HackTool App/Psexec-Gen and a Bullet Proof Software Spyware

[VansFannel]

Hello.

I have a Windows XP Pro SP3 with several problems:

* I cannot accede to http: // es.mcafee.com from Firefox or Internet Explorer.

* I cannot update the antivirus Mcafee. In addition, before its icon appears close to the clock on the task bar and now it does not appear.

* On having looked for something in google in the Firefox, some links open windows with porn and mobiles. In Internet Explorer it works well.

* The Firefox crushes when you sail with it (version 3.0.8).

* Emulate also crushes on having executed.

* Spyboot Search and destroy does not find anything.

* Mcafee has not found anything (one week ago had the virus of the double tilde that it could erease).

* SuperAntiSpyware does not find anything.

* Malwarebytes ' Anti-Malware does not find anything either.

* WebRoot finds a HackTool App/Psexec-Gen and a Bullet Proof Software Spyware but since I do not have a subscription cannot eliminate them.

I can't open Mcafee's page from the fail-safe mode with network's funtions.

HitJack log is this:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:50:35, on 02/04/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Archivos de programa\Webroot\WebrootSecurity\WRConsumerService .exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\Archivos de programa\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Archivos de programa\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe

C:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Archivos de programa\Webroot\WebrootSecurity\SpySweeper.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Archivos de programa\Creative\SBLive\AudioHQ\AHQTBU.EXE

C:\Archivos de programa\ASUS\AI Suite\AiNap\AiNap.exe

C:\Archivos de programa\Winamp\winampa.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Archivos de programa\Microsoft IntelliType Pro\itype.exe

C:\Archivos de programa\Microsoft IntelliPoint\ipoint.exe

C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe

C:\Archivos de programa\Webroot\WebrootSecurity\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Archivos de programa\Archivos comunes\Nero\Lib\NMBgMonitor.exe

C:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe

D:\Programas\Spyware\Spybot - Search & Destroy\TeaTimer.exe

C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe

C:\ARCHIV~1\MI3AA1~1\rapimgr.exe

C:\Archivos de programa\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe

C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\explorer.exe

C:\Archivos de programa\Mozilla Firefox\firefox.exe

C:\Archivos de programa\virus\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V

[miekiemoes]

Hi,

Please ignore Webroots detection - it's detecting a commandline tool which is used in many removal tools.

First of all, please update MalwareBytes.

• Start MalwareBytes and click the Update tab. There click "Check for updates"
  
• Once the updates are downloaded, perform a full scan again.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply along with a fresh HijackThis log, then we'll proceed from there with new steps.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[VansFannel]

I have solved the problem.

Thanks.

[miekiemoes]

Ok, so I assume that this thread can be closed as resolved?

What was the main cause of your problem?

[miekiemoes]

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.