Hello
thank you for your help
It was the file that you told me, and "I fix checked" and choose YES, and after rebooting
the DSS.log is:
Deckard's System Scanner v20071014.68
Run by Joan Albert on 2008-02-15 17:16:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 447 MiB (512 MiB recommended).-- HijackThis (run as Joan Albert.exe) -----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:53, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
C:\Program Files\TuneUp Utilities 2007\RegistryCleaner.exe
C:\Program Files\TuneUp Utilities 2007\RegistryCleaner.exe
C:\Documents and Settings\Joan Albert\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOANAL~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.es/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) -
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) -
http://www.softonic....s/installer.cabO16 - DPF: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) -
O16 - DPF: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) -
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) -
http://www.crtvg.es/camweb/camera.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{BFD2816B-ABE5-458C-A3A3-CC92458A0779}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F431FA0D-5FF3-4A77-BD1B-BA0553863A75}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 7528 bytes
-- Files created between 2008-01-15 and 2008-02-15 -----------------------------
2008-02-14 18:09:28 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Malwarebytes
2008-02-14 18:09:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-14 18:09:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-14 13:21:35 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-14 13:21:35 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-14 13:21:35 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-14 13:21:35 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-14 12:56:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-14 12:41:18 0 d-------- C:\WINDOWS\Internet Logs
2008-02-12 17:49:36 0 d-------- C:\Program Files\Trend Micro
2008-02-12 13:35:29 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Grisoft
2008-02-12 13:35:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-10 23:16:35 0 d-------- C:\Program Files\MSXML 4.0
2008-02-09 22:55:00 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-02-09 22:52:56 0 d-------- C:\WINDOWS\Prefetch
2008-02-09 21:37:06 0 d-------- C:\WINDOWS\peernet
2008-02-09 21:37:02 0 d-------- C:\WINDOWS\provisioning
2008-02-09 21:30:02 0 d-------- C:\WINDOWS\ServicePackFiles
2008-02-09 21:06:04 0 d-------- C:\WINDOWS\EHome
2008-02-05 19:59:34 155648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-02-05 19:59:33 696320 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-05 19:56:35 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\iolo
2008-02-05 19:56:35 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-01-15 13:18:26 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-15 13:05:25 0 d-------- C:\Program Files\CONEXANT
2008-01-15 12:16:56 12288 --a------ C:\WINDOWS\system32\APFMON40.DLL <Not Verified; TurboPower Software Company; Async Professional>
2008-01-15 12:16:53 120832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL <Not Verified; TurboPower Software Company; Async Professional>
2008-01-15 12:16:35 0 d-------- C:\Program Files\Mightyfax
-- Find3M Report ---------------------------------------------------------------
2008-02-15 17:03:54 0 d-------- C:\Program Files\SPAMfighter
2008-02-14 18:39:51 0 d-------- C:\Program Files\Common Files
2008-02-12 19:42:41 0 d-------- C:\Program Files\eMule
2008-02-10 23:22:37 0 d-------- C:\Program Files\Messenger
2008-02-09 21:37:10 0 d-------- C:\Program Files\Movie Maker
2008-02-09 21:28:57 0 d-------- C:\Program Files\Windows NT
2008-02-06 12:37:07 0 d-------- C:\Program Files\iolo
2008-02-05 18:16:17 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Adobe
2008-01-14 17:08:33 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Ahead
2008-01-05 19:35:32 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Real
2008-01-03 11:07:19 0 d-------- C:\Program Files\DivX
2007-12-31 12:20:59 0 d-------- C:\Program Files\Advanced Spyware Remover Pro
2007-12-30 19:16:49 0 d-------- C:\Program Files\Copy Utility
2007-12-30 19:16:48 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Azureus
2007-12-30 11:03:23 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-23 12:04:55 10068 --a------ C:\WINDOWS\system32\mspriv32.dll
2007-12-21 18:52:21 0 d-------- C:\Program Files\Your Uninstaller 2006
2007-12-21 12:26:45 0 d-------- C:\Program Files\Tencent
2007-12-20 20:14:43 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\ppStream
2007-12-20 20:10:55 0 d-------- C:\Program Files\Java
