This really needs sorting out, please help.

Tom.A · 02-18-2007, 02:07 PM

My comp has a dialer, and other problems, it went off not long ago, you must help, it´bad.

Heres an hijackthis log and the other file I was told to attatch.

hjt log:

Quote:

ComboScan v20070212.14 run by España on 2007-02-18 at 23:04:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.

-- HijackThis log (run as España.com) -------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:06:32, on 18/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\APPS\Powercinema\PCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\APPS\SMP\SmpSys.exe
C:\Archivos de programa\Spyware Doctor\swdoctor.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Archivos de programa\Spyware Doctor\sdhelp.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\archivos de programa\panda software\panda internet security 2007\WebProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\España\Escritorio\comboscan

And this file...

Please help. Please.:sigh:

Tom.A · 02-22-2007, 01:24 AM

I was told to bump, please could somebody reply...?

**Glaswegian** · 02-22-2007, 12:41 PM

Hi Tom

Apologies for any delay in replying to you.

Before I can actually provide any help, I need you to run comboscan again and post a new log - the one you posted was incomplete. I can't really do much without all the relevant details - I don't want to completely ruin your system. You don't need to repost the Supplementary file - it's just the main comboscan log I need. And just post it all directly into the thread - you don't need to use quote tags or anything like that.

Tom.A · 02-22-2007, 01:34 PM

No worries mate. It had a problem or something:
http://img340.imageshack.us/img340/5325/problem1pf7.png
and this:
http://img90.imageshack.us/img90/7099/problem2we8.png

But, heres the log.

ComboScan v20070221.16 run by España on 2007-02-22 at 22:31:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.

-- HijackThis (run as España.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:31:54, on 22/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\APPS\Powercinema\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\sys98.exe
C:\WINDOWS\system32\ctfmon.exe
C:\APPS\SMP\SmpSys.exe
C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
C:\Archivos de programa\Spyware Doctor\swdoctor.exe
C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Archivos de programa\Spyware Doctor\sdhelp.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\WINDOWS\System32\alg.exe
c:\archivos de programa\panda software\panda internet security 2007\WebProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\España\Escritorio\comboscan.exe
C:\Archivos de programa\HijackThis\España.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bi...e=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARCHIV~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acceso directo a la página de propiedades de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [sys98] C:\WINDOWS\System32\sys98.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Archivos de programa\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: .protected
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: .protected
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Archivos de programa\Spyware Doctor\sdhelp.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

-- HijackThis Fixed Entries (C:\Archivos de programa\HijackThis\backups\) -------

backup-20070217-212413-716 O4 - HKLM\..\Run: [Ultimate Defender] "C:\Archivos de programa\Ultimate Defender\App.exe" hide
backup-20070217-212923-344 O2 - BHO: (no name) - {67405DD1-7E1D-E433-B7AB-05FCA4B077E3} - C:\WINDOWS\system32\qqxkcid.dll
backup-20070217-232345-210 O16 - DPF: {4B0999FD-6937-11D5-8FEC-00606779369C} (NetConf) -

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - C:\ARCHIV~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - C:\ARCHIV~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

0R agpCPQ (Filtro de bus Compaq AGP) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS
0R alim1541 (Filtro de bus ALI AGP) - C:\WINDOWS\system32\drivers\ALIM1541.SYS
0R amdagp (Controlador de filtro de bus AMD AGP) - C:\WINDOWS\system32\drivers\AMDAGP.SYS
1R AmdK8 (Controlador de procesador AMD) - C:\WINDOWS\system32\drivers\AmdK8.sys
1R APPFLT (App Filter Plugin) - C:\WINDOWS\system32\drivers\APPFLT.SYS
3R AvFlt (Antivirus Filter Driver) - C:\WINDOWS\system32\drivers\av5flt.sys (not found)
1R Avg7Core (AVG7 Kernel) - C:\WINDOWS\system32\drivers\avg7core.sys
1R Avg7RsW (AVG7 Wrap Driver) - C:\WINDOWS\system32\drivers\avg7rsw.sys
1R Avg7RsXP (AVG7 Resident Driver XP) - C:\WINDOWS\system32\drivers\avg7rsxp.sys
1R AvgClean (AVG7 Clean Driver) - C:\WINDOWS\system32\drivers\avgclean.sys
2R AvgTdi (AVG Network Redirector) - C:\WINDOWS\system32\drivers\avgtdi.sys
3R BthEnum (Controlador de bloques de peticiones Bluetooth) - C:\WINDOWS\system32\drivers\BthEnum.sys
3R BTHMODEM (Controlador de comunicaciones por módem Bluetooth) - C:\WINDOWS\system32\drivers\bthmodem.sys
3R BthPan (Bluetooth Device (Personal Area Network)) - C:\WINDOWS\system32\drivers\bthpan.sys
3S BTHPORT (Controlador de puertos Bluetooth) - C:\WINDOWS\system32\drivers\bthport.sys
3R BTHUSB (Controlador USB de ondas de radio Bluetooth) - C:\WINDOWS\system32\drivers\BTHUSB.SYS
0R cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys
3R ComFiltr (Panda Anti-Dialer) - C:\WINDOWS\system32\DRIVERS\COMFiltr.sys (not found)
2R cpoint (Panda CPoint Driver) - C:\WINDOWS\system32\drivers\cpoint.sys
0R dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys
1R DSAFLT (DSA Filter Plugin) - C:\WINDOWS\system32\drivers\dsaflt.sys
1R FNETMON (NetMon Filter Plugin) - C:\WINDOWS\system32\drivers\fnetmon.sys
3S HdAudAddService (Controlador de funciones de Microsoft UAA para el servicio High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudio.sys
3R HDAudBus (Controlador de bus de Microsoft UAA para High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3S HidUsb (Controlador de clases HID de Microsoft) - C:\WINDOWS\system32\drivers\hidusb.sys
1R IDSFLT (Ids Filter Plugin) - C:\WINDOWS\system32\drivers\idsflt.sys
1R ikhfile (File Security Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhfile.sys
1R ikhlayer (Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhlayer.sys
3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.Sys
1S kbdhid (Controlador HID de teclado) - C:\WINDOWS\system32\drivers\kbdhid.sys
3S mouhid (Controlador HID de mouse) - C:\WINDOWS\system32\drivers\mouhid.sys
0R netflt (Panda Net Driver [NDIS Layer]) - C:\WINDOWS\system32\drivers\netflt.sys
1R NETFLTDI (Panda Net Driver [TDI Layer]) - C:\WINDOWS\system32\drivers\netfltdi.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
3R NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENETFD.sys
3R nvnetbus (NVIDIA Network Bus Enumerator) - C:\WINDOWS\system32\drivers\nvnetbus.sys
3R nvsmu - C:\WINDOWS\system32\drivers\nvsmu.sys
2R PAVDRV - C:\WINDOWS\system32\drivers\pavdrv51.sys
2R PavProc (Panda Process Protection Driver) - C:\WINDOWS\system32\drivers\PavProc.sys
3S PavSRK.sys - C:\WINDOWS\system32\PavSRK.sys (not found)
3R PavTPK.sys - C:\WINDOWS\system32\PavTPK.sys (not found)
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3R RFCOMM (Dispositivo Bluetooth (TDI protocolo RFCOMM)) - C:\WINDOWS\system32\drivers\rfcomm.sys
3R RT73 (RT73 USB Wireless LAN Card Driver) - C:\WINDOWS\system32\drivers\rt73.sys
1R ShldDrv (Panda File Shield Driver) - C:\WINDOWS\system32\drivers\ShldDrv.sys
0R sisagp (Filtro de bus SIS AGP) - C:\WINDOWS\system32\drivers\SISAGP.SYS
1R SMSFLT (SMS Filter Plugin) - C:\WINDOWS\system32\drivers\smsflt.sys
3S SYMIDSCO - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SymcData\idsdefs\20070124.003\symidsco.sys (not found)
3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
3S usbccgp (Controlador primario genérico USB de Microsoft) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Controlador minipuerto de la controladora mejorada USB 2.0 de Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Controlador minipuerto de la controladora de host abierto USB de Microsoft) - C:\WINDOWS\system32\drivers\usbohci.sys
3S USBSTOR (Dispositivo de almacenamiento masivo de datos USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
3R USB_RNDIS (Thomson ST Remote NDIS Device Driver) - C:\WINDOWS\system32\drivers\usb8023.sys
0R viaagp (Filtro de bus VIA AGP) - C:\WINDOWS\system32\drivers\VIAAGP.SYS
1R WNMFLT (Wifi Monitor Filter Plugin) - C:\WINDOWS\system32\drivers\wnmflt.sys
1R WS2IFSL (Entorno de compatibilidad con proveedores de servicios no IFS de Windows Socket 2.0) - C:\WINDOWS\system32\drivers\ws2ifsl.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S Adobe LM Service - "C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe"
4S Alerter (Servicio de alerta) - C:\WINDOWS\system32\svchost.exe -k LocalService
3R ALG (Servicio de puerta de enlace de capa de aplicación) - C:\WINDOWS\System32\alg.exe
3S AppMgmt (Administración de aplicaciones) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S aspnet_state (Servicio de estado de ASP.NET) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R AudioSrv (Audio de Windows) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Avg7Alrt (AVG7 Alert Manager Server) - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
2R Avg7UpdSvc (AVG7 Update Service) - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
2R AVGEMS (AVG E-mail Scanner) - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
3S BITS (Servicio de transferencia inteligente en segundo plano) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R Browser (Examinador de equipos) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R BthServ (Bluetooth Support Service) - C:\WINDOWS\system32\svchost.exe -k bthsvcs
3S CiSvc (Servicio de Index Server) - C:\WINDOWS\system32\cisvc.exe
2R CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"
4S ClipSrv (Portafolios) - C:\WINDOWS\system32\clipsrv.exe
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2R CLSched (CyberLink Task Scheduler (CTS)) - "c:\APPS\Powercinema\Kernel\TV\CLSched.exe"
3S COMSysApp (Aplicación del sistema COM+) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R CryptSvc (Servicios de cifrado) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R CyberLink Media Library Service - "c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe"
2R DcomLaunch (Iniciador de procesos de servidor DCOM) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R Dhcp (Cliente DHCP) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S dmadmin (Servicio del administrador de discos lógicos) - C:\WINDOWS\System32\dmadmin.exe /com
3S dmserver (Administrador de discos lógicos) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (Cliente DNS) - C:\WINDOWS\system32\svchost.exe -k NetworkService
2R ERSvc (Servicio de informe de errores) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Registro de sucesos) - C:\WINDOWS\system32\services.exe
3R EventSystem (Sistema de sucesos COM+) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3R FastUserSwitchingCompatibility (Compatibilidad de cambio rápido de usuario) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R helpsvc (Ayuda y soporte técnico) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R HidServ (HID Input Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S ImapiService (Servicio COM de grabación de CD de IMAPI) - C:\WINDOWS\system32\imapi.exe
2R lanmanserver (Servidor) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R lanmanworkstation (Estación de trabajo) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R LmHosts (Ayuda de NetBIOS sobre TCP/IP) - C:\WINDOWS\system32\svchost.exe -k LocalService
4S Messenger (Mensajero) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S mnmsrvc (Escritorio remoto compartido de NetMeeting) - C:\WINDOWS\system32\mnmsrvc.exe
3S MSDTC (Coordinador de transacciones distribuidas de Microsoft) - C:\WINDOWS\system32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V
4S NetDDE (DDE de red) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (DSDM de DDE de red) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Inicio de sesión en red) - C:\WINDOWS\system32\lsass.exe
3R Netman (Conexiones de red) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R Nla (NLA (Network Location Awareness)) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S NtLmSsp (Proveedor de compatibilidad con seguridad LM de Windows NT) - C:\WINDOWS\system32\lsass.exe
3S NtmsSvc (Medios de almacenamiento extraíbles) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
2R PAVFNSVR (Panda Function Service) - "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe"
2R PavPrSrv (Panda Process Protection Service) - "C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe"
2R PAVSRV (Panda anti-virus service) - "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe"
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
2R pmshellsrv (Panda Antispam Engine) - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
2R PNMSRV (Panda Network Manager) - "c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE"
2R PolicyAgent (Servicios IPSEC) - C:\WINDOWS\system32\lsass.exe
2R ProtectedStorage (Almacenamiento protegido) - C:\WINDOWS\system32\lsass.exe
2R PSIMSVC (Panda IManager Service) - "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe"
3S RasAuto (Administrador de conexión automática de acceso remoto) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3R RasMan (Administrador de conexión de acceso remoto) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S RDSessMgr (Administrador de sesión de Ayuda de escritorio remoto) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Enrutamiento y acceso remoto) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S RpcLocator (Localizador de llamadas a procedimiento remoto (RPC)) - C:\WINDOWS\system32\locator.exe
2R RpcSs (Llamada a procedimiento remoto (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\system32\rsvp.exe
2R SamSs (Administrador de cuentas de seguridad) - C:\WINDOWS\system32\lsass.exe
3S SCardSvr (Tarjeta inteligente) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Programador de tareas) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SDhelper (PC Tools Spyware Doctor) - C:\Archivos de programa\Spyware Doctor\sdhelp.exe
2R seclogon (Inicio de sesión secundario) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (Notificación de sucesos del sistema) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Firewall de Windows/Conexión compartida a Internet (ICS)) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R ShellHWDetection (Detección de hardware shell) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Spooler (Cola de impresión) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (Servicio de restauración de sistema) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3R SSDPSRV (Servicio de descubrimientos SSDP) - C:\WINDOWS\system32\svchost.exe -k LocalService
3R stisvc (Adquisición de imágenes de Windows (WIA)) - C:\WINDOWS\system32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\system32\dllhost.exe /Processid:{5CE84022-CB01-46B0-85C5-2F45D382A0B5}
3S SysmonLog (Registros y alertas de rendimiento) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telefonía) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Servicios de Terminal Server) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes (Temas) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R TPSrv (Panda TPSrv) - "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe"
2R TrkWks (Cliente de seguimiento de vinculos distribuidos) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R UleadBurningHelper (Ulead Burning Helper) - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3S upnphost (Host de dispositivo Plug and Play universal) - C:\WINDOWS\system32\svchost.exe -k LocalService
3S UPS (Sistema de alimentación ininterrumpida) - C:\WINDOWS\System32\ups.exe
2R USBDeviceService - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
3R usnsvc (Messenger Sharing USN Journal Reader service) - C:\WINDOWS\system32\svchost.exe -k usnsvc
3S VSS (Instantáneas de volumen) - C:\WINDOWS\System32\vssvc.exe
2R W32Time (Horario de Windows) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WebClient (Cliente Web) - C:\WINDOWS\system32\svchost.exe -k LocalService
2R winmgmt (Instrumental de administración de Windows) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WmdmPmSN (Servicio del número de serie de medio portátil) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (Adaptador de rendimiento de WMI) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
2R wscsvc (Centro de seguridad) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Actualizaciones automáticas) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WZCSVC (Configuración inalámbrica rápida) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Servicio de aprovisionamiento de red) - C:\WINDOWS\System32\svchost.exe -k netsvcs

