleting - quarantined

C:\Documents and Settings\Rafael Villar Liñán\Local Settings\Temp\is1070216317\LollipopInstaller.exe a variant of Win32/Adware.Lollipop.L application cleaned by deleting - quarantined

 

 

Thanks again.

eset online scanner - System Disk and External HD - 20130725.txt

Edited July 25, 2013 by Starbuck

[etavares]

Hi,

 

None of those appears to be an active infection. However, it does appear you are using cracked software. That in and of itself is a MAJOR vector of infection (if you can't tell from all the detections of the cracks). I would counsel you to remove it all immediately. Try unplugging the drive and rebooting...is the search feature just as annoying? It does appear to be the hardware. We could disable the keyboard and use a USB keyboard to test it, but it's not trivial. If you want to proceed: 1) immediately remove all cracked software as it is a major vector of infections and 2) let me know you want to proceed.

 

-etavares

 

-etavares

[hedzabel]

Hi etavares, and thanks again for your time.

I will go back to the preinstalled version of Windows XP as soon as I manage to copy the little data I had already saved. The hardware hypothesis is getting stronger, for I ran a version of Linux from a USB drive and I had simillar problems.

 

I'm willing to try and disconnect my keyboard, my only fear is: the computer came with a preinstalled Windows XP that I can only restore (if needed) by pressing F9 while the system is booting (it's stored in a hidden partition). Likewise, BIOS and booting options are acceeded by pressing F2. Will I lose control over those features along the process or after it? Does the USB keyboard and its drivers come into play later in the booting process?

 

Thanks.

Hedzabel

[etavares]

Hi,

 

That all depends on the BIOS on the motherboard. I've had computers that recognized USB keyboard natively and some that needed windows to load first. A few thoughts. First, you can replace the keyboard on the laptop directly. It's not trivial, but it's not impossible. If you're methodical and careful, it's fairly straightforward. Second, you can always plug in the USB keyboard, reboot and attempt to enter BIOS. If you can...then it's recognizing the keyboard. If not, then it won't.

 

-etavares

[hedzabel]

Hi etavares,

I checked as you suggested and I was able to launch the BIOS Setup from the USB keyboard, so my laptop DOES recognize it while booting. Actually, there is an item in the BIOS menu that enables/disables "USB devices".

 

I will change my laptop keyboard as soon as one arrives. In the meantime, let's disable it. I'd rather do it via software than via hardware, but from your previous responses, it doesn't seem that I have a choice.

 

Thanks, hedzabel.

[etavares]

There is no good way to disable it via software. What kind of laptop is? (Manufacturer and Model) Have you tried to clean the keyboard? You can try and pull of the key and clean underneath, see if it looks OK. We can try to delete the keyboard driver, but we'd have to stop windows from automatically installing it...there's a solution Microsoft claims, but it's 50/50 at best in my experience.

 

-etavares

[hedzabel]

It's an (ASUS) EEE PC 1005 HAB.

I cleaned the keyboard to no avail. And if 50% are my best odds with the driver... let's do it via hardware.

I'm all ears.

 

Thanks, Hedzabel.

[etavares]

OK, first watch this video:

re you willing to do that work to replace the keyboard? If not, I'd recommend bringing it to the shop to replace it since this issue has appeared with Linux in addition to Windows. They're fairly cheap if you're willing to carefully replace it yourself:

http://www.amazon.com/Replacement-ASUS-1005HA-B-1005HAB-Keyboard/dp/B006W2MZSA

 

-etavares

[hedzabel]

Hi again,

So I followed the video tutorial and disconnected the keyboard. I turned on the laptop with a USB keyboard plugged in and have been working for a while now. The search feature hasn't popped up once, not even at system boot-up. I'll monitor it,though.

 

Thanks for everything.