2007-12-20 19:04:17 0 d-------- C:\Program Files\BitTorrent
2007-12-18 20:45:29 0 d-------- C:\Program Files\Babylon
2007-12-17 12:50:29 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Apple Computer
2007-12-17 12:49:38 0 d-------- C:\Program Files\iTunes
2007-12-17 12:49:15 0 d-------- C:\Program Files\iPod
2007-12-17 12:46:52 0 d-------- C:\Program Files\QuickTime
2007-12-17 12:35:14 0 d-------- C:\Program Files\Apple Software Update
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [15/05/2004 21:00]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04/11/2004 18:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/11/2004 18:38]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [14/07/2003 22:57]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [14/07/2003 22:57]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [14/07/2003 22:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [18/08/2007 17:49]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [13/09/2007 13:14]
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [30/08/2005 13:51]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [10/10/2007 08:42]
"CARPService"="carpserv.exe" [21/05/2003 15:35 C:\WINDOWS\system32\carpserv.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [19/06/2007 07:07]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [13/10/2004 17:24]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [09/02/2008 14:02]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [22/10/1999 1:10:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
-- End of Deckard's System Scanner: finished at 2008-02-15 17:18:13 ------------
Deckard's System Scanner v20071014.68
Run by Joan Albert on 2008-02-15 17:16:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 447 MiB (512 MiB recommended).-- HijackThis (run as Joan Albert.exe) -----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:53, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
C:\Program Files\TuneUp Utilities 2007\RegistryCleaner.exe
C:\Program Files\TuneUp Utilities 2007\RegistryCleaner.exe
C:\Documents and Settings\Joan Albert\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOANAL~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.es/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) -
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) -
http://www.softonic....s/installer.cabO16 - DPF: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) -
O16 - DPF: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) -
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) -
http://www.crtvg.es/camweb/camera.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{BFD2816B-ABE5-458C-A3A3-CC92458A0779}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F431FA0D-5FF3-4A77-BD1B-BA0553863A75}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 7528 bytes
-- Files created between 2008-01-15 and 2008-02-15 -----------------------------
2008-02-14 18:09:28 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Malwarebytes
2008-02-14 18:09:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-14 18:09:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-14 13:21:35 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-14 13:21:35 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-14 13:21:35 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-14 13:21:35 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-14 12:56:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-14 12:41:18 0 d-------- C:\WINDOWS\Internet Logs
2008-02-12 17:49:36 0 d-------- C:\Program Files\Trend Micro
2008-02-12 13:35:29 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Grisoft
2008-02-12 13:35:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-10 23:16:35 0 d-------- C:\Program Files\MSXML 4.0
2008-02-09 22:55:00 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-02-09 22:52:56 0 d-------- C:\WINDOWS\Prefetch
2008-02-09 21:37:06 0 d-------- C:\WINDOWS\peernet
2008-02-09 21:37:02 0 d-------- C:\WINDOWS\provisioning
2008-02-09 21:30:02 0 d-------- C:\WINDOWS\ServicePackFiles
2008-02-09 21:06:04 0 d-------- C:\WINDOWS\EHome
2008-02-05 19:59:34 155648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-02-05 19:59:33 696320 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-05 19:56:35 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\iolo
2008-02-05 19:56:35 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-01-15 13:18:26 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-15 13:05:25 0 d-------- C:\Program Files\CONEXANT
2008-01-15 12:16:56 12288 --a------ C:\WINDOWS\system32\APFMON40.DLL <Not Verified; TurboPower Software Company; Async Professional>
2008-01-15 12:16:53 120832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL <Not Verified; TurboPower Software Company; Async Professional>
2008-01-15 12:16:35 0 d-------- C:\Program Files\Mightyfax
-- Find3M Report ---------------------------------------------------------------
2008-02-15 17:03:54 0 d-------- C:\Program Files\SPAMfighter
2008-02-14 18:39:51 0 d-------- C:\Program Files\Common Files
2008-02-12 19:42:41 0 d-------- C:\Program Files\eMule
2008-02-10 23:22:37 0 d-------- C:\Program Files\Messenger
2008-02-09 21:37:10 0 d-------- C:\Program Files\Movie Maker
2008-02-09 21:28:57 0 d-------- C:\Program Files\Windows NT
2008-02-06 12:37:07 0 d-------- C:\Program Files\iolo
2008-02-05 18:16:17 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Adobe
2008-01-14 17:08:33 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Ahead
2008-01-05 19:35:32 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Real
2008-01-03 11:07:19 0 d-------- C:\Program Files\DivX
2007-12-31 12:20:59 0 d-------- C:\Program Files\Advanced Spyware Remover Pro
2007-12-30 19:16:49 0 d-------- C:\Program Files\Copy Utility
2007-12-30 19:16:48 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Azureus
2007-12-30 11:03:23 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-23 12:04:55 10068 --a------ C:\WINDOWS\system32\mspriv32.dll
2007-12-21 18:52:21 0 d-------- C:\Program Files\Your Uninstaller 2006
2007-12-21 12:26:45 0 d-------- C:\Program Files\Tencent
2007-12-20 20:14:43 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\ppStream
2007-12-20 20:10:55 0 d-------- C:\Program Files\Java
2007-12-20 19:04:17 0 d-------- C:\Program Files\BitTorrent
2007-12-18 20:45:29 0 d-------- C:\Program Files\Babylon
2007-12-17 12:50:29 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Apple Computer
2007-12-17 12:49:38 0 d-------- C:\Program Files\iTunes
2007-12-17 12:49:15 0 d-------- C:\Program Files\iPod
2007-12-17 12:46:52 0 d-------- C:\Program Files\QuickTime
2007-12-17 12:35:14 0 d-------- C:\Program Files\Apple Software Update
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [15/05/2004 21:00]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04/11/2004 18:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/11/2004 18:38]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [14/07/2003 22:57]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [14/07/2003 22:57]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [14/07/2003 22:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [18/08/2007 17:49]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [13/09/2007 13:14]
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [30/08/2005 13:51]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [10/10/2007 08:42]
"CARPService"="carpserv.exe" [21/05/2003 15:35 C:\WINDOWS\system32\carpserv.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [19/06/2007 07:07]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [13/10/2004 17:24]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [09/02/2008 14:02]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [22/10/1999 1:10:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
-- End of Deckard's System Scanner: finished at 2008-02-15 17:18:13 ------------
Deckard's System Scanner v20071014.68
Run by Joan Albert on 2008-02-15 17:16:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 447 MiB (512 MiB recommended).-- HijackThis (run as Joan Albert.exe) -----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:53, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
C:\Program Files\TuneUp Utilities 2007\RegistryCleaner.exe
C:\Program Files\TuneUp Utilities 2007\RegistryCleaner.exe
C:\Documents and Settings\Joan Albert\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOANAL~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.es/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind)) -
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) -
http://www.softonic....s/installer.cabO16 - DPF: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) -
O16 - DPF: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) -
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) -
http://www.crtvg.es/camweb/camera.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{BFD2816B-ABE5-458C-A3A3-CC92458A0779}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F431FA0D-5FF3-4A77-BD1B-BA0553863A75}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 7528 bytes
-- Files created between 2008-01-15 and 2008-02-15 -----------------------------
2008-02-14 18:09:28 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Malwarebytes
2008-02-14 18:09:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-14 18:09:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-14 13:21:35 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-14 13:21:35 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-14 13:21:35 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-14 13:21:35 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-14 12:56:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-14 12:41:18 0 d-------- C:\WINDOWS\Internet Logs
2008-02-12 17:49:36 0 d-------- C:\Program Files\Trend Micro
2008-02-12 13:35:29 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Grisoft
2008-02-12 13:35:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-10 23:16:35 0 d-------- C:\Program Files\MSXML 4.0
2008-02-09 22:55:00 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-02-09 22:52:56 0 d-------- C:\WINDOWS\Prefetch
2008-02-09 21:37:06 0 d-------- C:\WINDOWS\peernet
2008-02-09 21:37:02 0 d-------- C:\WINDOWS\provisioning
2008-02-09 21:30:02 0 d-------- C:\WINDOWS\ServicePackFiles
2008-02-09 21:06:04 0 d-------- C:\WINDOWS\EHome
2008-02-05 19:59:34 155648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-02-05 19:59:33 696320 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-05 19:56:35 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\iolo
2008-02-05 19:56:35 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-01-15 13:18:26 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-15 13:05:25 0 d-------- C:\Program Files\CONEXANT
2008-01-15 12:16:56 12288 --a------ C:\WINDOWS\system32\APFMON40.DLL <Not Verified; TurboPower Software Company; Async Professional>
2008-01-15 12:16:53 120832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL <Not Verified; TurboPower Software Company; Async Professional>
2008-01-15 12:16:35 0 d-------- C:\Program Files\Mightyfax
-- Find3M Report ---------------------------------------------------------------
2008-02-15 17:03:54 0 d-------- C:\Program Files\SPAMfighter
2008-02-14 18:39:51 0 d-------- C:\Program Files\Common Files
2008-02-12 19:42:41 0 d-------- C:\Program Files\eMule
2008-02-10 23:22:37 0 d-------- C:\Program Files\Messenger
2008-02-09 21:37:10 0 d-------- C:\Program Files\Movie Maker
2008-02-09 21:28:57 0 d-------- C:\Program Files\Windows NT
2008-02-06 12:37:07 0 d-------- C:\Program Files\iolo
2008-02-05 18:16:17 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Adobe
2008-01-14 17:08:33 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Ahead
2008-01-05 19:35:32 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Real
2008-01-03 11:07:19 0 d-------- C:\Program Files\DivX
2007-12-31 12:20:59 0 d-------- C:\Program Files\Advanced Spyware Remover Pro
2007-12-30 19:16:49 0 d-------- C:\Program Files\Copy Utility
2007-12-30 19:16:48 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Azureus
2007-12-30 11:03:23 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-23 12:04:55 10068 --a------ C:\WINDOWS\system32\mspriv32.dll
2007-12-21 18:52:21 0 d-------- C:\Program Files\Your Uninstaller 2006
2007-12-21 12:26:45 0 d-------- C:\Program Files\Tencent
2007-12-20 20:14:43 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\ppStream
2007-12-20 20:10:55 0 d-------- C:\Program Files\Java
2007-12-20 19:04:17 0 d-------- C:\Program Files\BitTorrent
2007-12-18 20:45:29 0 d-------- C:\Program Files\Babylon
2007-12-17 12:50:29 0 d-------- C:\Documents and Settings\Joan Albert\Application Data\Apple Computer
2007-12-17 12:49:38 0 d-------- C:\Program Files\iTunes
2007-12-17 12:49:15 0 d-------- C:\Program Files\iPod
2007-12-17 12:46:52 0 d-------- C:\Program Files\QuickTime
2007-12-17 12:35:14 0 d-------- C:\Program Files\Apple Software Update
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [15/05/2004 21:00]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04/11/2004 18:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/11/2004 18:38]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [14/07/2003 22:57]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [14/07/2003 22:57]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [14/07/2003 22:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [18/08/2007 17:49]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [13/09/2007 13:14]
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [30/08/2005 13:51]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [10/10/2007 08:42]
"CARPService"="carpserv.exe" [21/05/2003 15:35 C:\WINDOWS\system32\carpserv.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [19/06/2007 07:07]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [13/10/2004 17:24]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [09/02/2008 14:02]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [22/10/1999 1:10:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
-- End of Deckard's System Scanner: finished at 2008-02-15 17:18:13 ------------
thanks again for your help
Waiting your comments
Best regards