-- Files created between 2007-01-22 and 2007-02-22 ------------------------------

2007-02-22 10:33:30 0 d-------- C:\Archivos de programa\GlobalSCAPE<GLOBAL~1>
2007-02-21 23:59:02 221184 --a------ C:\WINDOWS\system32\sys98.exe
2007-02-20 23:30:26 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-02-20 23:30:24 0 d-------- C:\Archivos de programa\SpywareBlaster<SPYWAR~2>
2007-02-20 13:18:01 3678 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-20 13:17:22 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-20 13:17:22 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-20 13:17:22 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-20 13:17:22 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-20 13:17:22 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-19 15:09:13 0 dr-h----- C:\$VAULT$.AVG
2007-02-19 14:57:56 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-19 14:57:55 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-02-19 14:57:55 18432 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-19 14:57:55 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-19 14:57:55 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-19 14:57:52 839936 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-19 14:57:46 0 d-------- C:\Archivos de programa\Grisoft
2007-02-19 08:30:16 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-19 08:24:00 94208 --a------ C:\WINDOWS\system32\jooqovf.dll
2007-02-18 22:49:44 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-02-18 22:49:43 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-02-18 22:49:35 0 d-------- C:\Archivos de programa\Spyware Doctor<SPYWAR~1>
2007-02-18 22:41:41 0 d-------- C:\Archivos de programa\Security Task Manager<SECURI~1>
2007-02-18 10:35:35 0 d-------- C:\WINDOWS\WBEM
2007-02-18 10:35:34 0 d-------- C:\WINDOWS\system32\en-US
2007-02-18 10:34:12 0 d--h---c- C:\WINDOWS\ie7
2007-02-18 10:32:55 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-02-18 10:32:17 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-02-18 09:57:15 94208 --a------ C:\WINDOWS\system32\kujaihl.dll
2007-02-17 14:07:45 0 d-------- C:\WINDOWS\pss
2007-02-17 13:30:10 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-17 11:46:07 0 d-------- C:\3gptemp
2007-02-17 10:27:47 0 d-------- C:\Archivos de programa\MSXML 4.0<MSXML4~1.0>
2007-02-17 10:27:42 0 d-------- C:\39fce942ea876c14c654<39FCE9~1>
2007-02-17 00:23:55 309616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-02-17 00:23:54 420240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-02-17 00:23:34 196608 --a------ C:\WINDOWS\system32\NCTWMVFile.dll<NCTWMV~1.DLL>
2007-02-17 00:23:34 139264 --a------ C:\WINDOWS\system32\NCTVideoFile.dll<NC419E~1.DLL>
2007-02-17 00:23:33 589824 --a------ C:\WINDOWS\system32\NCTVideoView.dll<NCTVID~4.DLL>
2007-02-17 00:23:33 3031040 --a------ C:\WINDOWS\system32\NCTVideoTransform.dll<NCTVID~2.DLL>
2007-02-17 00:23:33 991232 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll<NCTVID~3.DLL>
2007-02-17 00:23:33 1245184 --a------ C:\WINDOWS\system32\NCTRMFile.dll<NCTRMF~1.DLL>
2007-02-17 00:23:33 679936 --a------ C:\WINDOWS\system32\NCTMPEGFile.dll<NCTMPE~1.DLL>
2007-02-17 00:23:33 626688 --a------ C:\WINDOWS\system32\NCTImageFile.dll<NCTIMA~1.DLL>
2007-02-17 00:23:33 294912 --a------ C:\WINDOWS\system32\NCTAVIFile.dll<NCTAVI~1.DLL>
2007-02-17 00:23:33 458752 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll<NCTAUD~3.DLL>
2007-02-17 00:23:32 2260992 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll<NCTVID~1.DLL>
2007-02-17 00:23:32 1986560 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll<NCTAUD~1.DLL>
2007-02-17 00:23:32 1810432 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll<NCTAUD~2.DLL>
2007-02-17 00:23:32 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-02-17 00:23:30 344064 --a------ C:\WINDOWS\system32\Msvcr70.dll
2007-02-17 00:23:27 0 d-------- C:\WINDOWS\system32\RMBin
2007-02-17 00:23:26 0 d-------- C:\Archivos de programa\softwaredepo.com<SOFTWA~1.COM>
2007-02-17 00:23:25 0 d-------- C:\Archivos de programa\Setup
2007-02-16 22:00:50 0 d-------- C:\Archivos de programa\HijackThis<HIJACK~1>
2007-02-16 14

45 0 d-------- C:\Archivos de programa\Enigma Software Group<ENIGMA~1>
2007-02-16 07:30:33 0 d--h----- C:\WINDOWS\PIF
2007-02-15 22:22:12 0 d-------- C:\Archivos de programa\Lavasoft
2007-02-15 22:21:49 0 d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard<WISEIN~1>
2007-02-15 20:30:49 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-02-15 19:52:25 0 d-------- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared<ADOBES~1>
2007-02-15 19:42:30 94208 --a------ C:\WINDOWS\system32\sisltne.dll
2007-02-15 15:25:22 0 d-------- C:\Archivos de programa\MIKSOFT
2007-02-15 13:48:39 0 d-------- C:\Archivos de programa\MSN Messenger<MSNMES~1>
2007-02-14 21:50:03 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-02-14 21:40:58 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-14 21:39:44 0 d-------- C:\Archivos de programa\Mozilla Firefox<MOZILL~1>
2007-02-14 21:01:45 71552 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2007-02-14 21:01:18 210328 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-02-14 21:01:12 16256 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys
2007-02-14 21:01:12 23296 --a------ C:\WINDOWS\system32\drivers\smsflt.sys
2007-02-14 21:01:12 103936 --a------ C:\WINDOWS\system32\drivers\netfltdi.sys
2007-02-14 21:01:12 141312 --a-----t C:\WINDOWS\system32\drivers\netflt.sys
2007-02-14 21:01:12 185472 --a------ C:\WINDOWS\system32\drivers\idsflt.sys
2007-02-14 21:01:12 9216 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys
2007-02-14 21:01:12 36864 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys
2007-02-14 21:01:12 44544 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS
2007-02-14 21:00:51 24576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-02-14 21:00:51 446464 --a------ C:\WINDOWS\system32\HHActiveX.dll<HHACTI~1.DLL>
2007-02-14 21:00:35 139264 --a------ C:\WINDOWS\system32\TpUtil.dll
2007-02-14 21:00:35 16640 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2007-02-14 21:00:34 101888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL
2007-02-14 21:00:34 245760 --a-----t C:\WINDOWS\system32\PAVSHOOK.DLL
2007-02-14 21:00:34 57344 --a------ C:\WINDOWS\system32\pavipc.dll
2007-02-14 21:00:20 0 d-------- C:\WINDOWS\system32\PAV
2007-02-14 21:00:20 45056 --a------ C:\WINDOWS\system32\avldr.dll
2007-02-14 21:00:19 9488 --a------ C:\WINDOWS\system32\sporder.dll
2007-02-14 20:59:40 0 d-------- C:\Archivos de programa\Panda Software<PANDAS~1>
2007-02-14 20:58:56 26752 -ra------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2007-02-14 20:58:55 165120 -ra------ C:\WINDOWS\system32\drivers\PavProc.sys
2007-02-14 20:58:55 0 d-------- C:\Archivos de programa\Archivos comunes\Panda Software<PANDAS~1>
2007-02-14 17:10:40 0 d-------- C:\WINDOWS\system32\LogFiles
2007-02-12 22:44:53 12 --a------ C:\WINDOWS\bthservsdp.dat<BTHSER~1.DAT>
2007-02-12 21:20:01 38016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2007-02-12 21:15:15 100992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-02-12 21:15:05 59648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-02-12 21:15:04 8192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-02-12 21:15:04 28160 --a------ C:\WINDOWS\system32\irmon.dll
2007-02-12 21:15:04 153600 --a------ C:\WINDOWS\system32\irftp.exe
2007-02-12 21:15:04 17024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-02-12 21:14:51 18944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-02-12 21:14:51 274688 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-02-11 08:29:22 0 d-------- C:\WINDOWS\Sun
2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

-- Find3M Report ----------------------------------------------------------------

2007-02-22 21:00:23 434192 --a------ C:\WINDOWS\system32\perfh00A.dat
2007-02-22 21:00:23 65998 --a------ C:\WINDOWS\system32\perfc00A.dat
2007-02-22 10:33:48 0 d-------- C:\Documents and Settings\España\Datos de programa\GlobalSCAPE<GLOBAL~1>
2007-02-22 10:33:30 0 d--h----- C:\Archivos de programa\InstallShield Installation Information<INSTAL~1>
2007-02-22 08:00:06 0 d-------- C:\Documents and Settings\España\Datos de programa\AVG7
2007-02-21 15:52:56 0 d-------- C:\Documents and Settings\España\Datos de programa\Opera
2007-02-19 20:40:29 0 d-------- C:\Archivos de programa\QuickTime<QUICKT~1>
2007-02-19 14:57:41 0 d---s---- C:\Documents and Settings\España\Datos de programa\Microsoft<MICROS~1>
2007-02-19 14:45:27 0 d-------- C:\Documents and Settings\España\Datos de programa\Adobe
2007-02-18 22:49:35 0 d-------- C:\Documents and Settings\España\Datos de programa\PC Tools<PCTOOL~1>
2007-02-17 15:39:10 0 d-------- C:\Archivos de programa\Archivos comunes\System
2007-02-15 22:22:19 0 d-------- C:\Documents and Settings\España\Datos de programa\Lavasoft
2007-02-15 22:21:49 0 d-------- C:\Archivos de programa\Archivos comunes<ARCHIV~1>
2007-02-15 20:39:46 0 d-------- C:\Documents and Settings\España\Datos de programa\Macromedia<MACROM~1>
2007-02-15 20:33:49 0 d-------- C:\Archivos de programa\Archivos comunes\Macromedia<MACROM~1>
2007-02-15 20:31:55 0 d-------- C:\Archivos de programa\Macromedia<MACROM~1>
2007-02-15 19:58:20 0 d-------- C:\Archivos de programa\Archivos comunes\Adobe
2007-02-15 19:55:19 0 d-------- C:\Documents and Settings\España\Datos de programa\WinRAR
2007-02-15 13:48:57 0 d-------- C:\Archivos de programa\Archivos comunes\Microsoft Shared<MICROS~1>
2007-02-14 21:40:55 0 d-------- C:\Documents and Settings\España\Datos de programa\Mozilla
2007-02-14 20:57:48 0 d-------- C:\Archivos de programa\Archivos comunes\Symantec Shared<SYMANT~1>
2007-02-14 20:57:46 0 d-------- C:\Archivos de programa\Symantec
2007-02-14 17:48:50 0 d-------- C:\Documents and Settings\España\Datos de programa\Help
2007-02-12 22:31:39 0 d-------- C:\Documents and Settings\España\Datos de programa\Ulead Systems<ULEADS~1>
2007-02-11 08:29:22 0 d-------- C:\Documents and Settings\España\Datos de programa\Sun
2007-01-13 10:05:54 0 d-------- C:\Documents and Settings\España\Datos de programa\Skype
2007-01-12 22:32:10 0 d-------- C:\Documents and Settings\España\Datos de programa\Sonic
2007-01-12 22:31:59 0 d-------- C:\Documents and Settings\España\Datos de programa\Leadertech<LEADER~1>
2007-01-12 17:46:28 0 d-------- C:\Documents and Settings\España\Datos de programa\CyberLink<CYBERL~1>
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 -----n--- C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 22:49:47 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 19:17:15 334336 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-07 07:40:49 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 15:54:17 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 15:54:16 539136 --a------ C:\WINDOWS\system32\msftedit.dll

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SmpcSys"="C:\\APPS\\SMP\\SmpSys.exe"
"Spyware Doctor"="\"C:\\Archivos de programa\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SynTPLpr"="C:\\Archivos de programa\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Archivos de programa\\Synaptics\\SynTP\\SynTPEnh.exe"
"Acceso directo a la página de propiedades de High Definition Audio"="HDAShCut.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"SunJavaUpdateSched"="C:\\Archivos de programa\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"DetectorApp"="C:\\Archivos de programa\\Sonic\\DigitalMedia LE v7\\MyDVD LE\\DetectorApp.exe"
"ISUSPM Startup"="C:\\ARCHIV~1\\ARCHIV~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Archivos de programa\\Archivos comunes\\InstallShield\\UpdateService\\issch.exe\" -start"
"PCMService"="\"c:\\APPS\\Powercinema\\PCMService.exe\""
"EmailChecker"="C:\\APPS\\EmailChecker\\ech.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"QuickTime Task"="\"C:\\Archivos de programa\\QuickTime\\qttask.exe\" -atboottime"
"APVXDWIN"="\"C:\\Archivos de programa\\Panda Software\\Panda Internet Security 2007\\APVXDWIN.EXE\" /s"
"SCANINICIO"="\"C:\\Archivos de programa\\Panda Software\\Panda Internet Security 2007\\Inicio.exe\""
"AVG7_CC"="C:\\ARCHIV~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"sys98"="C:\\WINDOWS\\System32\\sys98.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Archivos de programa\\Spyware Doctor\\swdoctor.exe\" /Q"
"AVG7_Run"="C:\\ARCHIV~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Archivos de programa\\Spyware Doctor\\swdoctor.exe\" /Q"
"AVG7_Run"="C:\\ARCHIV~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

-- End of ComboScan: finished at 2007-02-22 at 22:33:08 -------------------------

thanks very much Iain!

**Glaswegian** · 02-22-2007, 02:16 PM

Hi again Tom

Please don’t run any more scans on your own – thanks.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your system is clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Show Hidden Files
Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Downloads
Please download Cleanup! or use this Alternate Link if the main link does not work and install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware.

Please download SmitfraudFix (by S!Ri)
to your Desktop. Do not use it yet!

Reboot
Reboot your system in Safe Mode.

Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Instead of Windows loading as normal, a menu should appear
Use the arrow key to highlight Safe Mode and press Enter.

HijackThis Entries
Open Hijack This and click on Scan. Check the following entries (if they still exist) (make sure you do not miss any)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sys98] C:\WINDOWS\System32\sys98.exe

Please remember to close all other windows, including browsers then click Fix checked.

File Deletions
Delete the following Files indicated in RED if they still exist.

C:\WINDOWS\system32\sys98.exe
C:\WINDOWS\system32\jooqovf.dll
C:\WINDOWS\system32\kujaihl.dll
C:\WINDOWS\system32\sisltne.dll

Run SmitfraudFix
Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Run CleanUp!
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!

Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!
Check the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click on the “Temporary Files” tab and uncheck the box for “Scan drives for file matching” if it’s checked.

Click OK, Press the CleanUp! button to start the program and DO NOT REBOOT when prompted.
Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these BEFORE running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.

Go to Control Panel click Display > Desktop > Customize Desktop > Web > Now, Uncheck Everything and delete if present:
• "Security Info"
• "Warning Message"
• "Security Desktop"
• "Warning Homepage"
• "Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

RunAVG Anti Spyware
Run AVG with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
When the scan is complete click Recommended Action and change it to Quarantine
Then click Apply all actions

Once finished, click the Save report button, then click Save Report As and save it to your desktop (make sure to remember where you saved that file, this is important).

NOTE: AVG scan may require an hour.

Reboot
Reboot your system in Normal Mode.

SmitfraudFix - Additional Items
Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
**Note** This will remove all entries in the "Trusted Zone" - if you want them back, you have to add them back to the Trusted Sites again.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

Logs required
rapport.txt
AVG Log
Comboscan Log (no attachment required)

Please also let me know how your system is performing now and if you have any specific problems. In order to provide you with the best possible help, please ensure that HijackThis logs are produced only while in Normal Mode.

Tom.A · 02-23-2007, 02:02 AM

Hello Iain.

I have a Spanish laptop, and I cant read Spanish, so I wasnt able to do this part:

Go to Control Panel click Display > Desktop > Customize Desktop > Web > Now, Uncheck Everything and delete
if present:
• "Security Info"
• "Warning Message"
• "Security Desktop"
• "Warning Homepage"
• "Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

But I did all the rest, with no problem.

Here is the reports (Ill post in each seperate reply)

Tom.A · 02-23-2007, 02:04 AM

Rapport.txt

SmitFraudFix v2.143

Scan done at 9:42:23,35, 23/02/2007
Run from C:\Documents and Settings\Espa¤a\Escritorio\SmitfraudFix
OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\.protected Deleted
C:\DOCUME~1\ESPAA~1\MENINI~1\PROGRA~1\Inicio\.protected Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Tom.A · 02-23-2007, 02:04 AM

AVG Scan

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:53:01 23/02/2007

+ Scan result:

:mozilla.101:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.190:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.245:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.149:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.150:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.52:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.53:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.54:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.111:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.229:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.230:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.126:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.66:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.258:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.104:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.105:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.110:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.112:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned.

::Report end

Tom.A · 02-23-2007, 02:05 AM

And the comboscan report

ComboScan v20070221.16 run by España on 2007-02-23 at 10:58:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as España.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:59:00, on 23/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Archivos de programa\Spyware Doctor\sdhelp.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\APPS\Powercinema\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\APPS\SMP\SmpSys.exe
C:\Archivos de programa\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\archivos de programa\panda software\panda internet security 2007\WebProxy.exe
C:\Documents and Settings\España\Escritorio\comboscan.exe
C:\Archivos de programa\HijackThis\España.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARCHIV~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acceso directo a la página de propiedades de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Archivos de programa\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: .protected
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Archivos de programa\Spyware Doctor\sdhelp.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

-- Files created between 2007-01-23 and 2007-02-23 ------------------------------

2007-02-23 09:42:12 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-22 23:49:11 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-22 10:33:30 0 d-------- C:\Archivos de programa\GlobalSCAPE<GLOBAL~1>
2007-02-21 23:59:02 221184 --a------ C:\WINDOWS\system32\sys98.exe
2007-02-20 23:30:26 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-02-20 23:30:24 0 d-------- C:\Archivos de programa\SpywareBlaster<SPYWAR~2>
2007-02-20 13:18:01 3686 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-20 13:17:22 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-20 13:17:22 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-20 13:17:22 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-20 13:17:22 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-20 13:17:22 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-19 15:09:13 0 dr-h----- C:\$VAULT$.AVG
2007-02-19 14:57:56 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-19 14:57:55 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-02-19 14:57:55 18432 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-19 14:57:55 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-19 14:57:55 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-19 14:57:52 839936 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-19 14:57:46 0 d-------- C:\Archivos de programa\Grisoft
2007-02-19 08:30:16 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-18 22:49:44 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-02-18 22:49:43 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-02-18 22:49:35 0 d-------- C:\Archivos de programa\Spyware Doctor<SPYWAR~1>
2007-02-18 22:41:41 0 d-------- C:\Archivos de programa\Security Task Manager<SECURI~1>
2007-02-18 10:35:35 0 d-------- C:\WINDOWS\WBEM
2007-02-18 10:35:34 0 d-------- C:\WINDOWS\system32\en-US
2007-02-18 10:34:12 0 d--h---c- C:\WINDOWS\ie7
2007-02-18 10:32:55 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-02-18 10:32:17 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-02-17 14:07:45 0 d-------- C:\WINDOWS\pss
2007-02-17 13:30:10 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-17 11:46:07 0 d-------- C:\3gptemp
2007-02-17 10:27:47 0 d-------- C:\Archivos de programa\MSXML 4.0<MSXML4~1.0>
2007-02-17 10:27:42 0 d-------- C:\39fce942ea876c14c654<39FCE9~1>
2007-02-17 00:23:55 309616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-02-17 00:23:54 420240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-02-17 00:23:34 196608 --a------ C:\WINDOWS\system32\NCTWMVFile.dll<NCTWMV~1.DLL>
2007-02-17 00:23:34 139264 --a------ C:\WINDOWS\system32\NCTVideoFile.dll<NC419E~1.DLL>
2007-02-17 00:23:33 589824 --a------ C:\WINDOWS\system32\NCTVideoView.dll<NCTVID~4.DLL>
2007-02-17 00:23:33 3031040 --a------ C:\WINDOWS\system32\NCTVideoTransform.dll<NCTVID~2.DLL>
2007-02-17 00:23:33 991232 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll<NCTVID~3.DLL>
2007-02-17 00:23:33 1245184 --a------ C:\WINDOWS\system32\NCTRMFile.dll<NCTRMF~1.DLL>
2007-02-17 00:23:33 679936 --a------ C:\WINDOWS\system32\NCTMPEGFile.dll<NCTMPE~1.DLL>
2007-02-17 00:23:33 626688 --a------ C:\WINDOWS\system32\NCTImageFile.dll<NCTIMA~1.DLL>
2007-02-17 00:23:33 294912 --a------ C:\WINDOWS\system32\NCTAVIFile.dll<NCTAVI~1.DLL>
2007-02-17 00:23:33 458752 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll<NCTAUD~3.DLL>
2007-02-17 00:23:32 2260992 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll<NCTVID~1.DLL>
2007-02-17 00:23:32 1986560 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll<NCTAUD~1.DLL>
2007-02-17 00:23:32 1810432 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll<NCTAUD~2.DLL>
2007-02-17 00:23:32 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-02-17 00:23:30 344064 --a------ C:\WINDOWS\system32\Msvcr70.dll
2007-02-17 00:23:27 0 d-------- C:\WINDOWS\system32\RMBin
2007-02-17 00:23:26 0 d-------- C:\Archivos de programa\softwaredepo.com<SOFTWA~1.COM>
2007-02-17 00:23:25 0 d-------- C:\Archivos de programa\Setup
2007-02-16 22:00:50 0 d-------- C:\Archivos de programa\HijackThis<HIJACK~1>
2007-02-16 14:06:45 0 d-------- C:\Archivos de programa\Enigma Software Group<ENIGMA~1>
2007-02-16 07:30:33 0 d--h----- C:\WINDOWS\PIF
2007-02-15 22:22:12 0 d-------- C:\Archivos de programa\Lavasoft
2007-02-15 22:21:49 0 d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard<WISEIN~1>
2007-02-15 20:30:49 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-02-15 19:52:25 0 d-------- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared<ADOBES~1>
2007-02-15 15:25:22 0 d-------- C:\Archivos de programa\MIKSOFT
2007-02-15 13:48:39 0 d-------- C:\Archivos de programa\MSN Messenger<MSNMES~1>
2007-02-14 21:50:03 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-02-14 21:40:58 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-14 21:39:44 0 d-------- C:\Archivos de programa\Mozilla Firefox<MOZILL~1>
2007-02-14 21:01:45 71552 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2007-02-14 21:01:18 212500 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-02-14 21:01:12 16256 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys
2007-02-14 21:01:12 23296 --a------ C:\WINDOWS\system32\drivers\smsflt.sys
2007-02-14 21:01:12 103936 --a------ C:\WINDOWS\system32\drivers\netfltdi.sys
2007-02-14 21:01:12 141312 --a-----t C:\WINDOWS\system32\drivers\netflt.sys
2007-02-14 21:01:12 185472 --a------ C:\WINDOWS\system32\drivers\idsflt.sys
2007-02-14 21:01:12 9216 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys
2007-02-14 21:01:12 36864 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys
2007-02-14 21:01:12 44544 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS
2007-02-14 21:00:51 24576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-02-14 21:00:51 446464 --a------ C:\WINDOWS\system32\HHActiveX.dll<HHACTI~1.DLL>
2007-02-14 21:00:35 139264 --a------ C:\WINDOWS\system32\TpUtil.dll
2007-02-14 21:00:35 16640 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2007-02-14 21:00:34 101888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL
2007-02-14 21:00:34 245760 --a-----t C:\WINDOWS\system32\PAVSHOOK.DLL
2007-02-14 21:00:34 57344 --a------ C:\WINDOWS\system32\pavipc.dll
2007-02-14 21:00:20 0 d-------- C:\WINDOWS\system32\PAV
2007-02-14 21:00:20 45056 --a------ C:\WINDOWS\system32\avldr.dll
2007-02-14 21:00:19 9488 --a------ C:\WINDOWS\system32\sporder.dll
2007-02-14 20:59:40 0 d-------- C:\Archivos de programa\Panda Software<PANDAS~1>
2007-02-14 20:58:56 26752 -ra------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2007-02-14 20:58:55 165120 -ra------ C:\WINDOWS\system32\drivers\PavProc.sys
2007-02-14 20:58:55 0 d-------- C:\Archivos de programa\Archivos comunes\Panda Software<PANDAS~1>
2007-02-14 17:10:40 0 d-------- C:\WINDOWS\system32\LogFiles
2007-02-12 22:44:53 1660 --a------ C:\WINDOWS\bthservsdp.dat<BTHSER~1.DAT>
2007-02-12 21:20:01 38016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2007-02-12 21:15:15 100992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-02-12 21:15:05 59648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-02-12 21:15:04 8192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-02-12 21:15:04 28160 --a------ C:\WINDOWS\system32\irmon.dll
2007-02-12 21:15:04 153600 --a------ C:\WINDOWS\system32\irftp.exe
2007-02-12 21:15:04 17024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-02-12 21:14:51 18944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-02-12 21:14:51 274688 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-02-11 08:29:22 0 d-------- C:\WINDOWS\Sun
2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

-- Find3M Report ----------------------------------------------------------------

2007-02-23 08:19:13 434192 --a------ C:\WINDOWS\system32\perfh00A.dat
2007-02-23 08:19:13 65998 --a------ C:\WINDOWS\system32\perfc00A.dat
2007-02-23 08:15:08 0 d-------- C:\Documents and Settings\España\Datos de programa\AVG7
2007-02-22 10:33:48 0 d-------- C:\Documents and Settings\España\Datos de programa\GlobalSCAPE<GLOBAL~1>
2007-02-22 10:33:30 0 d--h----- C:\Archivos de programa\InstallShield Installation Information<INSTAL~1>
2007-02-21 15:52:56 0 d-------- C:\Documents and Settings\España\Datos de programa\Opera
2007-02-19 20:40:29 0 d-------- C:\Archivos de programa\QuickTime<QUICKT~1>
2007-02-19 14:57:41 0 d---s---- C:\Documents and Settings\España\Datos de programa\Microsoft<MICROS~1>
2007-02-19 14:45:27 0 d-------- C:\Documents and Settings\España\Datos de programa\Adobe
2007-02-18 22:49:35 0 d-------- C:\Documents and Settings\España\Datos de programa\PC Tools<PCTOOL~1>
2007-02-17 15:39:10 0 d-------- C:\Archivos de programa\Archivos comunes\System
2007-02-15 22:22:19 0 d-------- C:\Documents and Settings\España\Datos de programa\Lavasoft
2007-02-15 22:21:49 0 d-------- C:\Archivos de programa\Archivos comunes<ARCHIV~1>
2007-02-15 20:39:46 0 d-------- C:\Documents and Settings\España\Datos de programa\Macromedia<MACROM~1>
2007-02-15 20:33:49 0 d-------- C:\Archivos de programa\Archivos comunes\Macromedia<MACROM~1>
2007-02-15 20:31:55 0 d-------- C:\Archivos de programa\Macromedia<MACROM~1>
2007-02-15 19:58:20 0 d-------- C:\Archivos de programa\Archivos comunes\Adobe
2007-02-15 19:55:19 0 d-------- C:\Documents and Settings\España\Datos de programa\WinRAR
2007-02-15 13:48:57 0 d-------- C:\Archivos de programa\Archivos comunes\Microsoft Shared<MICROS~1>
2007-02-14 21:40:55 0 d-------- C:\Documents and Settings\España\Datos de programa\Mozilla
2007-02-14 20:57:48 0 d-------- C:\Archivos de programa\Archivos comunes\Symantec Shared<SYMANT~1>
2007-02-14 20:57:46 0 d-------- C:\Archivos de programa\Symantec
2007-02-14 17:48:50 0 d-------- C:\Documents and Settings\España\Datos de programa\Help
2007-02-12 22:31:39 0 d-------- C:\Documents and Settings\España\Datos de programa\Ulead Systems<ULEADS~1>
2007-02-11 08:29:22 0 d-------- C:\Documents and Settings\España\Datos de programa\Sun
2007-01-13 10:05:54 0 d-------- C:\Documents and Settings\España\Datos de programa\Skype
2007-01-12 22:32:10 0 d-------- C:\Documents and Settings\España\Datos de programa\Sonic
2007-01-12 22:31:59 0 d-------- C:\Documents and Settings\España\Datos de programa\Leadertech<LEADER~1>
2007-01-12 17:46:28 0 d-------- C:\Documents and Settings\España\Datos de programa\CyberLink<CYBERL~1>
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 -----n--- C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 22:49:47 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 19:17:15 334336 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-07 07:40:49 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 15:54:17 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 15:54:16 539136 --a------ C:\WINDOWS\system32\msftedit.dll

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SmpcSys"="C:\\APPS\\SMP\\SmpSys.exe"
"Spyware Doctor"="\"C:\\Archivos de programa\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SynTPLpr"="C:\\Archivos de programa\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Archivos de programa\\Synaptics\\SynTP\\SynTPEnh.exe"
"Acceso directo a la página de propiedades de High Definition Audio"="HDAShCut.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"SunJavaUpdateSched"="C:\\Archivos de programa\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"DetectorApp"="C:\\Archivos de programa\\Sonic\\DigitalMedia LE v7\\MyDVD LE\\DetectorApp.exe"
"ISUSPM Startup"="C:\\ARCHIV~1\\ARCHIV~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Archivos de programa\\Archivos comunes\\InstallShield\\UpdateService\\issch.exe\" -start"
"PCMService"="\"c:\\APPS\\Powercinema\\PCMService.exe\""
"EmailChecker"="C:\\APPS\\EmailChecker\\ech.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"QuickTime Task"="\"C:\\Archivos de programa\\QuickTime\\qttask.exe\" -atboottime"
"APVXDWIN"="\"C:\\Archivos de programa\\Panda Software\\Panda Internet Security 2007\\APVXDWIN.EXE\" /s"
"SCANINICIO"="\"C:\\Archivos de programa\\Panda Software\\Panda Internet Security 2007\\Inicio.exe\""
"AVG7_CC"="C:\\ARCHIV~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Archivos de programa\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

-- End of ComboScan: finished at 2007-02-23 at 10:59:30 -------------------------

**Glaswegian** · 02-23-2007, 01:30 PM

Hi again Tom

Looking good – how is your system now?

Online Scan
Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky WebScanner

Next Click on Kaspersky Online Scanner

A Welcome screen will appear - click 'Accept' at the bottom. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan: Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.
Copy and paste that information in your next post.

Take note of the name(s) and location(s) of any file(s) it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

Please post back with the Kaspersky Log and a fresh HijackThis Log. Please also let me know how your system is performing now and if you have any specific problems. In order to provide you with the best possible help, please ensure that HijackThis logs are produced only while in Normal Mode.

Tom.A · 02-23-2007, 02:28 PM

Hey Iain thanks for the reply. Computer seems to be better, when I scan with my avs, nothing comes up, seems clean. I greatly thank you so much!

Kaspersky:

Friday, February 23, 2007 11:26:02 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/02/2007
Kaspersky Anti-Virus database records: 272972
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 63533
Number of viruses found 5
Number of infected objects 21 / 0
Number of suspicious objects 0
Duration of the scan process 00:40:54

Infected Object Name Virus Name Last Action
C:\APPS\Powercinema\Kernel\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\MshConf\scoffset.bin.incr Object is locked skipped
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PSK_NAMES2_3 Object is locked skipped
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PSK_NAMES_3 Object is locked skipped
C:\Archivos de programa\Total Video Converter\Converted\B89teg8DHJ4 (3).3gp Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\España\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\España\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\España\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\España\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\España\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\España\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\España\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\España\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\España\Configuración local\Datos de programa\sisltne.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\Documents and Settings\España\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\España\Configuración local\Historial\History.IE5\MSHist012007022320070224\index.dat Object is locked skipped
C:\Documents and Settings\España\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cert8.db Object is locked skipped
C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\history.dat Object is locked skipped
C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\key3.db Object is locked skipped
C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\parent.lock Object is locked skipped
C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\search.sqlite Object is locked skipped
C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\España\Escritorio\Antivirus & Spyware programs\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\España\Escritorio\Antivirus & Spyware programs\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\España\Escritorio\Antivirus & Spyware programs\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\España\Escritorio\Antivirus & Spyware programs\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\España\Escritorio\Toms Folder\Techtuts\tt\mail\inbox/[From "Margret Kessler" ][Date Fri, 10 Mar 2006 19:33: 8 +0180]/text/[From "suspension@paypal.com" ][Date Fri, 10 Mar 2006 22:47:15 -0500]/html Infected: Trojan-Spy.HTML.Paylap.dh skipped
C:\Documents and Settings\España\Escritorio\Toms Folder\Techtuts\tt\mail\inbox/[From "Margret Kessler" ][Date Fri, 10 Mar 2006 19:33: 8 +0180]/text Infected: Trojan-Spy.HTML.Paylap.dh skipped
C:\Documents and Settings\España\Escritorio\Toms Folder\Techtuts\tt\mail\inbox/[From "Hershel Elliott" ][Date Thu, 20 Apr 2006 8:29:46 -0120]/text/[From "Alfonso Paulson" ][Date Mon, 24 Apr 2006 9:38:51 -0060]/text/[From "Felipe Young" ][Date Fri, 28 Apr 2006 5:25: 3 +0480]/text/[From "Goldie Costello" ][Date Two, 2 May 2006 4:11:13 -0540]/text/[From "Lolita Ali" ][Date Two, 2 May 2006 13:25:51 -0180]/html Infected: Trojan-Spy.HTML.Paylap.ef skipped
C:\Documents and Settings\España\Escritorio\Toms Folder\Techtuts\tt\mail\inbox/[From "Hershel Elliott" ][Date Thu, 20 Apr 2006 8:29:46 -0120]/text/[From "Alfonso Paulson" ][Date Mon, 24 Apr 2006 9:38:51 -0060]/text/[From "Felipe Young" ][Date Fri, 28 Apr 2006 5:25: 3 +0480]/text/[From "Goldie Costello" ][Date Two, 2 May 2006 4:11:13 -0540]/text Infected: Trojan-Spy.HTML.Paylap.ef skipped
C:\Documents and Settings\España\Escritorio\Toms Folder\Techtuts\tt\mail\inbox/[From "Hershel Elliott" ][Date Thu, 20 Apr 2006 8:29:46 -0120]/text/[From "Alfonso Paulson" ][Date Mon, 24 Apr 2006 9:38:51 -0060]/text/[From "Felipe Young" ][Date Fri, 28 Apr 2006 5:25: 3 +0480]/text Infected: Trojan-Spy.HTML.Paylap.ef skipped
C:\Documents and Settings\España\Escritorio\Toms Folder\Techtuts\tt\mail\inbox/[From "Hershel Elliott" ][Date Thu, 20 Apr 2006 8:29:46 -0120]/text/[From "Alfonso Paulson" ][Date Mon, 24 Apr 2006 9:38:51 -0060]/text Infected: Trojan-Spy.HTML.Paylap.ef skipped
C:\Documents and Settings\España\Escritorio\Toms Folder\Techtuts\tt\mail\inbox/[From "Hershel Elliott" ][Date Thu, 20 Apr 2006 8:29:46 -0120]/text Infected: Trojan-Spy.HTML.Paylap.ef skipped
C:\Documents and Settings\España\Escritorio\Toms Folder\Techtuts\tt\mail\inbox Mail Berkeley mbox: infected - 7 skipped
C:\Documents and Settings\España\Escritorio\Toms Folder\Techtuts\tt\public_html\uploads\sig.jpg Infected: DoS.Perl.Msnp.a skipped
C:\Documents and Settings\España\Escritorio\Toms Folder\Techtuts\tt\www\uploads\sig.jpg Infected: DoS.Perl.Msnp.a skipped
C:\Documents and Settings\España\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\España\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-2022181999-378387230-1650549597-1006\Dc9\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP14\A0008409.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP14\A0008409.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP14\A0008409.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP15\A0008447.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP15\A0008448.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP18\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\security\Database\secedit.sdb Object is locked skipped
C:\WINDOWS\security\edb.log Object is locked skipped
C:\WINDOWS\security\edbtmp.log Object is locked skipped
C:\WINDOWS\security\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt Object is locked skipped
C:\WINDOWS\Temp\sqlite_go5BAg1yhj1M5fl Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 23:27:45, on 23/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\APPS\Powercinema\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\APPS\SMP\SmpSys.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\HijackThis\hijackthis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acceso directo a la página de propiedades de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: .protected
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

one of the files you told me to delete is still there, I did delete it BUT that one is in a different place. I await your instructions

thank you

**Glaswegian** · 02-23-2007, 03:15 PM

Hi Tom

Sorry – I missed one entry.

Reboot
Reboot your system in Safe Mode.

Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Instead of Windows loading as normal, a menu should appear
Use the arrow key to highlight Safe Mode and press Enter.

File Deletions
Delete the following File indicated in RED if it still exists.

C:\Documents and Settings\Espa¤a\Configuraci¢n local\Datos de programa\sisltne.dll

Please run Smitfraudfix again, just as you did before.

If you can understand any of the Spanish, please try and follow this part of the instructions:

Go to Control Panel click Display > Desktop > Customize Desktop > Web > Now, Uncheck Everything and delete if present:
• "Security Info"
• "Warning Message"
• "Security Desktop"
• "Warning Homepage"
• "Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

Reboot
Reboot your system in Normal Mode.

Choose any one of the following online scanners and post back with any log it produces as well as a fresh HijackThis Log.

http://housecall.trendmicro.com/ <- - you can use Firefox for this scanner
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.bitdefender.com/scan8/ie.html
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym

Tom.A · 02-24-2007, 12:39 AM

Okay Iain, I manage to read the Spanish, took awhile but got there. Then I looked and everything you wanted me to do was already done heh.

I deleted that thing now, I logged on to my computer, and avg popped up saying trojan in system32, i healed it.

Bit Scanner:

BitDefender Online Scanner - Real Time Virus Report

Generated at: Sat, Feb 24, 2007 - 09:38:06

Scan Info

Scanned Files

226779

Infected Files

6

Virus Detected

Trojan.Obfus.Gen

4

Trojan.Busky.2.Gen

2

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 9:39:06, on 24/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\APPS\Powercinema\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\archivos de programa\panda software\panda internet security 2007\WebProxy.exe
C:\ARCHIV~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acceso directo a la página de propiedades de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: .protected
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

Im going to run all my avs and see if they pick up anything else...

Tom.

**Glaswegian** · 02-24-2007, 09:40 AM

Hi Tom

Is there more to the BitDefender report?

I’ll bet AVG is preventing the removal of that one entry.

Disable AVG Anti Spyware's Guard
Please disable AVG Anti Spyware's Guard.

Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
Exit AVG

Also completely shutdown Panda Suite.

Reboot
Reboot your system in Safe Mode.

Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Instead of Windows loading as normal, a menu should appear
Use the arrow key to highlight Safe Mode and press Enter.

Run SmitfraudFix
Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Reboot
Reboot your system in Normal Mode.

Post back with c:\rapport.txt and a fresh HijackThis Log.

Tom.A · 02-24-2007, 11:25 AM

Hey mate.

No more to the bitdefender - it wasnt very good detail.

ok, rapport:

SmitFraudFix v2.144

Scan done at 20:15:38,29, 24/02/2007
Run from
C:\Documents and Settings\Espa¤a\Escritorio\Antivirus & Spyware programs\SmitfraudFix
OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 20:25:41, on 24/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\APPS\Powercinema\PCMService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\APPS\SMP\SmpSys.exe
C:\Archivos de programa\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\archivos de programa\panda software\panda internet security 2007\WebProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acceso directo a la página de propiedades de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: .protected
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

thanks mate, im thankful you help.

**Glaswegian** · 02-25-2007, 09:54 AM

Hi Tom

Run a scan with HijackThis and fix this entry

O4 - Global Startup: .protected

Then post back with a fresh HijackThis log. That entry should be fixed OK as we’ve taken out the file, but I’d just like to check. Other than that things look good.

Tom.A · 02-25-2007, 11:04 AM

I cant get rid of it, hijackthis says its being used, I closed everything else and it still says it.

Unable to delete the file:
04 - Global Startup: .protected

The file may be in use. Use taskmanager to shutdown the program and run hijackthis again to delete the file.

**Glaswegian** · 02-25-2007, 12:15 PM

Tom

I see you have Spybot - can you make sure Tea Timer is disabled?

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

Now try to fix that entry using HJT - let me know if that works.

Tom.A · 02-25-2007, 12:21 PM

Hi mate,

it was already unticked.

still wont work,

Tom.

**Glaswegian** · 02-25-2007, 12:23 PM

Try fixing it in Safe Mode and see if that works.

02-22-2007, 12:41 PM	#3 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 23,944 OS: Win XP Pro SP3 / Win 7 RC My System Blog Entries: 10	Hi Tom Apologies for any delay in replying to you. Before I can actually provide any help, I need you to run comboscan again and post a new log - the one you posted was incomplete. I can't really do much without all the relevant details - I don't want to completely ruin your system. You don't need to repost the Supplementary file - it's just the main comboscan log I need. And just post it all directly into the thread - you don't need to use quote tags or anything like that. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner

02-22-2007, 01:34 PM	#4 (permalink)
Tom.A Registered User Join Date: Feb 2007 Posts: 39 OS: XP	No worries mate. It had a problem or something: http://img340.imageshack.us/img340/5325/problem1pf7.png and this: http://img90.imageshack.us/img90/7099/problem2we8.png But, heres the log. ComboScan v20070221.16 run by España on 2007-02-22 at 22:31:24 Computer is in Normal Mode. -------------------------------------------------------------------------------- Successfully created restore point. Performed disk cleanup. -- HijackThis (run as España.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 22:31:54, on 22/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe C:\APPS\Powercinema\PCMService.exe C:\WINDOWS\system32\rundll32.exe C:\Archivos de programa\QuickTime\qttask.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\System32\sys98.exe C:\WINDOWS\system32\ctfmon.exe C:\APPS\SMP\SmpSys.exe C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe C:\Archivos de programa\Spyware Doctor\swdoctor.exe C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\svchost.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe C:\Archivos de programa\Spyware Doctor\sdhelp.exe C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wdfmgr.exe C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE C:\WINDOWS\System32\alg.exe c:\archivos de programa\panda software\panda internet security 2007\WebProxy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\mspaint.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\España\Escritorio\comboscan.exe C:\Archivos de programa\HijackThis\España.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bi...e=6&key=SEARCH R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.es/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARCHIV~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Acceso directo a la página de propiedades de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [DetectorApp] C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\Inicio.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sys98] C:\WINDOWS\System32\sys98.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Archivos de programa\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: .protected O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: .protected O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Archivos de programa\Spyware Doctor\sdhelp.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- HijackThis Fixed Entries (C:\Archivos de programa\HijackThis\backups\) ------- backup-20070217-212413-716 O4 - HKLM\..\Run: [Ultimate Defender] "C:\Archivos de programa\Ultimate Defender\App.exe" hide backup-20070217-212923-344 O2 - BHO: (no name) - {67405DD1-7E1D-E433-B7AB-05FCA4B077E3} - C:\WINDOWS\system32\qqxkcid.dll backup-20070217-232345-210 O16 - DPF: {4B0999FD-6937-11D5-8FEC-00606779369C} (NetConf) - -- File Associations ------------------------------------------------------------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - C:\ARCHIV~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - C:\ARCHIV~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 0R agpCPQ (Filtro de bus Compaq AGP) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS 0R alim1541 (Filtro de bus ALI AGP) - C:\WINDOWS\system32\drivers\ALIM1541.SYS 0R amdagp (Controlador de filtro de bus AMD AGP) - C:\WINDOWS\system32\drivers\AMDAGP.SYS 1R AmdK8 (Controlador de procesador AMD) - C:\WINDOWS\system32\drivers\AmdK8.sys 1R APPFLT (App Filter Plugin) - C:\WINDOWS\system32\drivers\APPFLT.SYS 3R AvFlt (Antivirus Filter Driver) - C:\WINDOWS\system32\drivers\av5flt.sys (not found) 1R Avg7Core (AVG7 Kernel) - C:\WINDOWS\system32\drivers\avg7core.sys 1R Avg7RsW (AVG7 Wrap Driver) - C:\WINDOWS\system32\drivers\avg7rsw.sys 1R Avg7RsXP (AVG7 Resident Driver XP) - C:\WINDOWS\system32\drivers\avg7rsxp.sys 1R AvgClean (AVG7 Clean Driver) - C:\WINDOWS\system32\drivers\avgclean.sys 2R AvgTdi (AVG Network Redirector) - C:\WINDOWS\system32\drivers\avgtdi.sys 3R BthEnum (Controlador de bloques de peticiones Bluetooth) - C:\WINDOWS\system32\drivers\BthEnum.sys 3R BTHMODEM (Controlador de comunicaciones por módem Bluetooth) - C:\WINDOWS\system32\drivers\bthmodem.sys 3R BthPan (Bluetooth Device (Personal Area Network)) - C:\WINDOWS\system32\drivers\bthpan.sys 3S BTHPORT (Controlador de puertos Bluetooth) - C:\WINDOWS\system32\drivers\bthport.sys 3R BTHUSB (Controlador USB de ondas de radio Bluetooth) - C:\WINDOWS\system32\drivers\BTHUSB.SYS 0R cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys 3R ComFiltr (Panda Anti-Dialer) - C:\WINDOWS\system32\DRIVERS\COMFiltr.sys (not found) 2R cpoint (Panda CPoint Driver) - C:\WINDOWS\system32\drivers\cpoint.sys 0R dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys 1R DSAFLT (DSA Filter Plugin) - C:\WINDOWS\system32\drivers\dsaflt.sys 1R FNETMON (NetMon Filter Plugin) - C:\WINDOWS\system32\drivers\fnetmon.sys 3S HdAudAddService (Controlador de funciones de Microsoft UAA para el servicio High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudio.sys 3R HDAudBus (Controlador de bus de Microsoft UAA para High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys 3S HidUsb (Controlador de clases HID de Microsoft) - C:\WINDOWS\system32\drivers\hidusb.sys 1R IDSFLT (Ids Filter Plugin) - C:\WINDOWS\system32\drivers\idsflt.sys 1R ikhfile (File Security Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhfile.sys 1R ikhlayer (Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhlayer.sys 3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.Sys 1S kbdhid (Controlador HID de teclado) - C:\WINDOWS\system32\drivers\kbdhid.sys 3S mouhid (Controlador HID de mouse) - C:\WINDOWS\system32\drivers\mouhid.sys 0R netflt (Panda Net Driver [NDIS Layer]) - C:\WINDOWS\system32\drivers\netflt.sys 1R NETFLTDI (Panda Net Driver [TDI Layer]) - C:\WINDOWS\system32\drivers\netfltdi.sys 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 3R NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENETFD.sys 3R nvnetbus (NVIDIA Network Bus Enumerator) - C:\WINDOWS\system32\drivers\nvnetbus.sys 3R nvsmu - C:\WINDOWS\system32\drivers\nvsmu.sys 2R PAVDRV - C:\WINDOWS\system32\drivers\pavdrv51.sys 2R PavProc (Panda Process Protection Driver) - C:\WINDOWS\system32\drivers\PavProc.sys 3S PavSRK.sys - C:\WINDOWS\system32\PavSRK.sys (not found) 3R PavTPK.sys - C:\WINDOWS\system32\PavTPK.sys (not found) 0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys 3R RFCOMM (Dispositivo Bluetooth (TDI protocolo RFCOMM)) - C:\WINDOWS\system32\drivers\rfcomm.sys 3R RT73 (RT73 USB Wireless LAN Card Driver) - C:\WINDOWS\system32\drivers\rt73.sys 1R ShldDrv (Panda File Shield Driver) - C:\WINDOWS\system32\drivers\ShldDrv.sys 0R sisagp (Filtro de bus SIS AGP) - C:\WINDOWS\system32\drivers\SISAGP.SYS 1R SMSFLT (SMS Filter Plugin) - C:\WINDOWS\system32\drivers\smsflt.sys 3S SYMIDSCO - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SymcData\idsdefs\20070124.003\symidsco.sys (not found) 3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys 3S usbccgp (Controlador primario genérico USB de Microsoft) - C:\WINDOWS\system32\drivers\usbccgp.sys 3R usbehci (Controlador minipuerto de la controladora mejorada USB 2.0 de Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys 3R usbohci (Controlador minipuerto de la controladora de host abierto USB de Microsoft) - C:\WINDOWS\system32\drivers\usbohci.sys 3S USBSTOR (Dispositivo de almacenamiento masivo de datos USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS 3R USB_RNDIS (Thomson ST Remote NDIS Device Driver) - C:\WINDOWS\system32\drivers\usb8023.sys 0R viaagp (Filtro de bus VIA AGP) - C:\WINDOWS\system32\drivers\VIAAGP.SYS 1R WNMFLT (Wifi Monitor Filter Plugin) - C:\WINDOWS\system32\drivers\wnmflt.sys 1R WS2IFSL (Entorno de compatibilidad con proveedores de servicios no IFS de Windows Socket 2.0) - C:\WINDOWS\system32\drivers\ws2ifsl.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3S Adobe LM Service - "C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe" 4S Alerter (Servicio de alerta) - C:\WINDOWS\system32\svchost.exe -k LocalService 3R ALG (Servicio de puerta de enlace de capa de aplicación) - C:\WINDOWS\System32\alg.exe 3S AppMgmt (Administración de aplicaciones) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3S aspnet_state (Servicio de estado de ASP.NET) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 2R AudioSrv (Audio de Windows) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R Avg7Alrt (AVG7 Alert Manager Server) - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe 2R Avg7UpdSvc (AVG7 Update Service) - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe 2R AVGEMS (AVG E-mail Scanner) - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe 3S BITS (Servicio de transferencia inteligente en segundo plano) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R Browser (Examinador de equipos) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R BthServ (Bluetooth Support Service) - C:\WINDOWS\system32\svchost.exe -k bthsvcs 3S CiSvc (Servicio de Index Server) - C:\WINDOWS\system32\cisvc.exe 2R CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe" 4S ClipSrv (Portafolios) - C:\WINDOWS\system32\clipsrv.exe 3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 2R CLSched (CyberLink Task Scheduler (CTS)) - "c:\APPS\Powercinema\Kernel\TV\CLSched.exe" 3S COMSysApp (Aplicación del sistema COM+) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} 2R CryptSvc (Servicios de cifrado) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R CyberLink Media Library Service - "c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe" 2R DcomLaunch (Iniciador de procesos de servidor DCOM) - C:\WINDOWS\system32\svchost -k DcomLaunch 2R Dhcp (Cliente DHCP) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3S dmadmin (Servicio del administrador de discos lógicos) - C:\WINDOWS\System32\dmadmin.exe /com 3S dmserver (Administrador de discos lógicos) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R Dnscache (Cliente DNS) - C:\WINDOWS\system32\svchost.exe -k NetworkService 2R ERSvc (Servicio de informe de errores) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R Eventlog (Registro de sucesos) - C:\WINDOWS\system32\services.exe 3R EventSystem (Sistema de sucesos COM+) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3R FastUserSwitchingCompatibility (Compatibilidad de cambio rápido de usuario) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R helpsvc (Ayuda y soporte técnico) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R HidServ (HID Input Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter 3S ImapiService (Servicio COM de grabación de CD de IMAPI) - C:\WINDOWS\system32\imapi.exe 2R lanmanserver (Servidor) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R lanmanworkstation (Estación de trabajo) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R LmHosts (Ayuda de NetBIOS sobre TCP/IP) - C:\WINDOWS\system32\svchost.exe -k LocalService 4S Messenger (Mensajero) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3S mnmsrvc (Escritorio remoto compartido de NetMeeting) - C:\WINDOWS\system32\mnmsrvc.exe 3S MSDTC (Coordinador de transacciones distribuidas de Microsoft) - C:\WINDOWS\system32\msdtc.exe 3S MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V 4S NetDDE (DDE de red) - C:\WINDOWS\system32\netdde.exe 4S NetDDEdsdm (DSDM de DDE de red) - C:\WINDOWS\system32\netdde.exe 3S Netlogon (Inicio de sesión en red) - C:\WINDOWS\system32\lsass.exe 3R Netman (Conexiones de red) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R Nla (NLA (Network Location Awareness)) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3S NtLmSsp (Proveedor de compatibilidad con seguridad LM de Windows NT) - C:\WINDOWS\system32\lsass.exe 3S NtmsSvc (Medios de almacenamiento extraíbles) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe 2R PAVFNSVR (Panda Function Service) - "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe" 2R PavPrSrv (Panda Process Protection Service) - "C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe" 2R PAVSRV (Panda anti-virus service) - "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe" 2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe 2R pmshellsrv (Panda Antispam Engine) - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe 2R PNMSRV (Panda Network Manager) - "c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE" 2R PolicyAgent (Servicios IPSEC) - C:\WINDOWS\system32\lsass.exe 2R ProtectedStorage (Almacenamiento protegido) - C:\WINDOWS\system32\lsass.exe 2R PSIMSVC (Panda IManager Service) - "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe" 3S RasAuto (Administrador de conexión automática de acceso remoto) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3R RasMan (Administrador de conexión de acceso remoto) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3S RDSessMgr (Administrador de sesión de Ayuda de escritorio remoto) - C:\WINDOWS\system32\sessmgr.exe 4S RemoteAccess (Enrutamiento y acceso remoto) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3S RpcLocator (Localizador de llamadas a procedimiento remoto (RPC)) - C:\WINDOWS\system32\locator.exe 2R RpcSs (Llamada a procedimiento remoto (RPC)) - C:\WINDOWS\system32\svchost -k rpcss 3S RSVP (QoS RSVP) - C:\WINDOWS\system32\rsvp.exe 2R SamSs (Administrador de cuentas de seguridad) - C:\WINDOWS\system32\lsass.exe 3S SCardSvr (Tarjeta inteligente) - C:\WINDOWS\System32\SCardSvr.exe 2R Schedule (Programador de tareas) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R SDhelper (PC Tools Spyware Doctor) - C:\Archivos de programa\Spyware Doctor\sdhelp.exe 2R seclogon (Inicio de sesión secundario) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R SENS (Notificación de sucesos del sistema) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R SharedAccess (Firewall de Windows/Conexión compartida a Internet (ICS)) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R ShellHWDetection (Detección de hardware shell) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R Spooler (Cola de impresión) - C:\WINDOWS\system32\spoolsv.exe 2R srservice (Servicio de restauración de sistema) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3R SSDPSRV (Servicio de descubrimientos SSDP) - C:\WINDOWS\system32\svchost.exe -k LocalService 3R stisvc (Adquisición de imágenes de Windows (WIA)) - C:\WINDOWS\system32\svchost.exe -k imgsvc 3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\system32\dllhost.exe /Processid:{5CE84022-CB01-46B0-85C5-2F45D382A0B5} 3S SysmonLog (Registros y alertas de rendimiento) - C:\WINDOWS\system32\smlogsvc.exe 3R TapiSrv (Telefonía) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R TermService (Servicios de Terminal Server) - C:\WINDOWS\System32\svchost -k DComLaunch 2R Themes (Temas) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R TPSrv (Panda TPSrv) - "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe" 2R TrkWks (Cliente de seguimiento de vinculos distribuidos) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R UleadBurningHelper (Ulead Burning Helper) - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe 2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe 3S upnphost (Host de dispositivo Plug and Play universal) - C:\WINDOWS\system32\svchost.exe -k LocalService 3S UPS (Sistema de alimentación ininterrumpida) - C:\WINDOWS\System32\ups.exe 2R USBDeviceService - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe 3R usnsvc (Messenger Sharing USN Journal Reader service) - C:\WINDOWS\system32\svchost.exe -k usnsvc 3S VSS (Instantáneas de volumen) - C:\WINDOWS\System32\vssvc.exe 2R W32Time (Horario de Windows) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R WebClient (Cliente Web) - C:\WINDOWS\system32\svchost.exe -k LocalService 2R winmgmt (Instrumental de administración de Windows) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3S WmdmPmSN (Servicio del número de serie de medio portátil) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S WmiApSrv (Adaptador de rendimiento de WMI) - C:\WINDOWS\system32\wbem\wmiapsrv.exe 2R wscsvc (Centro de seguridad) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R wuauserv (Actualizaciones automáticas) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R WZCSVC (Configuración inalámbrica rápida) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S xmlprov (Servicio de aprovisionamiento de red) - C:\WINDOWS\System32\svchost.exe -k netsvcs -- Files created between 2007-01-22 and 2007-02-22 ------------------------------ 2007-02-22 10:33:30 0 d-------- C:\Archivos de programa\GlobalSCAPE<GLOBAL~1> 2007-02-21 23:59:02 221184 --a------ C:\WINDOWS\system32\sys98.exe 2007-02-20 23:30:26 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-02-20 23:30:24 0 d-------- C:\Archivos de programa\SpywareBlaster<SPYWAR~2> 2007-02-20 13:18:01 3678 --a------ C:\WINDOWS\system32\tmp.reg 2007-02-20 13:17:22 79360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-02-20 13:17:22 40960 --a------ C:\WINDOWS\system32\swsc.exe 2007-02-20 13:17:22 135168 --a------ C:\WINDOWS\system32\swreg.exe 2007-02-20 13:17:22 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-02-20 13:17:22 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-02-19 15:09:13 0 dr-h----- C:\$VAULT$.AVG 2007-02-19 14:57:56 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys 2007-02-19 14:57:55 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2007-02-19 14:57:55 18432 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys 2007-02-19 14:57:55 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2007-02-19 14:57:55 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2007-02-19 14:57:52 839936 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2007-02-19 14:57:46 0 d-------- C:\Archivos de programa\Grisoft 2007-02-19 08:30:16 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1> 2007-02-19 08:24:00 94208 --a------ C:\WINDOWS\system32\jooqovf.dll 2007-02-18 22:49:44 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-02-18 22:49:43 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-02-18 22:49:35 0 d-------- C:\Archivos de programa\Spyware Doctor<SPYWAR~1> 2007-02-18 22:41:41 0 d-------- C:\Archivos de programa\Security Task Manager<SECURI~1> 2007-02-18 10:35:35 0 d-------- C:\WINDOWS\WBEM 2007-02-18 10:35:34 0 d-------- C:\WINDOWS\system32\en-US 2007-02-18 10:34:12 0 d--h---c- C:\WINDOWS\ie7 2007-02-18 10:32:55 121856 -----n--- C:\WINDOWS\system32\xmllite.dll 2007-02-18 10:32:17 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1> 2007-02-18 09:57:15 94208 --a------ C:\WINDOWS\system32\kujaihl.dll 2007-02-17 14:07:45 0 d-------- C:\WINDOWS\pss 2007-02-17 13:30:10 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1> 2007-02-17 11:46:07 0 d-------- C:\3gptemp 2007-02-17 10:27:47 0 d-------- C:\Archivos de programa\MSXML 4.0<MSXML4~1.0> 2007-02-17 10:27:42 0 d-------- C:\39fce942ea876c14c654<39FCE9~1> 2007-02-17 00:23:55 309616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2007-02-17 00:23:54 420240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2007-02-17 00:23:34 196608 --a------ C:\WINDOWS\system32\NCTWMVFile.dll<NCTWMV~1.DLL> 2007-02-17 00:23:34 139264 --a------ C:\WINDOWS\system32\NCTVideoFile.dll<NC419E~1.DLL> 2007-02-17 00:23:33 589824 --a------ C:\WINDOWS\system32\NCTVideoView.dll<NCTVID~4.DLL> 2007-02-17 00:23:33 3031040 --a------ C:\WINDOWS\system32\NCTVideoTransform.dll<NCTVID~2.DLL> 2007-02-17 00:23:33 991232 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll<NCTVID~3.DLL> 2007-02-17 00:23:33 1245184 --a------ C:\WINDOWS\system32\NCTRMFile.dll<NCTRMF~1.DLL> 2007-02-17 00:23:33 679936 --a------ C:\WINDOWS\system32\NCTMPEGFile.dll<NCTMPE~1.DLL> 2007-02-17 00:23:33 626688 --a------ C:\WINDOWS\system32\NCTImageFile.dll<NCTIMA~1.DLL> 2007-02-17 00:23:33 294912 --a------ C:\WINDOWS\system32\NCTAVIFile.dll<NCTAVI~1.DLL> 2007-02-17 00:23:33 458752 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll<NCTAUD~3.DLL> 2007-02-17 00:23:32 2260992 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll<NCTVID~1.DLL> 2007-02-17 00:23:32 1986560 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll<NCTAUD~1.DLL> 2007-02-17 00:23:32 1810432 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll<NCTAUD~2.DLL> 2007-02-17 00:23:32 237568 --a------ C:\WINDOWS\system32\lame_enc.dll 2007-02-17 00:23:30 344064 --a------ C:\WINDOWS\system32\Msvcr70.dll 2007-02-17 00:23:27 0 d-------- C:\WINDOWS\system32\RMBin 2007-02-17 00:23:26 0 d-------- C:\Archivos de programa\softwaredepo.com<SOFTWA~1.COM> 2007-02-17 00:23:25 0 d-------- C:\Archivos de programa\Setup 2007-02-16 22:00:50 0 d-------- C:\Archivos de programa\HijackThis<HIJACK~1> 2007-02-16 1445 0 d-------- C:\Archivos de programa\Enigma Software Group<ENIGMA~1> 2007-02-16 07:30:33 0 d--h----- C:\WINDOWS\PIF 2007-02-15 22:22:12 0 d-------- C:\Archivos de programa\Lavasoft 2007-02-15 22:21:49 0 d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard<WISEIN~1> 2007-02-15 20:30:49 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2> 2007-02-15 19:52:25 0 d-------- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared<ADOBES~1> 2007-02-15 19:42:30 94208 --a------ C:\WINDOWS\system32\sisltne.dll 2007-02-15 15:25:22 0 d-------- C:\Archivos de programa\MIKSOFT 2007-02-15 13:48:39 0 d-------- C:\Archivos de programa\MSN Messenger<MSNMES~1> 2007-02-14 21:50:03 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1> 2007-02-14 21:40:58 0 --a------ C:\WINDOWS\nsreg.dat 2007-02-14 21:39:44 0 d-------- C:\Archivos de programa\Mozilla Firefox<MOZILL~1> 2007-02-14 21:01:45 71552 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys 2007-02-14 21:01:18 210328 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT 2007-02-14 21:01:12 16256 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys 2007-02-14 21:01:12 23296 --a------ C:\WINDOWS\system32\drivers\smsflt.sys 2007-02-14 21:01:12 103936 --a------ C:\WINDOWS\system32\drivers\netfltdi.sys 2007-02-14 21:01:12 141312 --a-----t C:\WINDOWS\system32\drivers\netflt.sys 2007-02-14 21:01:12 185472 --a------ C:\WINDOWS\system32\drivers\idsflt.sys 2007-02-14 21:01:12 9216 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys 2007-02-14 21:01:12 36864 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys 2007-02-14 21:01:12 44544 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS 2007-02-14 21:00:51 24576 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-02-14 21:00:51 446464 --a------ C:\WINDOWS\system32\HHActiveX.dll<HHACTI~1.DLL> 2007-02-14 21:00:35 139264 --a------ C:\WINDOWS\system32\TpUtil.dll 2007-02-14 21:00:35 16640 --a------ C:\WINDOWS\system32\drivers\cpoint.sys 2007-02-14 21:00:34 101888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL 2007-02-14 21:00:34 245760 --a-----t C:\WINDOWS\system32\PAVSHOOK.DLL 2007-02-14 21:00:34 57344 --a------ C:\WINDOWS\system32\pavipc.dll 2007-02-14 21:00:20 0 d-------- C:\WINDOWS\system32\PAV 2007-02-14 21:00:20 45056 --a------ C:\WINDOWS\system32\avldr.dll 2007-02-14 21:00:19 9488 --a------ C:\WINDOWS\system32\sporder.dll 2007-02-14 20:59:40 0 d-------- C:\Archivos de programa\Panda Software<PANDAS~1> 2007-02-14 20:58:56 26752 -ra------ C:\WINDOWS\system32\drivers\ShldDrv.sys 2007-02-14 20:58:55 165120 -ra------ C:\WINDOWS\system32\drivers\PavProc.sys 2007-02-14 20:58:55 0 d-------- C:\Archivos de programa\Archivos comunes\Panda Software<PANDAS~1> 2007-02-14 17:10:40 0 d-------- C:\WINDOWS\system32\LogFiles 2007-02-12 22:44:53 12 --a------ C:\WINDOWS\bthservsdp.dat<BTHSER~1.DAT> 2007-02-12 21:20:01 38016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2007-02-12 21:15:15 100992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys 2007-02-12 21:15:05 59648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys 2007-02-12 21:15:04 8192 --a------ C:\WINDOWS\system32\wshirda.dll 2007-02-12 21:15:04 28160 --a------ C:\WINDOWS\system32\irmon.dll 2007-02-12 21:15:04 153600 --a------ C:\WINDOWS\system32\irftp.exe 2007-02-12 21:15:04 17024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys 2007-02-12 21:14:51 18944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS 2007-02-12 21:14:51 274688 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2007-02-11 08:29:22 0 d-------- C:\WINDOWS\Sun 2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe -- Find3M Report ---------------------------------------------------------------- 2007-02-22 21:00:23 434192 --a------ C:\WINDOWS\system32\perfh00A.dat 2007-02-22 21:00:23 65998 --a------ C:\WINDOWS\system32\perfc00A.dat 2007-02-22 10:33:48 0 d-------- C:\Documents and Settings\España\Datos de programa\GlobalSCAPE<GLOBAL~1> 2007-02-22 10:33:30 0 d--h----- C:\Archivos de programa\InstallShield Installation Information<INSTAL~1> 2007-02-22 08:00:06 0 d-------- C:\Documents and Settings\España\Datos de programa\AVG7 2007-02-21 15:52:56 0 d-------- C:\Documents and Settings\España\Datos de programa\Opera 2007-02-19 20:40:29 0 d-------- C:\Archivos de programa\QuickTime<QUICKT~1> 2007-02-19 14:57:41 0 d---s---- C:\Documents and Settings\España\Datos de programa\Microsoft<MICROS~1> 2007-02-19 14:45:27 0 d-------- C:\Documents and Settings\España\Datos de programa\Adobe 2007-02-18 22:49:35 0 d-------- C:\Documents and Settings\España\Datos de programa\PC Tools<PCTOOL~1> 2007-02-17 15:39:10 0 d-------- C:\Archivos de programa\Archivos comunes\System 2007-02-15 22:22:19 0 d-------- C:\Documents and Settings\España\Datos de programa\Lavasoft 2007-02-15 22:21:49 0 d-------- C:\Archivos de programa\Archivos comunes<ARCHIV~1> 2007-02-15 20:39:46 0 d-------- C:\Documents and Settings\España\Datos de programa\Macromedia<MACROM~1> 2007-02-15 20:33:49 0 d-------- C:\Archivos de programa\Archivos comunes\Macromedia<MACROM~1> 2007-02-15 20:31:55 0 d-------- C:\Archivos de programa\Macromedia<MACROM~1> 2007-02-15 19:58:20 0 d-------- C:\Archivos de programa\Archivos comunes\Adobe 2007-02-15 19:55:19 0 d-------- C:\Documents and Settings\España\Datos de programa\WinRAR 2007-02-15 13:48:57 0 d-------- C:\Archivos de programa\Archivos comunes\Microsoft Shared<MICROS~1> 2007-02-14 21:40:55 0 d-------- C:\Documents and Settings\España\Datos de programa\Mozilla 2007-02-14 20:57:48 0 d-------- C:\Archivos de programa\Archivos comunes\Symantec Shared<SYMANT~1> 2007-02-14 20:57:46 0 d-------- C:\Archivos de programa\Symantec 2007-02-14 17:48:50 0 d-------- C:\Documents and Settings\España\Datos de programa\Help 2007-02-12 22:31:39 0 d-------- C:\Documents and Settings\España\Datos de programa\Ulead Systems<ULEADS~1> 2007-02-11 08:29:22 0 d-------- C:\Documents and Settings\España\Datos de programa\Sun 2007-01-13 10:05:54 0 d-------- C:\Documents and Settings\España\Datos de programa\Skype 2007-01-12 22:32:10 0 d-------- C:\Documents and Settings\España\Datos de programa\Sonic 2007-01-12 22:31:59 0 d-------- C:\Documents and Settings\España\Datos de programa\Leadertech<LEADER~1> 2007-01-12 17:46:28 0 d-------- C:\Documents and Settings\España\Datos de programa\CyberLink<CYBERL~1> 2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll 2007-01-12 09:27:42 6054400 -----n--- C:\WINDOWS\system32\ieframe.dll 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-12-19 22:49:47 134656 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 19:17:15 334336 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-12-07 07:40:49 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-11-27 15:54:17 433152 --a------ C:\WINDOWS\system32\riched20.dll 2006-11-27 15:54:16 539136 --a------ C:\WINDOWS\system32\msftedit.dll -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "SmpcSys"="C:\\APPS\\SMP\\SmpSys.exe" "Spyware Doctor"="\"C:\\Archivos de programa\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "SynTPLpr"="C:\\Archivos de programa\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Archivos de programa\\Synaptics\\SynTP\\SynTPEnh.exe" "Acceso directo a la página de propiedades de High Definition Audio"="HDAShCut.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /installquiet" "RTHDCPL"="RTHDCPL.EXE" "SkyTel"="SkyTel.EXE" "Alcmtr"="ALCMTR.EXE" "SunJavaUpdateSched"="C:\\Archivos de programa\\Java\\jre1.5.0_04\\bin\\jusched.exe" "DetectorApp"="C:\\Archivos de programa\\Sonic\\DigitalMedia LE v7\\MyDVD LE\\DetectorApp.exe" "ISUSPM Startup"="C:\\ARCHIV~1\\ARCHIV~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "ISUSScheduler"="\"C:\\Archivos de programa\\Archivos comunes\\InstallShield\\UpdateService\\issch.exe\" -start" "PCMService"="\"c:\\APPS\\Powercinema\\PCMService.exe\"" "EmailChecker"="C:\\APPS\\EmailChecker\\ech.exe" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "QuickTime Task"="\"C:\\Archivos de programa\\QuickTime\\qttask.exe\" -atboottime" "APVXDWIN"="\"C:\\Archivos de programa\\Panda Software\\Panda Internet Security 2007\\APVXDWIN.EXE\" /s" "SCANINICIO"="\"C:\\Archivos de programa\\Panda Software\\Panda Internet Security 2007\\Inicio.exe\"" "AVG7_CC"="C:\\ARCHIV~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "sys98"="C:\\WINDOWS\\System32\\sys98.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "Spyware Doctor"="\"C:\\Archivos de programa\\Spyware Doctor\\swdoctor.exe\" /Q" "AVG7_Run"="C:\\ARCHIV~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "Spyware Doctor"="\"C:\\Archivos de programa\\Spyware Doctor\\swdoctor.exe\" /Q" "AVG7_Run"="C:\\ARCHIV~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 bthsvcs REG_MULTI_SZ BthServ\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 -- End of ComboScan: finished at 2007-02-22 at 22:33:08 ------------------------- thanks very much Iain!

02-22-2007, 02:16 PM	#5 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 23,944 OS: Win XP Pro SP3 / Win 7 RC My System Blog Entries: 10	Hi again Tom Please don’t run any more scans on your own – thanks. You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply. Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below. Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your system is clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please ensure that you follow the instructions in the order I have them listed. Show Hidden Files Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option. Downloads Please download Cleanup! or use this Alternate Link if the main link does not work and install it. You will use this later. NOTE Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW! Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" Install AVG Anti Spyware Double-click the icon on Desktop to launch AVG On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti Spyware. Please download SmitfraudFix (by S!Ri) to your Desktop. Do not use it yet! Reboot Reboot your system in Safe Mode. Restart the computer. The computer begins processing a set of instructions known as BIOS. After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key) Instead of Windows loading as normal, a menu should appear Use the arrow key to highlight Safe Mode and press Enter. HijackThis Entries Open Hijack This and click on Scan. Check the following entries (if they still exist) (make sure you do not miss any) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sys98] C:\WINDOWS\System32\sys98.exe Please remember to close all other windows, including browsers then click Fix checked. File Deletions Delete the following Files indicated in RED if they still exist. C:\WINDOWS\system32\sys98.exe C:\WINDOWS\system32\jooqovf.dll C:\WINDOWS\system32\kujaihl.dll C:\WINDOWS\system32\sisltne.dll Run SmitfraudFix Double-click on SmitfraudFix.exe to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Run CleanUp! NOTE Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW! Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows: Click Options Move the slider button down to Custom CleanUp! Check the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click on the “Temporary Files” tab and uncheck the box for “Scan drives for file matching” if it’s checked. Click OK, Press the CleanUp! button to start the program and DO NOT REBOOT when prompted. Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these BEFORE running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility. Go to Control Panel click Display > Desktop > Customize Desktop > Web > Now, Uncheck Everything and delete if present: • "Security Info" • "Warning Message" • "Security Desktop" • "Warning Homepage" • "Desktop Uninstall" Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin. RunAVG Anti Spyware Run AVG with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. When the scan is complete click Recommended Action and change it to Quarantine Then click Apply all actions Once finished, click the Save report button, then click Save Report As and save it to your desktop (make sure to remember where you saved that file, this is important). NOTE: AVG scan may require an hour. Reboot Reboot your system in Normal Mode. SmitfraudFix - Additional Items Double-click on SmitfraudFix.exe to start the tool. Select option #3 - Delete Trusted zone by typing 3 and press Enter Note This will remove all entries in the "Trusted Zone" - if you want them back, you have to add them back to the Trusted Sites again. Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection. Logs required rapport.txt AVG Log Comboscan Log (no attachment required) Please also let me know how your system is performing now and if you have any specific problems. In order to provide you with the best possible help, please ensure that HijackThis logs are produced only while in Normal Mode. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner

02-23-2007, 02:05 AM	#9 (permalink)
Tom.A Registered User Join Date: Feb 2007 Posts: 39 OS: XP	And the comboscan report ComboScan v20070221.16 run by España on 2007-02-23 at 10:58:44 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as España.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:59:00, on 23/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\svchost.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe C:\Archivos de programa\Spyware Doctor\sdhelp.exe C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wdfmgr.exe C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\RTHDCPL.EXE C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\apvxdwin.exe C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe C:\APPS\Powercinema\PCMService.exe C:\WINDOWS\system32\rundll32.exe C:\Archivos de programa\QuickTime\qttask.exe C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ctfmon.exe C:\APPS\SMP\SmpSys.exe C:\Archivos de programa\Spyware Doctor\swdoctor.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE c:\archivos de programa\panda software\panda internet security 2007\WebProxy.exe C:\Documents and Settings\España\Escritorio\comboscan.exe C:\Archivos de programa\HijackThis\España.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARCHIV~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Acceso directo a la página de propiedades de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [DetectorApp] C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\Inicio.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Archivos de programa\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: .protected O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Archivos de programa\Spyware Doctor\sdhelp.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- Files created between 2007-01-23 and 2007-02-23 ------------------------------ 2007-02-23 09:42:12 53248 --a------ C:\WINDOWS\system32\Process.exe 2007-02-22 23:49:11 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-02-22 10:33:30 0 d-------- C:\Archivos de programa\GlobalSCAPE<GLOBAL~1> 2007-02-21 23:59:02 221184 --a------ C:\WINDOWS\system32\sys98.exe 2007-02-20 23:30:26 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-02-20 23:30:24 0 d-------- C:\Archivos de programa\SpywareBlaster<SPYWAR~2> 2007-02-20 13:18:01 3686 --a------ C:\WINDOWS\system32\tmp.reg 2007-02-20 13:17:22 79360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-02-20 13:17:22 40960 --a------ C:\WINDOWS\system32\swsc.exe 2007-02-20 13:17:22 135168 --a------ C:\WINDOWS\system32\swreg.exe 2007-02-20 13:17:22 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-02-20 13:17:22 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-02-19 15:09:13 0 dr-h----- C:\$VAULT$.AVG 2007-02-19 14:57:56 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys 2007-02-19 14:57:55 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2007-02-19 14:57:55 18432 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys 2007-02-19 14:57:55 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2007-02-19 14:57:55 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2007-02-19 14:57:52 839936 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2007-02-19 14:57:46 0 d-------- C:\Archivos de programa\Grisoft 2007-02-19 08:30:16 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1> 2007-02-18 22:49:44 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-02-18 22:49:43 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-02-18 22:49:35 0 d-------- C:\Archivos de programa\Spyware Doctor<SPYWAR~1> 2007-02-18 22:41:41 0 d-------- C:\Archivos de programa\Security Task Manager<SECURI~1> 2007-02-18 10:35:35 0 d-------- C:\WINDOWS\WBEM 2007-02-18 10:35:34 0 d-------- C:\WINDOWS\system32\en-US 2007-02-18 10:34:12 0 d--h---c- C:\WINDOWS\ie7 2007-02-18 10:32:55 121856 -----n--- C:\WINDOWS\system32\xmllite.dll 2007-02-18 10:32:17 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1> 2007-02-17 14:07:45 0 d-------- C:\WINDOWS\pss 2007-02-17 13:30:10 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1> 2007-02-17 11:46:07 0 d-------- C:\3gptemp 2007-02-17 10:27:47 0 d-------- C:\Archivos de programa\MSXML 4.0<MSXML4~1.0> 2007-02-17 10:27:42 0 d-------- C:\39fce942ea876c14c654<39FCE9~1> 2007-02-17 00:23:55 309616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2007-02-17 00:23:54 420240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2007-02-17 00:23:34 196608 --a------ C:\WINDOWS\system32\NCTWMVFile.dll<NCTWMV~1.DLL> 2007-02-17 00:23:34 139264 --a------ C:\WINDOWS\system32\NCTVideoFile.dll<NC419E~1.DLL> 2007-02-17 00:23:33 589824 --a------ C:\WINDOWS\system32\NCTVideoView.dll<NCTVID~4.DLL> 2007-02-17 00:23:33 3031040 --a------ C:\WINDOWS\system32\NCTVideoTransform.dll<NCTVID~2.DLL> 2007-02-17 00:23:33 991232 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll<NCTVID~3.DLL> 2007-02-17 00:23:33 1245184 --a------ C:\WINDOWS\system32\NCTRMFile.dll<NCTRMF~1.DLL> 2007-02-17 00:23:33 679936 --a------ C:\WINDOWS\system32\NCTMPEGFile.dll<NCTMPE~1.DLL> 2007-02-17 00:23:33 626688 --a------ C:\WINDOWS\system32\NCTImageFile.dll<NCTIMA~1.DLL> 2007-02-17 00:23:33 294912 --a------ C:\WINDOWS\system32\NCTAVIFile.dll<NCTAVI~1.DLL> 2007-02-17 00:23:33 458752 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll<NCTAUD~3.DLL> 2007-02-17 00:23:32 2260992 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll<NCTVID~1.DLL> 2007-02-17 00:23:32 1986560 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll<NCTAUD~1.DLL> 2007-02-17 00:23:32 1810432 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll<NCTAUD~2.DLL> 2007-02-17 00:23:32 237568 --a------ C:\WINDOWS\system32\lame_enc.dll 2007-02-17 00:23:30 344064 --a------ C:\WINDOWS\system32\Msvcr70.dll 2007-02-17 00:23:27 0 d-------- C:\WINDOWS\system32\RMBin 2007-02-17 00:23:26 0 d-------- C:\Archivos de programa\softwaredepo.com<SOFTWA~1.COM> 2007-02-17 00:23:25 0 d-------- C:\Archivos de programa\Setup 2007-02-16 22:00:50 0 d-------- C:\Archivos de programa\HijackThis<HIJACK~1> 2007-02-16 14:06:45 0 d-------- C:\Archivos de programa\Enigma Software Group<ENIGMA~1> 2007-02-16 07:30:33 0 d--h----- C:\WINDOWS\PIF 2007-02-15 22:22:12 0 d-------- C:\Archivos de programa\Lavasoft 2007-02-15 22:21:49 0 d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard<WISEIN~1> 2007-02-15 20:30:49 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2> 2007-02-15 19:52:25 0 d-------- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared<ADOBES~1> 2007-02-15 15:25:22 0 d-------- C:\Archivos de programa\MIKSOFT 2007-02-15 13:48:39 0 d-------- C:\Archivos de programa\MSN Messenger<MSNMES~1> 2007-02-14 21:50:03 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1> 2007-02-14 21:40:58 0 --a------ C:\WINDOWS\nsreg.dat 2007-02-14 21:39:44 0 d-------- C:\Archivos de programa\Mozilla Firefox<MOZILL~1> 2007-02-14 21:01:45 71552 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys 2007-02-14 21:01:18 212500 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT 2007-02-14 21:01:12 16256 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys 2007-02-14 21:01:12 23296 --a------ C:\WINDOWS\system32\drivers\smsflt.sys 2007-02-14 21:01:12 103936 --a------ C:\WINDOWS\system32\drivers\netfltdi.sys 2007-02-14 21:01:12 141312 --a-----t C:\WINDOWS\system32\drivers\netflt.sys 2007-02-14 21:01:12 185472 --a------ C:\WINDOWS\system32\drivers\idsflt.sys 2007-02-14 21:01:12 9216 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys 2007-02-14 21:01:12 36864 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys 2007-02-14 21:01:12 44544 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS 2007-02-14 21:00:51 24576 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-02-14 21:00:51 446464 --a------ C:\WINDOWS\system32\HHActiveX.dll<HHACTI~1.DLL> 2007-02-14 21:00:35 139264 --a------ C:\WINDOWS\system32\TpUtil.dll 2007-02-14 21:00:35 16640 --a------ C:\WINDOWS\system32\drivers\cpoint.sys 2007-02-14 21:00:34 101888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL 2007-02-14 21:00:34 245760 --a-----t C:\WINDOWS\system32\PAVSHOOK.DLL 2007-02-14 21:00:34 57344 --a------ C:\WINDOWS\system32\pavipc.dll 2007-02-14 21:00:20 0 d-------- C:\WINDOWS\system32\PAV 2007-02-14 21:00:20 45056 --a------ C:\WINDOWS\system32\avldr.dll 2007-02-14 21:00:19 9488 --a------ C:\WINDOWS\system32\sporder.dll 2007-02-14 20:59:40 0 d-------- C:\Archivos de programa\Panda Software<PANDAS~1> 2007-02-14 20:58:56 26752 -ra------ C:\WINDOWS\system32\drivers\ShldDrv.sys 2007-02-14 20:58:55 165120 -ra------ C:\WINDOWS\system32\drivers\PavProc.sys 2007-02-14 20:58:55 0 d-------- C:\Archivos de programa\Archivos comunes\Panda Software<PANDAS~1> 2007-02-14 17:10:40 0 d-------- C:\WINDOWS\system32\LogFiles 2007-02-12 22:44:53 1660 --a------ C:\WINDOWS\bthservsdp.dat<BTHSER~1.DAT> 2007-02-12 21:20:01 38016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2007-02-12 21:15:15 100992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys 2007-02-12 21:15:05 59648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys 2007-02-12 21:15:04 8192 --a------ C:\WINDOWS\system32\wshirda.dll 2007-02-12 21:15:04 28160 --a------ C:\WINDOWS\system32\irmon.dll 2007-02-12 21:15:04 153600 --a------ C:\WINDOWS\system32\irftp.exe 2007-02-12 21:15:04 17024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys 2007-02-12 21:14:51 18944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS 2007-02-12 21:14:51 274688 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2007-02-11 08:29:22 0 d-------- C:\WINDOWS\Sun 2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe -- Find3M Report ---------------------------------------------------------------- 2007-02-23 08:19:13 434192 --a------ C:\WINDOWS\system32\perfh00A.dat 2007-02-23 08:19:13 65998 --a------ C:\WINDOWS\system32\perfc00A.dat 2007-02-23 08:15:08 0 d-------- C:\Documents and Settings\España\Datos de programa\AVG7 2007-02-22 10:33:48 0 d-------- C:\Documents and Settings\España\Datos de programa\GlobalSCAPE<GLOBAL~1> 2007-02-22 10:33:30 0 d--h----- C:\Archivos de programa\InstallShield Installation Information<INSTAL~1> 2007-02-21 15:52:56 0 d-------- C:\Documents and Settings\España\Datos de programa\Opera 2007-02-19 20:40:29 0 d-------- C:\Archivos de programa\QuickTime<QUICKT~1> 2007-02-19 14:57:41 0 d---s---- C:\Documents and Settings\España\Datos de programa\Microsoft<MICROS~1> 2007-02-19 14:45:27 0 d-------- C:\Documents and Settings\España\Datos de programa\Adobe 2007-02-18 22:49:35 0 d-------- C:\Documents and Settings\España\Datos de programa\PC Tools<PCTOOL~1> 2007-02-17 15:39:10 0 d-------- C:\Archivos de programa\Archivos comunes\System 2007-02-15 22:22:19 0 d-------- C:\Documents and Settings\España\Datos de programa\Lavasoft 2007-02-15 22:21:49 0 d-------- C:\Archivos de programa\Archivos comunes<ARCHIV~1> 2007-02-15 20:39:46 0 d-------- C:\Documents and Settings\España\Datos de programa\Macromedia<MACROM~1> 2007-02-15 20:33:49 0 d-------- C:\Archivos de programa\Archivos comunes\Macromedia<MACROM~1> 2007-02-15 20:31:55 0 d-------- C:\Archivos de programa\Macromedia<MACROM~1> 2007-02-15 19:58:20 0 d-------- C:\Archivos de programa\Archivos comunes\Adobe 2007-02-15 19:55:19 0 d-------- C:\Documents and Settings\España\Datos de programa\WinRAR 2007-02-15 13:48:57 0 d-------- C:\Archivos de programa\Archivos comunes\Microsoft Shared<MICROS~1> 2007-02-14 21:40:55 0 d-------- C:\Documents and Settings\España\Datos de programa\Mozilla 2007-02-14 20:57:48 0 d-------- C:\Archivos de programa\Archivos comunes\Symantec Shared<SYMANT~1> 2007-02-14 20:57:46 0 d-------- C:\Archivos de programa\Symantec 2007-02-14 17:48:50 0 d-------- C:\Documents and Settings\España\Datos de programa\Help 2007-02-12 22:31:39 0 d-------- C:\Documents and Settings\España\Datos de programa\Ulead Systems<ULEADS~1> 2007-02-11 08:29:22 0 d-------- C:\Documents and Settings\España\Datos de programa\Sun 2007-01-13 10:05:54 0 d-------- C:\Documents and Settings\España\Datos de programa\Skype 2007-01-12 22:32:10 0 d-------- C:\Documents and Settings\España\Datos de programa\Sonic 2007-01-12 22:31:59 0 d-------- C:\Documents and Settings\España\Datos de programa\Leadertech<LEADER~1> 2007-01-12 17:46:28 0 d-------- C:\Documents and Settings\España\Datos de programa\CyberLink<CYBERL~1> 2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll 2007-01-12 09:27:42 6054400 -----n--- C:\WINDOWS\system32\ieframe.dll 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-12-19 22:49:47 134656 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 19:17:15 334336 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-12-07 07:40:49 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-11-27 15:54:17 433152 --a------ C:\WINDOWS\system32\riched20.dll 2006-11-27 15:54:16 539136 --a------ C:\WINDOWS\system32\msftedit.dll -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "SmpcSys"="C:\\APPS\\SMP\\SmpSys.exe" "Spyware Doctor"="\"C:\\Archivos de programa\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "SynTPLpr"="C:\\Archivos de programa\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Archivos de programa\\Synaptics\\SynTP\\SynTPEnh.exe" "Acceso directo a la página de propiedades de High Definition Audio"="HDAShCut.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /installquiet" "RTHDCPL"="RTHDCPL.EXE" "SkyTel"="SkyTel.EXE" "SunJavaUpdateSched"="C:\\Archivos de programa\\Java\\jre1.5.0_04\\bin\\jusched.exe" "DetectorApp"="C:\\Archivos de programa\\Sonic\\DigitalMedia LE v7\\MyDVD LE\\DetectorApp.exe" "ISUSPM Startup"="C:\\ARCHIV~1\\ARCHIV~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "ISUSScheduler"="\"C:\\Archivos de programa\\Archivos comunes\\InstallShield\\UpdateService\\issch.exe\" -start" "PCMService"="\"c:\\APPS\\Powercinema\\PCMService.exe\"" "EmailChecker"="C:\\APPS\\EmailChecker\\ech.exe" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "QuickTime Task"="\"C:\\Archivos de programa\\QuickTime\\qttask.exe\" -atboottime" "APVXDWIN"="\"C:\\Archivos de programa\\Panda Software\\Panda Internet Security 2007\\APVXDWIN.EXE\" /s" "SCANINICIO"="\"C:\\Archivos de programa\\Panda Software\\Panda Internet Security 2007\\Inicio.exe\"" "AVG7_CC"="C:\\ARCHIV~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "!AVG Anti-Spyware"="\"C:\\Archivos de programa\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" -- End of ComboScan: finished at 2007-02-23 at 10:59:30 ------------------------- Last edited by Tom.A; 02-23-2007 at 02:06 AM.

02-23-2007, 01:30 PM	#10 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 23,944 OS: Win XP Pro SP3 / Win 7 RC My System Blog Entries: 10	Hi again Tom Looking good – how is your system now? Online Scan Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky WebScanner Next Click on Kaspersky Online Scanner A Welcome screen will appear - click 'Accept' at the bottom. You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Take note of the name(s) and location(s) of any file(s) it detects but fails to clean. * Turn off the real time scanner of any existing antivirus program while performing the online scan Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%. Please post back with the Kaspersky Log and a fresh HijackThis Log. Please also let me know how your system is performing now and if you have any specific problems. In order to provide you with the best possible help, please ensure that HijackThis logs are produced only while in Normal Mode. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner

02-22-2007, 01:24 AM	#2 (permalink)
Tom.A Registered User Join Date: Feb 2007 Posts: 39 OS: XP	I was told to bump, please could somebody reply...?

02-23-2007, 02:02 AM	#6 (permalink)
Tom.A Registered User Join Date: Feb 2007 Posts: 39 OS: XP	Hello Iain. I have a Spanish laptop, and I cant read Spanish, so I wasnt able to do this part: Go to Control Panel click Display > Desktop > Customize Desktop > Web > Now, Uncheck Everything and delete if present: • "Security Info" • "Warning Message" • "Security Desktop" • "Warning Homepage" • "Desktop Uninstall" Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK. But I did all the rest, with no problem. Here is the reports (Ill post in each seperate reply)

02-23-2007, 02:04 AM	#7 (permalink)
Tom.A Registered User Join Date: Feb 2007 Posts: 39 OS: XP	Rapport.txt SmitFraudFix v2.143 Scan done at 9:42:23,35, 23/02/2007 Run from C:\Documents and Settings\Espa¤a\Escritorio\SmitfraudFix OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\.protected Deleted C:\DOCUME~1\ESPAA~1\MENINI~1\PROGRA~1\Inicio\.protected Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End

02-23-2007, 02:04 AM	#8 (permalink)
Tom.A Registered User Join Date: Feb 2007 Posts: 39 OS: XP	AVG Scan --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 10:53:01 23/02/2007 + Scan result: :mozilla.101:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.190:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.245:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.149:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.150:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.52:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.53:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.54:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.111:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.229:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.230:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.126:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.66:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.258:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Masterstats : Cleaned. :mozilla.104:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.105:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.110:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.112:C:\Documents and Settings\España\Datos de programa\Mozilla\Firefox\Profiles\3og6duqb.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned. ::Report end

02-23-2007, 03:15 PM	#12 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 23,944 OS: Win XP Pro SP3 / Win 7 RC My System Blog Entries: 10	Hi Tom Sorry – I missed one entry. Reboot Reboot your system in Safe Mode. Restart the computer. The computer begins processing a set of instructions known as BIOS. After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key) Instead of Windows loading as normal, a menu should appear Use the arrow key to highlight Safe Mode and press Enter. File Deletions Delete the following File indicated in RED if it still exists. C:\Documents and Settings\Espa¤a\Configuraci¢n local\Datos de programa\sisltne.dll Please run Smitfraudfix again, just as you did before. If you can understand any of the Spanish, please try and follow this part of the instructions: Go to Control Panel click Display > Desktop > Customize Desktop > Web > Now, Uncheck Everything and delete if present: • "Security Info" • "Warning Message" • "Security Desktop" • "Warning Homepage" • "Desktop Uninstall" Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin. Reboot Reboot your system in Normal Mode. Choose any one of the following online scanners and post back with any log it produces as well as a fresh HijackThis Log. http://housecall.trendmicro.com/ <- - you can use Firefox for this scanner http://www3.ca.com/virusinfo/virusscan.aspx http://www.bitdefender.com/scan8/ie.html http://us.mcafee.com/root/mfs/default.asp http://security.symantec.com/sscv6/d...d=ie&venid=sym __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner

02-24-2007, 12:39 AM	#13 (permalink)
Tom.A Registered User Join Date: Feb 2007 Posts: 39 OS: XP	Okay Iain, I manage to read the Spanish, took awhile but got there. Then I looked and everything you wanted me to do was already done heh. I deleted that thing now, I logged on to my computer, and avg popped up saying trojan in system32, i healed it. Bit Scanner: BitDefender Online Scanner - Real Time Virus Report Generated at: Sat, Feb 24, 2007 - 09:38:06 Scan Info Scanned Files 226779 Infected Files 6 Virus Detected Trojan.Obfus.Gen 4 Trojan.Busky.2.Gen 2 This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world. Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 9:39:06, on 24/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\apvxdwin.exe C:\WINDOWS\RTHDCPL.EXE C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe C:\APPS\Powercinema\PCMService.exe C:\WINDOWS\system32\rundll32.exe C:\Archivos de programa\QuickTime\qttask.exe C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\APPS\SMP\SmpSys.exe C:\WINDOWS\System32\svchost.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE c:\archivos de programa\panda software\panda internet security 2007\WebProxy.exe C:\ARCHIV~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe C:\Archivos de programa\HijackThis\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Acceso directo a la página de propiedades de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [DetectorApp] C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\Inicio.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: .protected O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe Im going to run all my avs and see if they pick up anything else... Tom.

02-24-2007, 09:40 AM	#14 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 23,944 OS: Win XP Pro SP3 / Win 7 RC My System Blog Entries: 10	Hi Tom Is there more to the BitDefender report? I’ll bet AVG is preventing the removal of that one entry. Disable AVG Anti Spyware's Guard Please disable AVG Anti Spyware's Guard. Double-click the icon on Desktop to launch AVG On the top of the main screen click Shield Click the word active to change it to inactive Exit AVG Also completely shutdown Panda Suite. Reboot Reboot your system in Safe Mode. Restart the computer. The computer begins processing a set of instructions known as BIOS. After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key) Instead of Windows loading as normal, a menu should appear Use the arrow key to highlight Safe Mode and press Enter. Run SmitfraudFix Double-click on SmitfraudFix.exe to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Reboot Reboot your system in Normal Mode. Post back with c:\rapport.txt and a fresh HijackThis Log. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner

02-24-2007, 11:25 AM	#15 (permalink)
Tom.A Registered User Join Date: Feb 2007 Posts: 39 OS: XP	Hey mate. No more to the bitdefender - it wasnt very good detail. ok, rapport: SmitFraudFix v2.144 Scan done at 20:15:38,29, 24/02/2007 Run from C:\Documents and Settings\Espa¤a\Escritorio\Antivirus & Spyware programs\SmitfraudFix OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 20:25:41, on 24/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\APPS\Powercinema\PCMService.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\rundll32.exe C:\Archivos de programa\QuickTime\qttask.exe C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Archivos de programa\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\ctfmon.exe C:\APPS\SMP\SmpSys.exe C:\Archivos de programa\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE c:\archivos de programa\panda software\panda internet security 2007\WebProxy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Archivos de programa\HijackThis\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Acceso directo a la página de propiedades de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [DetectorApp] C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Internet Security 2007\Inicio.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: .protected O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\archivos de programa\panda software\panda internet security 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe thanks mate, im thankful you help.

02-25-2007, 09:54 AM	#16 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 23,944 OS: Win XP Pro SP3 / Win 7 RC My System Blog Entries: 10	Hi Tom Run a scan with HijackThis and fix this entry O4 - Global Startup: .protected Then post back with a fresh HijackThis log. That entry should be fixed OK as we’ve taken out the file, but I’d just like to check. Other than that things look good. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner

02-25-2007, 11:04 AM	#17 (permalink)
Tom.A Registered User Join Date: Feb 2007 Posts: 39 OS: XP	I cant get rid of it, hijackthis says its being used, I closed everything else and it still says it. Unable to delete the file: 04 - Global Startup: .protected The file may be in use. Use taskmanager to shutdown the program and run hijackthis again to delete the file.

02-25-2007, 12:15 PM	#18 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 23,944 OS: Win XP Pro SP3 / Win 7 RC My System Blog Entries: 10	Tom I see you have Spybot - can you make sure Tea Timer is disabled? Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. Now try to fix that entry using HJT - let me know if that works. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner

02-25-2007, 12:21 PM	#19 (permalink)
Tom.A Registered User Join Date: Feb 2007 Posts: 39 OS: XP	Hi mate, it was already unticked. still wont work, Tom.

02-25-2007, 12:23 PM	#20 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 23,944 OS: Win XP Pro SP3 / Win 7 RC My System Blog Entries: 10	Try fixing it in Safe Mode and see if that works. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner