thank you for the time, and now i was able to remove the old version of adobe and install the new one:). The pc is running normal without problems im going to post the combofix and kaspersky logs
here is the combofix log
ComboFix 10-10-16.04 - Alvaro Rodriguez 10/17/2010 15:00:27.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.532 [GMT -4:00]
Running from: c:\documents and settings\Alvaro Rodriguez\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alvaro Rodriguez\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
.
2010-10-15 22:44 . 2010-10-15 22:44 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-10-15 22:44 . 2010-10-15 22:44 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-10-15 22:44 . 2010-10-15 22:44 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-10-15 22:44 . 2010-10-15 22:44 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-10-15 22:44 . 2010-10-17 18:10 -------- d-----w- c:\windows\system32\drivers\Avg
2010-10-14 19:29 . 2010-10-14 19:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-14 19:29 . 2010-10-14 19:29 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-14 19:29 . 2010-10-14 19:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-14 01:28 . 2010-10-14 01:28 -------- d-----w- c:\documents and settings\Alvaro Rodriguez\Application Data\AVG10
2010-10-14 01:27 . 2010-10-14 01:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-14 01:24 . 2010-10-15 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-14 01:00 . 2010-10-14 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-13 22:45 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2010-10-13 22:45 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2010-10-13 21:42 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-13 21:42 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 21:42 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 21:41 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 01:42 . 2010-10-13 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-10-09 02:51 . 2010-10-09 02:51 388096 ----a-r- c:\documents and settings\Alvaro Rodriguez\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-09 00:15 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-09 00:15 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 19:51 . 2010-09-19 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\myitlab
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 04:58 . 2007-02-12 22:24 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2010-02-05 04:58 . 2007-02-12 22:24 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2010-02-05 04:58 . 2007-02-12 22:24 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2010-02-05 04:58 . 2007-02-12 22:24 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2010-02-05 04:58 . 2007-02-12 22:24 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"F.lux"="c:\documents and settings\Alvaro Rodriguez\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2002-01-28 885760]
"Lexmark X5100 Series"="c:\program files\Lexmark X5100 Series\lxbabmgr.exe" [2003-03-04 86100]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-16 2067808]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-24 24576]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-10-15 22:44 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2005-10-08 05:26 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Alvaro Rodriguez^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Alvaro Rodriguez\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2009-04-10 13:53 50520 ----a-w- c:\documents and settings\Alvaro Rodriguez\Application Data\mjusbsp\cdloader2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 22:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-10-06 23:03 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
2009-10-01 14:53 20480 ----a-w- c:\program files\Plaxo\3.23.0.11\plaxosystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-01-05 12:56 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\Alvaro Rodriguez\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59127:TCP"= 59127:TCP:Pando Media Booster
"59127:UDP"= 59127:UDP:Pando Media Booster
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/13/2009 7:35 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/15/2010 6:44 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/15/2010 6:44 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 8:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 74480]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/15/2010 6:44 PM 308136]
S2 gupdate1c9c156cfba95c;Google Update Service (gupdate1c9c156cfba95c);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2009 9:19 PM 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 7408]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [11/4/2008 1:46 PM 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [11/4/2008 1:46 PM 5248]
.
Contents of the 'Scheduled Tasks' folder
2010-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 01:19]
2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 01:19]
2010-10-17 c:\windows\Tasks\User_Feed_Synchronization-{D1457349-43D9-4B64-AE15-7CD73FB4A2FF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.dell.com/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
FF - ProfilePath - c:\documents and settings\Alvaro Rodriguez\Application Data\Mozilla\Firefox\Profiles\8xnlxn9h.default\
FF - prefs.js: browser.startup.homepage -
hxxp://en-us.start.mozilla.com/firefox? ... S:officialFF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1417996333-493728206-3967999953-1006\Software\SecuROM\License information*]
"datasecu"=hex:90,79,97,d3,de,fc,3c,38,08,8c,61,e8,62,e5,3e,b8,15,b4,2d,a5,a0,
87,7f,2e,12,cf,95,d1,eb,84,39,f8,13,a1,95,de,77,1b,c3,d8,75,0b,30,01,21,cb,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll
- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Lexmark X5100 Series\lxbabmon.exe
c:\windows\system32\dllhost.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-10-17 15:16:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-17 19:16
ComboFix2.txt 2010-10-14 02:31
ComboFix3.txt 2008-12-18 23:41
Pre-Run: 119,581,925,376 bytes free
Post-Run: 120,019,648,512 bytes free
- - End Of File - - 6636273E7322D422D8973C55B41D386C
Here is the kaspersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, October 17, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, October 17, 2010 08:51:57
Records in database: 4181029
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
I:\
J:\
Scan statistics:
Objects scanned: 83205
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:38:20
File name / Threat / Threats count
C:\Documents and Settings\Alvaro Rodriguez\Shared\lole senador.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
Selected area has been scanned.