Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

It appears task manager disabled by your administrator [RESOLVED]


  • This topic is locked This topic is locked

#1
newnoi

newnoi

    Member

  • Member
  • PipPip
  • 38 posts
After trying to install Tvants, it was not possible to open the task manager and the PC is slowing significantly.
i suspect that I got a virus, but i have a real time protection with Kaspersky 5.
Another problem is that at the start up appears "Windows can not find C:\Windows\scvhost.exe"
I scanned my PC with Kaspersky antivirus 5, and no virus detected.
I follow your instructions with ATF cleaner, system restore, and clean up.
I try to reboot into safe mode, but it start again the proces, so I continue with the normal mode, and the start up was correct
I scanned my PC with AVG anti-Spyware, it found 16 more or less dangerous problems , and I "Apply all actions" deleting them ,reports was empty
Yesterday I update all the windows, and I install the SP2
I reboot the PC and it looks a bit faster, but not good enought.
I install Hyjack this and these are the results:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:33, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) -
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://www.softonic....s/installer.cab
O16 - DPF: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) -
O16 - DPF: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) -
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFD2816B-ABE5-458C-A3A3-CC92458A0779}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F431FA0D-5FF3-4A77-BD1B-BA0553863A75}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8294 bytes

The uninstall list is:
Absolute Uninstaller 2.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
Adobe Shockwave Player
Advanced Spyware Remover Profession Edition
Apple Software Update
Ares 2.0.9
ATI - Utilidad de desinstalación de software
ATI Control Panel
ATI Display Driver
AVG Anti-Rootkit Free
AVG Anti-Spyware 7.5
BitTorrent 5.0.9
Broadcom 802.11 Control Panel
Broadcom 802.11 Driver
Compresor WinRAR
Conexant 56K ACLink Modem
eMule
EPSON SMART PANEL for Scanner
EPSON TWAIN 5
Google Desktop
Google Earth
Google Updater
Gran Diccionario Oxford
HijackThis 2.0.2
HP Wireless LAN
HTML-Kit
InCD
InCD EasyWrite Reader
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
Kaspersky Anti-Virus Personal
Macromedia Dreamweaver 8
Macromedia Extension Manager
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 2.0
Microsoft Office 2003 Proofing Tools
Microsoft Office Professional Edition 2003
MightyFax
Mozilla Firefox (2.0.0.11)
Mplayer
MSXML 4.0 SP2 (KB936181)
MultiMedia Spain Toolbar
Nero Media Player
Nero OEM
NeroVision Express 2
NeroVision Express 2 Content
Opera 9.23
Pando
Picasa 2
QuickTime
RealPlayer
Reproductor de Windows Media 10
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Skype™ 3.5
Software de impresora EPSON
SPAMfighter
StarOffice 8
Steganos Live Encryption Engine 15
Synaptics Pointing Device Driver
TuneUp Utilities 2007
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
XviD MPEG-4 Codec
Your Uninstaller! 2006 Version 5
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.




Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
newnoi

newnoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
thank you for your reply
I try to restart my computer in safe mode, but after appearing two pages full of addresses the screen is blank, and restart again the rebooting my PC.
I try to see my topic in the forum and there is no more there.
please help.
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Run DSS from Normal Mode then
  • 0

#5
newnoi

newnoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
According your instructions
the main.txta after executing dss is:
Deckard's System Scanner v20071014.68
Run by Joan Albert on 2008-02-13 19:00:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-02-13 18:00:14 UTC - RP482 - Deckard's System Scanner Restore Point
2: 2008-02-13 12:26:22 UTC - RP481 - Software Distribution Service 3.0
1: 2008-02-12 11:23:08 UTC - RP480 - punto restauracion


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Joan Albert.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:12, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Documents and Settings\Joan Albert\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Joan Albert.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) -
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://www.softonic....s/installer.cab
O16 - DPF: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) -
O16 - DPF: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) -
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFD2816B-ABE5-458C-A3A3-CC92458A0779}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F431FA0D-5FF3-4A77-BD1B-BA0553863A75}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7868 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Klmc - c:\windows\system32\drivers\klmc.sys <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus Personal>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.0.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3>
R3 Eplpdx02 - c:\windows\system32\drivers\eplpdx02.sys <Not Verified; MK Systems CO., LTD.; MK Systems LPT I/O Driver for Windows2000>

S1 runtime2 - c:\windows\system32\drivers\runtime2.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 EpsonBidirectionalService - c:\program files\common files\epson\ebapi\eebsvc.exe
R2 kavsvc - "c:\program files\kaspersky lab\kaspersky anti-virus personal\kavsvc.exe" <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus Personal>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-04 15:24:29 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-02-01 17:31:05 434 --a------ C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job
2008-02-01 17:25:53 416 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job


-- Files created between 2008-01-13 and 2008-02-13 -----------------------------

2008-02-12 17:49:36 0 d-------- C:\Program Files\Trend Micro
2008-02-12 13:35:29 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Grisoft
2008-02-12 13:35:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-10 23:16:35 0 d-------- C:\Program Files\MSXML 4.0
2008-02-09 22:55:00 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-02-09 22:52:56 0 d-------- C:\WINDOWS\Prefetch
2008-02-09 21:37:06 0 d-------- C:\WINDOWS\peernet
2008-02-09 21:37:02 0 d-------- C:\WINDOWS\provisioning
2008-02-09 21:30:02 0 d-------- C:\WINDOWS\ServicePackFiles
2008-02-09 21:06:04 0 d-------- C:\WINDOWS\EHome
2008-02-05 19:59:34 155648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-02-05 19:59:33 696320 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-05 19:56:35 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\iolo
2008-02-05 19:56:35 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-01-15 13:18:26 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-15 13:05:25 0 d-------- C:\Program Files\CONEXANT
2008-01-15 12:16:56 12288 --a------ C:\WINDOWS\system32\APFMON40.DLL <Not Verified; TurboPower Software Company; Async Professional>
2008-01-15 12:16:53 120832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL <Not Verified; TurboPower Software Company; Async Professional>
2008-01-15 12:16:35 0 d-------- C:\Program Files\Mightyfax


-- Find3M Report ---------------------------------------------------------------

2008-02-13 18:57:16 0 d-------- C:\Program Files\SPAMfighter
2008-02-12 19:42:41 0 d-------- C:\Program Files\eMule
2008-02-10 23:22:37 0 d-------- C:\Program Files\Messenger
2008-02-09 21:37:10 0 d-------- C:\Program Files\Movie Maker
2008-02-09 21:28:57 0 d-------- C:\Program Files\Windows NT
2008-02-06 12:37:07 0 d-------- C:\Program Files\iolo
2008-02-05 18:16:17 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Adobe
2008-02-05 17:44:45 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Sammsoft
2008-01-14 17:08:33 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Ahead
2008-01-05 19:35:32 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Real
2008-01-03 11:07:19 0 d-------- C:\Program Files\DivX
2007-12-31 12:20:59 0 d-------- C:\Program Files\Advanced Spyware Remover Pro
2007-12-30 19:16:49 0 d-------- C:\Program Files\Copy Utility
2007-12-30 19:16:48 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Azureus
2007-12-30 11:03:23 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-23 12:04:55 10068 --a------ C:\WINDOWS\system32\mspriv32.dll
2007-12-21 18:52:21 0 d-------- C:\Program Files\Your Uninstaller 2006
2007-12-21 12:26:45 0 d-------- C:\Program Files\Tencent
2007-12-20 20:14:43 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\ppStream
2007-12-20 20:10:55 0 d-------- C:\Program Files\Java
2007-12-20 19:04:17 0 d-------- C:\Program Files\BitTorrent
2007-12-18 20:45:29 0 d-------- C:\Program Files\Babylon
2007-12-18 17:14:55 0 d-------- C:\Program Files\Common Files
2007-12-17 12:50:29 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Apple Computer
2007-12-17 12:49:38 0 d-------- C:\Program Files\iTunes
2007-12-17 12:49:15 0 d-------- C:\Program Files\iPod
2007-12-17 12:46:52 0 d-------- C:\Program Files\QuickTime
2007-12-17 12:35:14 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [15/05/2004 21:00]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04/11/2004 18:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/11/2004 18:38]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [14/07/2003 22:57]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [14/07/2003 22:57]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [14/07/2003 22:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [18/08/2007 17:49]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [13/09/2007 13:14]
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [30/08/2005 13:51]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [10/10/2007 08:42]
"CARPService"="carpserv.exe" [21/05/2003 15:35 C:\WINDOWS\system32\carpserv.exe]
"@"="C:\WINDOWS\scvhost.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [19/06/2007 07:07]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [13/10/2004 17:24]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [09/02/2008 14:02]
"@"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
@=C:\WINDOWS\scvhost.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [22/10/1999 1:10:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe scvhost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\runtime2.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B023A0AE-AF02-A408-DE3D-E0E80A560005}]
C:\WINDOWS\scvhost.exe



-- End of Deckard's System Scanner: finished at 2008-02-13 19:02:39 ------------

the extra.txt is:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: mobile AMD Athlon™ XP2800+
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 446.48 MiB / 162.03 MiB
Pagefile Memory (total/avail): 1055.25 MiB / 767.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.66 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 32.23 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N060ATMR04-0 - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AV: Kaspersky Anti-Virus Personal v5.0.388 (Kaspersky Labs) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Joan Albert\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOAN-ALBERT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Joan Albert
LOGONSERVER=\\JOAN-ALBERT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JOANAL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JOANAL~1\LOCALS~1\Temp
USERDOMAIN=JOAN-ALBERT
USERNAME=Joan Albert
USERPROFILE=C:\Documents and Settings\Joan Albert
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Joan Albert (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Absolute Uninstaller 2.0 --> "C:\Program Files\Absolute Uninstaller\unins000.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced Spyware Remover Profession Edition --> "C:\Program Files\Advanced Spyware Remover Pro\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
ATI - Utilidad de desinstalación de software --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitTorrent 5.0.9 --> "C:\Program Files\BitTorrent\uninstall.exe"
Broadcom 802.11 Control Panel --> C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11_App\UninstallInfo
Broadcom 802.11 Driver --> C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Compresor WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Conexant 56K ACLink Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C\HXFSETUP.EXE -U -Ihpm08505.inf
eMule --> "C:\Program Files\eMule\Uninstall.exe"
EPSON SMART PANEL for Scanner --> C:\WINDOWS\unin040a.exe -f"c:\program files\DeIsL1.isu"
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" -l0xa UNINSTALL
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Gran Diccionario Oxford --> C:\Program Files\Gran Diccionario Oxford\Deinstalar.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Wireless LAN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E1D54D7-47EB-11D5-AE90-00D0590FFE27}\setup.exe" -l0xa
HTML-Kit --> "C:\Program Files\Chami\HTML-Kit\unins000.exe"
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Anti-Virus Personal --> "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\uninstall.exe"
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Microsoft Office 2003 Proofing Tools --> MsiExec.exe /I{901F0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110C0A-6000-11D3-8CFE-0150048383C9}
MightyFax --> C:\PROGRA~1\MIGHTY~1\UnMighty.EXE
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mplayer --> C:\Archivos de programa\MPlayer\uninstall.exe
MultiMedia Spain Toolbar --> C:\PROGRA~1\MULTIM~1\UNWISE.EXE C:\PROGRA~1\MULTIM~1\INSTALL.LOG
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NeroVision Express 2 Content --> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
Opera 9.23 --> MsiExec.exe /X{45A54FAD-AADB-4CD2-9E56-2507A15F013D}
Pando --> MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Software de impresora EPSON --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
SPAMfighter --> "C:\Program Files\SPAMfighter\uninstall.exe" Remove
StarOffice 8 --> MsiExec.exe /I{C33F44B9-C502-45CA-8DCD-C423D182996C}
Steganos Live Encryption Engine 15 --> C:\Program Files\Steganos Live Encryption Engine 15\uninstall.exe
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"
Your Uninstaller! 2006 Version 5 --> "C:\Program Files\Your Uninstaller 2006\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type36103 / Error
Event Submitted/Written: 02/13/2008 05:14:28 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module msvcrt.dll, version 7.0.2600.2180, fault address 0x00037a64.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type36102 / Error
Event Submitted/Written: 02/13/2008 05:14:19 PM
Event ID/Source: 1005 / Application Error
Event Description:
Windows cannot access the file C:\WINDOWS\Fonts\STLITI.TTF for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program STLITI.TTF because of this error.

Program: STLITI.TTF
File: C:\WINDOWS\Fonts\STLITI.TTF

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3

Event Record #/Type36096 / Error
Event Submitted/Written: 02/12/2008 07:45:24 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application emule.exe, version 0.48.0.8, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type36095 / Error
Event Submitted/Written: 02/12/2008 07:45:22 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application emule.exe, version 0.48.0.8, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type36068 / Error
Event Submitted/Written: 02/09/2008 10:49:40 PM
Event ID/Source: 2 / WLTRYSVC
Event Description:
SetServiceStatus() failed



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type80696 / Error
Event Submitted/Written: 02/13/2008 06:45:48 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type80694 / Error
Event Submitted/Written: 02/13/2008 05:14:17 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type80693 / Error
Event Submitted/Written: 02/13/2008 05:14:03 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Event Record #/Type80692 / Error
Event Submitted/Written: 02/13/2008 05:13:54 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type80691 / Error
Event Submitted/Written: 02/13/2008 05:13:47 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-02-13 19:02:39 ------------
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

* I notice that you have no firewall on your PC, this is extremely dangerous and leaves your PC open to vulnerabilities, so please download and install one of the following programs : ZoneAlarm, Comodo, or
Outpost
Make sure you only use one firewall though. A tutorial on understanding and using firewalls may be found here.



Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#7
newnoi

newnoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

HELLOW
I follow your instructions and the log.txt for combofix is:

ComboFix 08-02-14.2 - Joan Albert 2008-02-14 14:14:12.2 - NTFSx86
Running from: C:\Documents and Settings\Joan Albert\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-14 13:01 . 2008-02-14 13:01 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-02-14 12:56 . 2008-02-14 12:56 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-14 12:41 . 2008-02-14 14:09 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-02-13 18:59 . 2008-02-13 18:59 <DIR> d-------- C:\Deckard
2008-02-12 17:49 . 2008-02-12 17:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-12 13:35 . 2008-02-12 13:35 <DIR> d-------- C:\Documents and Settings\Joan Albert\Application Data\Grisoft
2008-02-12 13:35 . 2008-02-12 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 13:35 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-10 23:19 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-02-10 23:19 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-02-10 23:19 . 2006-08-21 13:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-02-10 23:16 . 2008-02-10 23:16 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-10 14:51 . 2007-07-09 14:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-02-09 21:40 . 2004-08-04 08:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-09 21:37 . 2008-02-09 21:37 <DIR> d-------- C:\WINDOWS\provisioning
2008-02-09 21:37 . 2008-02-09 21:37 <DIR> d-------- C:\WINDOWS\peernet
2008-02-09 21:30 . 2008-02-09 21:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-02-09 21:06 . 2008-02-09 21:06 <DIR> d-------- C:\WINDOWS\EHome
2008-02-05 20:10 . 2008-02-05 20:10 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-02-05 19:59 . 2006-03-28 08:54 696,320 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-05 19:59 . 2008-02-05 19:59 668,160 --a------ C:\WINDOWS\isRS-000.tmp
2008-02-05 19:59 . 2006-03-28 08:55 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-02-05 19:56 . 2008-02-05 20:10 <DIR> d-------- C:\Documents and Settings\Joan Albert\Application Data\iolo
2008-02-05 19:56 . 2008-02-06 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-02-05 19:00 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-15 16:44 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-01-15 16:44 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-01-15 16:44 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-01-15 16:44 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-01-15 13:18 . 2004-08-04 08:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2008-01-15 13:18 . 2004-08-04 08:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-01-15 13:18 . 2004-08-04 08:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2008-01-15 13:18 . 2004-03-30 02:48 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2008-01-15 13:18 . 2004-01-10 06:11 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-01-15 13:05 . 2008-01-15 13:05 <DIR> d-------- C:\Program Files\CONEXANT
2008-01-15 13:05 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-01-15 13:05 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-01-15 12:35 . 2005-10-20 23:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-01-15 12:16 . 2008-01-15 12:32 <DIR> d-------- C:\Program Files\Mightyfax
2008-01-15 12:16 . 2005-05-13 10:21 120,832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL
2008-01-15 12:16 . 2001-07-16 03:06 12,288 --a------ C:\WINDOWS\system32\APFMON40.DLL
2008-01-15 12:15 . 2008-01-15 12:32 92 --a------ C:\WINDOWS\mfpd.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 13:05 --------- d-----w C:\Program Files\SPAMfighter
2008-02-14 10:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-12 18:42 --------- d-----w C:\Program Files\eMule
2008-02-06 11:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-06 11:37 --------- d-----w C:\Program Files\iolo
2008-02-05 16:44 --------- d-----w C:\Documents and Settings\Joan Albert\Application Data\Sammsoft
2008-01-14 16:08 --------- d-----w C:\Documents and Settings\Joan Albert\Application Data\Ahead
2008-01-03 10:07 --------- d-----w C:\Program Files\DivX
2007-12-31 11:20 --------- d-----w C:\Program Files\Advanced Spyware Remover Pro
2007-12-30 18:16 --------- d-----w C:\Program Files\Copy Utility
2007-12-30 18:16 --------- d-----w C:\Documents and Settings\Joan Albert\Application Data\Azureus
2007-12-23 11:04 10,068 ----a-w C:\WINDOWS\system32\mspriv32.dll
2007-12-21 17:52 --------- d-----w C:\Program Files\Your Uninstaller 2006
2007-12-21 11:26 --------- d-----w C:\Program Files\Tencent
2007-12-20 19:14 --------- d-----w C:\Documents and Settings\Joan Albert\Application Data\ppStream
2007-12-20 19:10 --------- d-----w C:\Program Files\Java
2007-12-20 18:04 --------- d-----w C:\Program Files\BitTorrent
2007-12-18 19:45 --------- d-----w C:\Program Files\Babylon
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-17 11:50 --------- d-----w C:\Documents and Settings\Joan Albert\Application Data\Apple Computer
2007-12-17 11:49 --------- d-----w C:\Program Files\iTunes
2007-12-17 11:49 --------- d-----w C:\Program Files\iPod
2007-12-17 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-17 11:46 --------- d-----w C:\Program Files\QuickTime
2007-12-17 11:35 --------- d-----w C:\Program Files\Apple Software Update
2007-12-17 11:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-08 22:46 762 ----a-w C:\Program Files\SmaPanel.ini
2007-11-08 18:36 2,731 ----a-w C:\Program Files\ns_scan.ini
2007-11-08 18:09 43,028 ----a-w C:\Program Files\DeIsL1.isu
2000-05-31 16:41 180,224 ----a-w C:\Program Files\espmain.exe
2000-05-30 13:05 6,432 ----a-w C:\Program Files\readme.txt
2000-05-26 11:17 91,648 ----a-w C:\Program Files\pmappui1.dll
2000-05-26 11:02 228,864 ----a-w C:\Program Files\email.exe
2000-05-26 10:49 241,664 ----a-w C:\Program Files\app.exe
2000-05-26 10:46 116,224 ----a-w C:\Program Files\pmtoapp.dll
2000-05-26 10:44 107,520 ----a-w C:\Program Files\pmappui.dll
2000-05-26 10:23 569,856 ----a-w C:\Program Files\SASM.dll
2000-05-26 10:21 139,264 ----a-w C:\Program Files\SAtwain.dll
2000-05-26 10:12 200,192 ----a-w C:\Program Files\creativity.exe
2000-05-26 10:06 297,984 ----a-w C:\Program Files\ocr.exe
2000-05-26 10:01 115,200 ----a-w C:\Program Files\pmtoapp2.dll
2000-05-26 09:59 95,232 ----a-w C:\Program Files\pmappui2.dll
2000-05-22 17:05 345,088 ----a-w C:\Program Files\Myocr.dll
2000-05-19 09:26 221,816 ----a-w C:\Program Files\ESPMAIN.HLP
2000-05-19 09:25 37,243 ----a-w C:\Program Files\APP.HLP
2000-05-19 09:25 37,239 ----a-w C:\Program Files\EMAIL.HLP
2000-05-19 09:25 37,175 ----a-w C:\Program Files\CREATIVITY.HLP
2000-05-19 09:25 36,986 ----a-w C:\Program Files\OCR.HLP
2000-05-19 09:22 1,324,299 ----a-w C:\Program Files\SmaPanel.pdf
2000-05-18 18:17 77,824 ----a-w C:\Program Files\imgview.exe
2000-05-16 18:04 60,416 ----a-w C:\Program Files\PmToApp1.dll
2000-05-04 12:37 2,246 ----a-w C:\Program Files\ESPMAIN.cnt
2000-04-26 16:01 23,552 ----a-w C:\Program Files\UNREG_SP.EXE
2000-04-26 16:01 23,552 ----a-w C:\Program Files\REG_SP.EXE
2000-04-26 15:40 25,600 ----a-w C:\Program Files\RAUninst.exe
2000-04-10 10:44 99 ----a-w C:\Program Files\OCR.INI
2000-03-29 20:26 28 ----a-w C:\Program Files\Email.ini
2000-03-24 11:19 262 ----a-w C:\Program Files\splash.ini
2000-03-10 08:43 144 ----a-w C:\Program Files\Register.ini
2000-01-16 07:40 231 ----a-w C:\Program Files\Pmtoapp1.ini
1999-12-31 09:25 228 ----a-w C:\Program Files\PMTOAPP.INI
1999-11-19 09:28 48,128 ----a-w C:\Program Files\PMFormat.dll
1999-11-11 20:00 123,392 ----a-w C:\Program Files\PDLaunch.exe
1999-11-05 15:44 228 ----a-w C:\Program Files\Pmtoapp2.ini
1999-11-05 15:20 65,024 ----a-w C:\Program Files\PMAppU2.dll
1999-10-28 15:49 6,935 ----a-w C:\Program Files\PMAPPUI.INI
1999-10-28 14:58 65,536 ----a-w C:\Program Files\WFXI.DLL
1999-10-21 15:22 61 ----a-w C:\Program Files\FIOALL.INI
1999-10-08 14:35 617,984 ----a-w C:\Program Files\PCCRSDK.DLL
1999-08-31 09:27 309,248 ----a-w C:\Program Files\FineOCREngine.dll
1999-08-04 13:25 323 ----a-w C:\Program Files\app.cnt
1999-08-04 11:51 266 ----a-w C:\Program Files\ocr.cnt
1999-08-04 11:50 307 ----a-w C:\Program Files\email.cnt
1999-08-04 11:50 262 ----a-w C:\Program Files\creativity.cnt
1999-07-28 18:02 202,752 ----a-w C:\Program Files\IsmDll.dll
1999-07-26 10:21 92,160 ----a-w C:\Program Files\PMVLink.dll
1999-07-26 10:21 62,464 ----a-w C:\Program Files\Fiobmp32.dll
1999-07-26 10:21 61,440 ----a-w C:\Program Files\FIOPSD32.DLL
1999-07-26 10:21 36,864 ----a-w C:\Program Files\FIOPCT32.DLL
1999-07-26 10:21 333,824 ----a-w C:\Program Files\NSFPX.DLL
1999-07-26 10:21 33,280 ----a-w C:\Program Files\PMExeBud.dll
1999-07-26 10:21 270,848 ----a-w C:\Program Files\Fioall.dll
1999-07-26 10:21 260,608 ----a-w C:\Program Files\Fine32.dll
1999-07-26 10:21 188,928 ----a-w C:\Program Files\UCIJPG32.DLL
1999-07-26 10:21 179,200 ----a-w C:\Program Files\UCIG3432.DLL
1999-07-26 10:21 168,448 ----a-w C:\Program Files\FIOPNG32.DLL
1999-07-26 10:21 165,376 ----a-w C:\Program Files\Fiotif32.dll
1999-07-26 10:21 138,752 ----a-w C:\Program Files\Fiotga32.dll
1999-07-26 10:21 135,680 ----a-w C:\Program Files\Fiojpg32.dll
1999-07-26 10:21 130,560 ----a-w C:\Program Files\FIOPCD32.DLL
1999-07-26 10:21 130,560 ----a-w C:\Program Files\FIOEXT32.DLL
1999-07-26 10:21 121,856 ----a-w C:\Program Files\Jpeglib.dll
1999-07-26 10:21 112,128 ----a-w C:\Program Files\Fiopcx32.dll
1999-07-26 10:21 103,936 ----a-w C:\Program Files\FIOALL32.DLL
1999-07-26 10:21 10,752 ----a-w C:\Program Files\PMMKView.dll
1999-07-26 10:16 9,936 ----a-w C:\Program Files\LZEXPAND.DLX
1999-07-26 10:16 37 ----a-w C:\Program Files\FINEDLL.INI
2006-12-24 18:11 56 --sh--r C:\WINDOWS\system32\FF87239749.sys
2006-12-24 18:11 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-12-24 13:02 100,384 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2006-12-24 13:02 6,944 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-14 13:01 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-02-14 13:01 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 07:07 68856]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 17:24 1694208]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-02-09 14:02 6051144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:00 335872]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38 688218]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 22:57 13368]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2003-07-14 22:57 63040]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2003-07-14 22:57 95296]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-18 17:49 1836544]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-13 13:14 185632]
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [2005-08-30 13:51 139367]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-10 08:42 308368]
"CARPService"="carpserv.exe" [2003-05-21 15:35 4608 C:\WINDOWS\system32\carpserv.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"@"="C:\WINDOWS\scvhost.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [1999-10-22 01:10:00 131584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2007-09-08 00:01 43008 C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2004-07-12 13:36 1409136 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a------ 2008-02-09 14:02 6051144 C:\Program Files\Pando Networks\Pando\Pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-06 11:43 23165736 C:\Program Files\Skype\Phone\Skype.exe

R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2005-08-30 13:52]
R1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];C:\WINDOWS\System32\drivers\Sleen15.sys [2007-02-21 13:33]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-10 08:43]
R2 UxTuneUp;Ampliación del diseño de TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:56]
R3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 13:12]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B023A0AE-AF02-A408-DE3D-E0E80A560005}]
C:\WINDOWS\scvhost.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 16:25:53 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-02-04 14:24:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-01 16:31:05 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 14:19:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 2481

**************************************************************************
.
Completion time: 2008-02-14 14:21:54
ComboFix-quarantined-files.txt 2008-02-14 13:21:40
ComboFix2.txt 2008-02-14 12:44:37
.
2008-02-13 12:36:57 --- E O F ---

The Hijackthis.log is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:32, on 14/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) -
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://www.softonic....s/installer.cab
O16 - DPF: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) -
O16 - DPF: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) -
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFD2816B-ABE5-458C-A3A3-CC92458A0779}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F431FA0D-5FF3-4A77-BD1B-BA0553863A75}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8018 bytes

After all that I can get the task manager with ctrl+alt+del, but the first web that I try to open is a lot slower than the next ones.
What can I do for cleaning my PC, and getting performance like when I bought it?
Waiting your comments.
Best regards
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\scvhost.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"@"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B023A0AE-AF02-A408-DE3D-E0E80A560005}]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

  • 0

#9
newnoi

newnoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hello
following your instrucions I got the following log:

ComboFix 08-02-14.2 - Joan Albert 2008-02-14 16:46:33.3 - NTFSx86
Running from: C:\Documents and Settings\Joan Albert\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joan Albert\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\scvhost.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-14 13:01 . 2008-02-14 13:01 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-02-14 12:56 . 2008-02-14 12:56 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-14 12:41 . 2008-02-14 16:43 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-02-13 18:59 . 2008-02-13 18:59 <DIR> d-------- C:\Deckard
2008-02-12 17:49 . 2008-02-12 17:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-12 13:35 . 2008-02-12 13:35 <DIR> d-------- C:\Documents and Settings\Joan Albert\Application Data\Grisoft
2008-02-12 13:35 . 2008-02-12 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 13:35 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-10 23:19 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-02-10 23:19 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-02-10 23:19 . 2006-08-21 13:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-02-10 23:16 . 2008-02-10 23:16 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-10 14:51 . 2007-07-09 14:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-02-09 21:40 . 2004-08-04 08:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-09 21:37 . 2008-02-09 21:37 <DIR> d-------- C:\WINDOWS\provisioning
2008-02-09 21:37 . 2008-02-09 21:37 <DIR> d-------- C:\WINDOWS\peernet
2008-02-09 21:30 . 2008-02-09 21:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-02-09 21:06 . 2008-02-09 21:06 <DIR> d-------- C:\WINDOWS\EHome
2008-02-05 20:10 . 2008-02-05 20:10 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-02-05 19:59 . 2006-03-28 08:54 696,320 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-05 19:59 . 2008-02-05 19:59 668,160 --a------ C:\WINDOWS\isRS-000.tmp
2008-02-05 19:59 . 2006-03-28 08:55 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-02-05 19:56 . 2008-02-05 20:10 <DIR> d-------- C:\Documents and Settings\Joan Albert\Application Data\iolo
2008-02-05 19:56 . 2008-02-06 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-02-05 19:00 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-15 16:44 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-01-15 16:44 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-01-15 16:44 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-01-15 16:44 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-01-15 13:18 . 2004-08-04 08:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2008-01-15 13:18 . 2004-08-04 08:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-01-15 13:18 . 2004-08-04 08:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2008-01-15 13:18 . 2004-03-30 02:48 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2008-01-15 13:18 . 2004-01-10 06:11 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-01-15 13:05 . 2008-01-15 13:05 <DIR> d-------- C:\Program Files\CONEXANT
2008-01-15 13:05 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-01-15 13:05 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-01-15 12:35 . 2005-10-20 23:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-01-15 12:16 . 2008-01-15 12:32 <DIR> d-------- C:\Program Files\Mightyfax
2008-01-15 12:16 . 2005-05-13 10:21 120,832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL
2008-01-15 12:16 . 2001-07-16 03:06 12,288 --a------ C:\WINDOWS\system32\APFMON40.DLL
2008-01-15 12:15 . 2008-01-15 12:32 92 --a------ C:\WINDOWS\mfpd.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 15:34 --------- d-----w C:\Program Files\SPAMfighter
2008-02-14 10:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-12 18:42 --------- d-----w C:\Program Files\eMule
2008-02-06 11:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-06 11:37 --------- d-----w C:\Program Files\iolo
2008-02-05 16:44 --------- d-----w C:\Documents and Settings\Joan Albert\Application Data\Sammsoft
2008-01-14 16:08 --------- d-----w C:\Documents and Settings\Joan Albert\Application Data\Ahead
2008-01-03 10:07 --------- d-----w C:\Program Files\DivX
2007-12-31 11:20 --------- d-----w C:\Program Files\Advanced Spyware Remover Pro
2007-12-30 18:16 --------- d-----w C:\Program Files\Copy Utility
2007-12-30 18:16 --------- d-----w C:\Documents and Settings\Joan Albert\Application Data\Azureus
2007-12-23 11:04 10,068 ----a-w C:\WINDOWS\system32\mspriv32.dll
2007-12-21 17:52 --------- d-----w C:\Program Files\Your Uninstaller 2006
2007-12-21 11:26 --------- d-----w C:\Program Files\Tencent
2007-12-20 19:14 --------- d-----w C:\Documents and Settings\Joan Albert\Application Data\ppStream
2007-12-20 19:10 --------- d-----w C:\Program Files\Java
2007-12-20 18:04 --------- d-----w C:\Program Files\BitTorrent
2007-12-18 19:45 --------- d-----w C:\Program Files\Babylon
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-17 11:50 --------- d-----w C:\Documents and Settings\Joan Albert\Application Data\Apple Computer
2007-12-17 11:49 --------- d-----w C:\Program Files\iTunes
2007-12-17 11:49 --------- d-----w C:\Program Files\iPod
2007-12-17 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-17 11:46 --------- d-----w C:\Program Files\QuickTime
2007-12-17 11:35 --------- d-----w C:\Program Files\Apple Software Update
2007-12-17 11:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-08 22:46 762 ----a-w C:\Program Files\SmaPanel.ini
2007-11-08 18:36 2,731 ----a-w C:\Program Files\ns_scan.ini
2007-11-08 18:09 43,028 ----a-w C:\Program Files\DeIsL1.isu
2000-05-31 16:41 180,224 ----a-w C:\Program Files\espmain.exe
2000-05-30 13:05 6,432 ----a-w C:\Program Files\readme.txt
2000-05-26 11:17 91,648 ----a-w C:\Program Files\pmappui1.dll
2000-05-26 11:02 228,864 ----a-w C:\Program Files\email.exe
2000-05-26 10:49 241,664 ----a-w C:\Program Files\app.exe
2000-05-26 10:46 116,224 ----a-w C:\Program Files\pmtoapp.dll
2000-05-26 10:44 107,520 ----a-w C:\Program Files\pmappui.dll
2000-05-26 10:23 569,856 ----a-w C:\Program Files\SASM.dll
2000-05-26 10:21 139,264 ----a-w C:\Program Files\SAtwain.dll
2000-05-26 10:12 200,192 ----a-w C:\Program Files\creativity.exe
2000-05-26 10:06 297,984 ----a-w C:\Program Files\ocr.exe
2000-05-26 10:01 115,200 ----a-w C:\Program Files\pmtoapp2.dll
2000-05-26 09:59 95,232 ----a-w C:\Program Files\pmappui2.dll
2000-05-22 17:05 345,088 ----a-w C:\Program Files\Myocr.dll
2000-05-19 09:26 221,816 ----a-w C:\Program Files\ESPMAIN.HLP
2000-05-19 09:25 37,243 ----a-w C:\Program Files\APP.HLP
2000-05-19 09:25 37,239 ----a-w C:\Program Files\EMAIL.HLP
2000-05-19 09:25 37,175 ----a-w C:\Program Files\CREATIVITY.HLP
2000-05-19 09:25 36,986 ----a-w C:\Program Files\OCR.HLP
2000-05-19 09:22 1,324,299 ----a-w C:\Program Files\SmaPanel.pdf
2000-05-18 18:17 77,824 ----a-w C:\Program Files\imgview.exe
2000-05-16 18:04 60,416 ----a-w C:\Program Files\PmToApp1.dll
2000-05-04 12:37 2,246 ----a-w C:\Program Files\ESPMAIN.cnt
2000-04-26 16:01 23,552 ----a-w C:\Program Files\UNREG_SP.EXE
2000-04-26 16:01 23,552 ----a-w C:\Program Files\REG_SP.EXE
2000-04-26 15:40 25,600 ----a-w C:\Program Files\RAUninst.exe
2000-04-10 10:44 99 ----a-w C:\Program Files\OCR.INI
2000-03-29 20:26 28 ----a-w C:\Program Files\Email.ini
2000-03-24 11:19 262 ----a-w C:\Program Files\splash.ini
2000-03-10 08:43 144 ----a-w C:\Program Files\Register.ini
2000-01-16 07:40 231 ----a-w C:\Program Files\Pmtoapp1.ini
1999-12-31 09:25 228 ----a-w C:\Program Files\PMTOAPP.INI
1999-11-19 09:28 48,128 ----a-w C:\Program Files\PMFormat.dll
1999-11-11 20:00 123,392 ----a-w C:\Program Files\PDLaunch.exe
1999-11-05 15:44 228 ----a-w C:\Program Files\Pmtoapp2.ini
1999-11-05 15:20 65,024 ----a-w C:\Program Files\PMAppU2.dll
1999-10-28 15:49 6,935 ----a-w C:\Program Files\PMAPPUI.INI
1999-10-28 14:58 65,536 ----a-w C:\Program Files\WFXI.DLL
1999-10-21 15:22 61 ----a-w C:\Program Files\FIOALL.INI
1999-10-08 14:35 617,984 ----a-w C:\Program Files\PCCRSDK.DLL
1999-08-31 09:27 309,248 ----a-w C:\Program Files\FineOCREngine.dll
1999-08-04 13:25 323 ----a-w C:\Program Files\app.cnt
1999-08-04 11:51 266 ----a-w C:\Program Files\ocr.cnt
1999-08-04 11:50 307 ----a-w C:\Program Files\email.cnt
1999-08-04 11:50 262 ----a-w C:\Program Files\creativity.cnt
1999-07-28 18:02 202,752 ----a-w C:\Program Files\IsmDll.dll
1999-07-26 10:21 92,160 ----a-w C:\Program Files\PMVLink.dll
1999-07-26 10:21 62,464 ----a-w C:\Program Files\Fiobmp32.dll
1999-07-26 10:21 61,440 ----a-w C:\Program Files\FIOPSD32.DLL
1999-07-26 10:21 36,864 ----a-w C:\Program Files\FIOPCT32.DLL
1999-07-26 10:21 333,824 ----a-w C:\Program Files\NSFPX.DLL
1999-07-26 10:21 33,280 ----a-w C:\Program Files\PMExeBud.dll
1999-07-26 10:21 270,848 ----a-w C:\Program Files\Fioall.dll
1999-07-26 10:21 260,608 ----a-w C:\Program Files\Fine32.dll
1999-07-26 10:21 188,928 ----a-w C:\Program Files\UCIJPG32.DLL
1999-07-26 10:21 179,200 ----a-w C:\Program Files\UCIG3432.DLL
1999-07-26 10:21 168,448 ----a-w C:\Program Files\FIOPNG32.DLL
1999-07-26 10:21 165,376 ----a-w C:\Program Files\Fiotif32.dll
1999-07-26 10:21 138,752 ----a-w C:\Program Files\Fiotga32.dll
1999-07-26 10:21 135,680 ----a-w C:\Program Files\Fiojpg32.dll
1999-07-26 10:21 130,560 ----a-w C:\Program Files\FIOPCD32.DLL
1999-07-26 10:21 130,560 ----a-w C:\Program Files\FIOEXT32.DLL
1999-07-26 10:21 121,856 ----a-w C:\Program Files\Jpeglib.dll
1999-07-26 10:21 112,128 ----a-w C:\Program Files\Fiopcx32.dll
1999-07-26 10:21 103,936 ----a-w C:\Program Files\FIOALL32.DLL
1999-07-26 10:21 10,752 ----a-w C:\Program Files\PMMKView.dll
1999-07-26 10:16 9,936 ----a-w C:\Program Files\LZEXPAND.DLX
1999-07-26 10:16 37 ----a-w C:\Program Files\FINEDLL.INI
2006-12-24 18:11 56 --sh--r C:\WINDOWS\system32\FF87239749.sys
2006-12-24 18:11 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-12-24 13:02 100,384 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2006-12-24 13:02 6,944 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-14 13:01 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-02-14 13:01 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 07:07 68856]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 17:24 1694208]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-02-09 14:02 6051144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:00 335872]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38 688218]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 22:57 13368]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2003-07-14 22:57 63040]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2003-07-14 22:57 95296]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-18 17:49 1836544]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-13 13:14 185632]
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [2005-08-30 13:51 139367]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-10 08:42 308368]
"CARPService"="carpserv.exe" [2003-05-21 15:35 4608 C:\WINDOWS\system32\carpserv.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"@"="C:\WINDOWS\scvhost.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [1999-10-22 01:10:00 131584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2007-09-08 00:01 43008 C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2004-07-12 13:36 1409136 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a------ 2008-02-09 14:02 6051144 C:\Program Files\Pando Networks\Pando\Pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-06 11:43 23165736 C:\Program Files\Skype\Phone\Skype.exe

R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2005-08-30 13:52]
R1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];C:\WINDOWS\System32\drivers\Sleen15.sys [2007-02-21 13:33]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-10 08:43]
R2 UxTuneUp;Ampliación del diseño de TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:56]
R3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 13:12]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 16:25:53 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-02-04 14:24:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-01 16:31:05 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 16:53:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-02-14 16:58:07
ComboFix-quarantined-files.txt 2008-02-14 15:57:03
ComboFix2.txt 2008-02-14 13:21:55
ComboFix3.txt 2008-02-14 12:44:37
.
2008-02-13 12:36:57 --- E O F ---

Waiting your instructions to improve the time to get the home screen of google when I open my IE6.
When later I put a new web address it works fine
Thank you for your help
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"@"=-


Then double click on the fix.reg file, when it prompts to merge click "Yes".



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also post a new HijackThis log
  • 0

Advertisements


#11
newnoi

newnoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
The log fil after the scan with MBAM is:
Malwarebytes' Anti-Malware 1.03
Database version: 359

Scan type: Quick Scan
Objects scanned: 23043
Time elapsed: 26 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\XPRepairPro2007 (Rogue.XPRepairPro2007) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Joan Albert\Application Data\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

The HIJACKTHIS log is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:01, on 14/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) -
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://www.softonic....s/installer.cab
O16 - DPF: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) -
O16 - DPF: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) -
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFD2816B-ABE5-458C-A3A3-CC92458A0779}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F431FA0D-5FF3-4A77-BD1B-BA0553863A75}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8105 bytes

Waiting your comments
best regards
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post a new DSS log, thats what we did at the start
  • 0

#13
newnoi

newnoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
After runing the DSS the main.txt is:
Deckard's System Scanner v20071014.68
Run by Joan Albert on 2008-02-14 19:39:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Joan Albert.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:24, on 14/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joan Albert\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOANAL~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) -
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://www.softonic....s/installer.cab
O16 - DPF: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) -
O16 - DPF: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) -
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFD2816B-ABE5-458C-A3A3-CC92458A0779}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F431FA0D-5FF3-4A77-BD1B-BA0553863A75}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8028 bytes

-- Files created between 2008-01-14 and 2008-02-14 -----------------------------

2008-02-14 18:09:28 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Malwarebytes
2008-02-14 18:09:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-14 18:09:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-14 13:21:35 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-14 13:21:35 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-14 13:21:35 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-14 13:21:35 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-14 13:01:19 0 d-------- C:\Program Files\ZoneAlarmSB
2008-02-14 12:56:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-14 12:56:05 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-14 12:41:18 0 d-------- C:\WINDOWS\Internet Logs
2008-02-12 17:49:36 0 d-------- C:\Program Files\Trend Micro
2008-02-12 13:35:29 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Grisoft
2008-02-12 13:35:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-10 23:16:35 0 d-------- C:\Program Files\MSXML 4.0
2008-02-09 22:55:00 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-02-09 22:52:56 0 d-------- C:\WINDOWS\Prefetch
2008-02-09 21:37:06 0 d-------- C:\WINDOWS\peernet
2008-02-09 21:37:02 0 d-------- C:\WINDOWS\provisioning
2008-02-09 21:30:02 0 d-------- C:\WINDOWS\ServicePackFiles
2008-02-09 21:06:04 0 d-------- C:\WINDOWS\EHome
2008-02-05 19:59:34 155648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-02-05 19:59:33 696320 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-05 19:56:35 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\iolo
2008-02-05 19:56:35 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-01-15 13:18:26 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-15 13:05:25 0 d-------- C:\Program Files\CONEXANT
2008-01-15 12:16:56 12288 --a------ C:\WINDOWS\system32\APFMON40.DLL <Not Verified; TurboPower Software Company; Async Professional>
2008-01-15 12:16:53 120832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL <Not Verified; TurboPower Software Company; Async Professional>
2008-01-15 12:16:35 0 d-------- C:\Program Files\Mightyfax


-- Find3M Report ---------------------------------------------------------------

2008-02-14 19:36:12 0 d-------- C:\Program Files\SPAMfighter
2008-02-14 18:39:51 0 d-------- C:\Program Files\Common Files
2008-02-12 19:42:41 0 d-------- C:\Program Files\eMule
2008-02-10 23:22:37 0 d-------- C:\Program Files\Messenger
2008-02-09 21:37:10 0 d-------- C:\Program Files\Movie Maker
2008-02-09 21:28:57 0 d-------- C:\Program Files\Windows NT
2008-02-06 12:37:07 0 d-------- C:\Program Files\iolo
2008-02-05 18:16:17 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Adobe
2008-01-14 17:08:33 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Ahead
2008-01-05 19:35:32 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Real
2008-01-03 11:07:19 0 d-------- C:\Program Files\DivX
2007-12-31 12:20:59 0 d-------- C:\Program Files\Advanced Spyware Remover Pro
2007-12-30 19:16:49 0 d-------- C:\Program Files\Copy Utility
2007-12-30 19:16:48 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Azureus
2007-12-30 11:03:23 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-23 12:04:55 10068 --a------ C:\WINDOWS\system32\mspriv32.dll
2007-12-21 18:52:21 0 d-------- C:\Program Files\Your Uninstaller 2006
2007-12-21 12:26:45 0 d-------- C:\Program Files\Tencent
2007-12-20 20:14:43 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\ppStream
2007-12-20 20:10:55 0 d-------- C:\Program Files\Java
2007-12-20 19:04:17 0 d-------- C:\Program Files\BitTorrent
2007-12-18 20:45:29 0 d-------- C:\Program Files\Babylon
2007-12-17 12:50:29 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Apple Computer
2007-12-17 12:49:38 0 d-------- C:\Program Files\iTunes
2007-12-17 12:49:15 0 d-------- C:\Program Files\iPod
2007-12-17 12:46:52 0 d-------- C:\Program Files\QuickTime
2007-12-17 12:35:14 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
14/02/2008 13:01 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [14/02/2008 13:01 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [15/05/2004 21:00]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04/11/2004 18:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/11/2004 18:38]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [14/07/2003 22:57]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [14/07/2003 22:57]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [14/07/2003 22:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [18/08/2007 17:49]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [13/09/2007 13:14]
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [30/08/2005 13:51]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [10/10/2007 08:42]
"CARPService"="carpserv.exe" [21/05/2003 15:35 C:\WINDOWS\system32\carpserv.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 16:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [19/06/2007 07:07]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [13/10/2004 17:24]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [09/02/2008 14:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
@=C:\WINDOWS\scvhost.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [22/10/1999 1:10:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - PSEXESVC



-- End of Deckard's System Scanner: finished at 2008-02-14 19:40:08 ------------

but there is no extra.txt
thank you for your help
waiting your news
best regards
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.


Reboot and post a new DSS log
  • 0

#15
newnoi

newnoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hello
thank you for your help
It was the file that you told me, and "I fix checked" and choose YES, and after rebooting
the DSS.log is:
Deckard's System Scanner v20071014.68
Run by Joan Albert on 2008-02-15 17:16:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Joan Albert.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:53, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
C:\Program Files\TuneUp Utilities 2007\RegistryCleaner.exe
C:\Program Files\TuneUp Utilities 2007\RegistryCleaner.exe
C:\Documents and Settings\Joan Albert\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOANAL~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) -
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://www.softonic....s/installer.cab
O16 - DPF: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) -
O16 - DPF: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) -
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFD2816B-ABE5-458C-A3A3-CC92458A0779}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F431FA0D-5FF3-4A77-BD1B-BA0553863A75}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7528 bytes

-- Files created between 2008-01-15 and 2008-02-15 -----------------------------

2008-02-14 18:09:28 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Malwarebytes
2008-02-14 18:09:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-14 18:09:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-14 13:21:35 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-14 13:21:35 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-14 13:21:35 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-14 13:21:35 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-14 12:56:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-14 12:41:18 0 d-------- C:\WINDOWS\Internet Logs
2008-02-12 17:49:36 0 d-------- C:\Program Files\Trend Micro
2008-02-12 13:35:29 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Grisoft
2008-02-12 13:35:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-10 23:16:35 0 d-------- C:\Program Files\MSXML 4.0
2008-02-09 22:55:00 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-02-09 22:52:56 0 d-------- C:\WINDOWS\Prefetch
2008-02-09 21:37:06 0 d-------- C:\WINDOWS\peernet
2008-02-09 21:37:02 0 d-------- C:\WINDOWS\provisioning
2008-02-09 21:30:02 0 d-------- C:\WINDOWS\ServicePackFiles
2008-02-09 21:06:04 0 d-------- C:\WINDOWS\EHome
2008-02-05 19:59:34 155648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-02-05 19:59:33 696320 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-05 19:56:35 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\iolo
2008-02-05 19:56:35 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-01-15 13:18:26 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-15 13:05:25 0 d-------- C:\Program Files\CONEXANT
2008-01-15 12:16:56 12288 --a------ C:\WINDOWS\system32\APFMON40.DLL <Not Verified; TurboPower Software Company; Async Professional>
2008-01-15 12:16:53 120832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL <Not Verified; TurboPower Software Company; Async Professional>
2008-01-15 12:16:35 0 d-------- C:\Program Files\Mightyfax


-- Find3M Report ---------------------------------------------------------------

2008-02-15 17:03:54 0 d-------- C:\Program Files\SPAMfighter
2008-02-14 18:39:51 0 d-------- C:\Program Files\Common Files
2008-02-12 19:42:41 0 d-------- C:\Program Files\eMule
2008-02-10 23:22:37 0 d-------- C:\Program Files\Messenger
2008-02-09 21:37:10 0 d-------- C:\Program Files\Movie Maker
2008-02-09 21:28:57 0 d-------- C:\Program Files\Windows NT
2008-02-06 12:37:07 0 d-------- C:\Program Files\iolo
2008-02-05 18:16:17 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Adobe
2008-01-14 17:08:33 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Ahead
2008-01-05 19:35:32 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Real
2008-01-03 11:07:19 0 d-------- C:\Program Files\DivX
2007-12-31 12:20:59 0 d-------- C:\Program Files\Advanced Spyware Remover Pro
2007-12-30 19:16:49 0 d-------- C:\Program Files\Copy Utility
2007-12-30 19:16:48 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Azureus
2007-12-30 11:03:23 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-23 12:04:55 10068 --a------ C:\WINDOWS\system32\mspriv32.dll
2007-12-21 18:52:21 0 d-------- C:\Program Files\Your Uninstaller 2006
2007-12-21 12:26:45 0 d-------- C:\Program Files\Tencent
2007-12-20 20:14:43 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\ppStream
2007-12-20 20:10:55 0 d-------- C:\Program Files\Java
2007-12-20 19:04:17 0 d-------- C:\Program Files\BitTorrent
2007-12-18 20:45:29 0 d-------- C:\Program Files\Babylon
2007-12-17 12:50:29 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Apple Computer
2007-12-17 12:49:38 0 d-------- C:\Program Files\iTunes
2007-12-17 12:49:15 0 d-------- C:\Program Files\iPod
2007-12-17 12:46:52 0 d-------- C:\Program Files\QuickTime
2007-12-17 12:35:14 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [15/05/2004 21:00]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04/11/2004 18:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/11/2004 18:38]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [14/07/2003 22:57]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [14/07/2003 22:57]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [14/07/2003 22:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [18/08/2007 17:49]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [13/09/2007 13:14]
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [30/08/2005 13:51]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [10/10/2007 08:42]
"CARPService"="carpserv.exe" [21/05/2003 15:35 C:\WINDOWS\system32\carpserv.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [19/06/2007 07:07]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [13/10/2004 17:24]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [09/02/2008 14:02]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [22/10/1999 1:10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-02-15 17:18:13 ------------

Deckard's System Scanner v20071014.68
Run by Joan Albert on 2008-02-15 17:16:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Joan Albert.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:53, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
C:\Program Files\TuneUp Utilities 2007\RegistryCleaner.exe
C:\Program Files\TuneUp Utilities 2007\RegistryCleaner.exe
C:\Documents and Settings\Joan Albert\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOANAL~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) -
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://www.softonic....s/installer.cab
O16 - DPF: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) -
O16 - DPF: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) -
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFD2816B-ABE5-458C-A3A3-CC92458A0779}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F431FA0D-5FF3-4A77-BD1B-BA0553863A75}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7528 bytes

-- Files created between 2008-01-15 and 2008-02-15 -----------------------------

2008-02-14 18:09:28 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Malwarebytes
2008-02-14 18:09:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-14 18:09:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-14 13:21:35 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-14 13:21:35 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-14 13:21:35 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-14 13:21:35 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-14 12:56:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-14 12:41:18 0 d-------- C:\WINDOWS\Internet Logs
2008-02-12 17:49:36 0 d-------- C:\Program Files\Trend Micro
2008-02-12 13:35:29 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Grisoft
2008-02-12 13:35:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-10 23:16:35 0 d-------- C:\Program Files\MSXML 4.0
2008-02-09 22:55:00 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-02-09 22:52:56 0 d-------- C:\WINDOWS\Prefetch
2008-02-09 21:37:06 0 d-------- C:\WINDOWS\peernet
2008-02-09 21:37:02 0 d-------- C:\WINDOWS\provisioning
2008-02-09 21:30:02 0 d-------- C:\WINDOWS\ServicePackFiles
2008-02-09 21:06:04 0 d-------- C:\WINDOWS\EHome
2008-02-05 19:59:34 155648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-02-05 19:59:33 696320 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-05 19:56:35 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\iolo
2008-02-05 19:56:35 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-01-15 13:18:26 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-15 13:05:25 0 d-------- C:\Program Files\CONEXANT
2008-01-15 12:16:56 12288 --a------ C:\WINDOWS\system32\APFMON40.DLL <Not Verified; TurboPower Software Company; Async Professional>
2008-01-15 12:16:53 120832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL <Not Verified; TurboPower Software Company; Async Professional>
2008-01-15 12:16:35 0 d-------- C:\Program Files\Mightyfax


-- Find3M Report ---------------------------------------------------------------

2008-02-15 17:03:54 0 d-------- C:\Program Files\SPAMfighter
2008-02-14 18:39:51 0 d-------- C:\Program Files\Common Files
2008-02-12 19:42:41 0 d-------- C:\Program Files\eMule
2008-02-10 23:22:37 0 d-------- C:\Program Files\Messenger
2008-02-09 21:37:10 0 d-------- C:\Program Files\Movie Maker
2008-02-09 21:28:57 0 d-------- C:\Program Files\Windows NT
2008-02-06 12:37:07 0 d-------- C:\Program Files\iolo
2008-02-05 18:16:17 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Adobe
2008-01-14 17:08:33 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Ahead
2008-01-05 19:35:32 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Real
2008-01-03 11:07:19 0 d-------- C:\Program Files\DivX
2007-12-31 12:20:59 0 d-------- C:\Program Files\Advanced Spyware Remover Pro
2007-12-30 19:16:49 0 d-------- C:\Program Files\Copy Utility
2007-12-30 19:16:48 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Azureus
2007-12-30 11:03:23 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-23 12:04:55 10068 --a------ C:\WINDOWS\system32\mspriv32.dll
2007-12-21 18:52:21 0 d-------- C:\Program Files\Your Uninstaller 2006
2007-12-21 12:26:45 0 d-------- C:\Program Files\Tencent
2007-12-20 20:14:43 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\ppStream
2007-12-20 20:10:55 0 d-------- C:\Program Files\Java
2007-12-20 19:04:17 0 d-------- C:\Program Files\BitTorrent
2007-12-18 20:45:29 0 d-------- C:\Program Files\Babylon
2007-12-17 12:50:29 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Apple Computer
2007-12-17 12:49:38 0 d-------- C:\Program Files\iTunes
2007-12-17 12:49:15 0 d-------- C:\Program Files\iPod
2007-12-17 12:46:52 0 d-------- C:\Program Files\QuickTime
2007-12-17 12:35:14 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [15/05/2004 21:00]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04/11/2004 18:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/11/2004 18:38]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [14/07/2003 22:57]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [14/07/2003 22:57]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [14/07/2003 22:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [18/08/2007 17:49]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [13/09/2007 13:14]
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [30/08/2005 13:51]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [10/10/2007 08:42]
"CARPService"="carpserv.exe" [21/05/2003 15:35 C:\WINDOWS\system32\carpserv.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [19/06/2007 07:07]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [13/10/2004 17:24]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [09/02/2008 14:02]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [22/10/1999 1:10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-02-15 17:18:13 ------------

Deckard's System Scanner v20071014.68
Run by Joan Albert on 2008-02-15 17:16:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Joan Albert.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:53, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
C:\Program Files\TuneUp Utilities 2007\RegistryCleaner.exe
C:\Program Files\TuneUp Utilities 2007\RegistryCleaner.exe
C:\Documents and Settings\Joan Albert\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOANAL~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) -
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://www.softonic....s/installer.cab
O16 - DPF: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) -
O16 - DPF: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) -
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFD2816B-ABE5-458C-A3A3-CC92458A0779}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F431FA0D-5FF3-4A77-BD1B-BA0553863A75}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7528 bytes

-- Files created between 2008-01-15 and 2008-02-15 -----------------------------

2008-02-14 18:09:28 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Malwarebytes
2008-02-14 18:09:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-14 18:09:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-14 13:21:35 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-14 13:21:35 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-14 13:21:35 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-14 13:21:35 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-14 12:56:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-14 12:41:18 0 d-------- C:\WINDOWS\Internet Logs
2008-02-12 17:49:36 0 d-------- C:\Program Files\Trend Micro
2008-02-12 13:35:29 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Grisoft
2008-02-12 13:35:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-10 23:16:35 0 d-------- C:\Program Files\MSXML 4.0
2008-02-09 22:55:00 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-02-09 22:52:56 0 d-------- C:\WINDOWS\Prefetch
2008-02-09 21:37:06 0 d-------- C:\WINDOWS\peernet
2008-02-09 21:37:02 0 d-------- C:\WINDOWS\provisioning
2008-02-09 21:30:02 0 d-------- C:\WINDOWS\ServicePackFiles
2008-02-09 21:06:04 0 d-------- C:\WINDOWS\EHome
2008-02-05 19:59:34 155648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-02-05 19:59:33 696320 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-05 19:56:35 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\iolo
2008-02-05 19:56:35 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-01-15 13:18:26 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-15 13:05:25 0 d-------- C:\Program Files\CONEXANT
2008-01-15 12:16:56 12288 --a------ C:\WINDOWS\system32\APFMON40.DLL <Not Verified; TurboPower Software Company; Async Professional>
2008-01-15 12:16:53 120832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL <Not Verified; TurboPower Software Company; Async Professional>
2008-01-15 12:16:35 0 d-------- C:\Program Files\Mightyfax


-- Find3M Report ---------------------------------------------------------------

2008-02-15 17:03:54 0 d-------- C:\Program Files\SPAMfighter
2008-02-14 18:39:51 0 d-------- C:\Program Files\Common Files
2008-02-12 19:42:41 0 d-------- C:\Program Files\eMule
2008-02-10 23:22:37 0 d-------- C:\Program Files\Messenger
2008-02-09 21:37:10 0 d-------- C:\Program Files\Movie Maker
2008-02-09 21:28:57 0 d-------- C:\Program Files\Windows NT
2008-02-06 12:37:07 0 d-------- C:\Program Files\iolo
2008-02-05 18:16:17 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Adobe
2008-01-14 17:08:33 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Ahead
2008-01-05 19:35:32 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Real
2008-01-03 11:07:19 0 d-------- C:\Program Files\DivX
2007-12-31 12:20:59 0 d-------- C:\Program Files\Advanced Spyware Remover Pro
2007-12-30 19:16:49 0 d-------- C:\Program Files\Copy Utility
2007-12-30 19:16:48 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Azureus
2007-12-30 11:03:23 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-23 12:04:55 10068 --a------ C:\WINDOWS\system32\mspriv32.dll
2007-12-21 18:52:21 0 d-------- C:\Program Files\Your Uninstaller 2006
2007-12-21 12:26:45 0 d-------- C:\Program Files\Tencent
2007-12-20 20:14:43 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\ppStream
2007-12-20 20:10:55 0 d-------- C:\Program Files\Java
2007-12-20 19:04:17 0 d-------- C:\Program Files\BitTorrent
2007-12-18 20:45:29 0 d-------- C:\Program Files\Babylon
2007-12-17 12:50:29 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Apple Computer
2007-12-17 12:49:38 0 d-------- C:\Program Files\iTunes
2007-12-17 12:49:15 0 d-------- C:\Program Files\iPod
2007-12-17 12:46:52 0 d-------- C:\Program Files\QuickTime
2007-12-17 12:35:14 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [15/05/2004 21:00]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04/11/2004 18:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/11/2004 18:38]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [14/07/2003 22:57]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [14/07/2003 22:57]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [14/07/2003 22:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [18/08/2007 17:49]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [13/09/2007 13:14]
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [30/08/2005 13:51]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [10/10/2007 08:42]
"CARPService"="carpserv.exe" [21/05/2003 15:35 C:\WINDOWS\system32\carpserv.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [19/06/2007 07:07]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [13/10/2004 17:24]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [09/02/2008 14:02]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [22/10/1999 1:10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-02-15 17:18:13 ------------

thanks again for your help
Waiting your comments
Best regards
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP