Trojan Pws-lsp & Spam-xarvester On My Pc

[fjfm]

Hi Tetonbob:

Well, As you suggest me, I run Karspersky scan on line and problems again: it found viruses. I paste Karspersky info & last HijackThis Log.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 06, 2007 12:10:18 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.84.0
Kaspersky Anti-Virus database last update: 5/05/2007
Kaspersky Anti-Virus database records: 313653
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 118456
Number of viruses found: 2
Number of infected objects: 8 / 0
Number of suspicious objects: 0
Duration of the scan process: 03:10:51

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\eMule\Incoming\reparador de cds rayados, copiar en el disco curo y hacer una copia\reparador de cds rayados, copiar en el disco curo y hacer una copia\badcdrepairpro\bad_cd_repair_pro_install.exe/data0002 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Archivos de programa\eMule\Incoming\reparador de cds rayados, copiar en el disco curo y hacer una copia\reparador de cds rayados, copiar en el disco curo y hacer una copia\badcdrepairpro\bad_cd_repair_pro_install.exe NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Datos de programa\McAfee\AntiSpyware\Data\masdata.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\McAfee\AntiSpyware\Data\masevents.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\McAfee.com Personal Firewall\data\HwLocal.xdb Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Propietario\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Propietario\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Propietario\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Propietario\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Propietario\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Propietario\Configuración local\Temp\sqlite_ZZ36aErpvyUCs6i Object is locked skipped
C:\Documents and Settings\Propietario\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Propietario\Datos de programa\SiteAdvisor\SiteAdv.csh Object is locked skipped
C:\Documents and Settings\Propietario\Mis documentos\Copia seguridad Outlook\Bandeja entrada 8-11-03 a 8-12-05.dbx/[From Ebay <payments@ebay.com>][Date Thu, 23 Sep 2004 11:39:25 -0700]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.g skipped
C:\Documents and Settings\Propietario\Mis documentos\Copia seguridad Outlook\Bandeja entrada 8-11-03 a 8-12-05.dbx/[From Ebay <payments@ebay.com>][Date Thu, 23 Sep 2004 11:39:25 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.g skipped
C:\Documents and Settings\Propietario\Mis documentos\Copia seguridad Outlook\Bandeja entrada 8-11-03 a 8-12-05.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\Propietario\ntuser.dat Object is locked skipped
C:\Documents and Settings\Propietario\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1A67D8E3-95F1-4F0F-95F7-4C3034887CA8}\RP5\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{2DBF865A-81A4-482A-AD54-0AA57C3849FB}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\sqlite_1jUjObwZb2uhf9l Object is locked skipped
C:\WINDOWS\temp\sqlite_dClt79D8eh2kBAH Object is locked skipped
C:\WINDOWS\temp\sqlite_M5OgdxcA7GZzkd3 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\Comprimidos ya grabados\reparador de cds rayados, copiar en el disco curo y hacer una copia.rar/reparador de cds rayados, copiar en el disco curo y hacer una copia/badcdrepairpro/bad_cd_repair_pro_install.exe/data0002 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
H:\Comprimidos ya grabados\reparador de cds rayados, copiar en el disco curo y hacer una copia.rar/reparador de cds rayados, copiar en el disco curo y hacer una copia/badcdrepairpro/bad_cd_repair_pro_install.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
H:\Comprimidos ya grabados\reparador de cds rayados, copiar en el disco curo y hacer una copia.rar RAR: infected - 2 skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
=============================
=============================
=============================


And HIJACKTHIS LOG:



Logfile of HijackThis v1.99.1
Scan saved at 1:25:44, on 06/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Archivos de programa\McAfee.com\VSO\mcvsshld.exe
C:\Archivos de programa\McAfee.com\VSO\oasclnt.exe
C:\ARCHIV~1\mcafee.com\agent\mcagent.exe
C:\ARCHIV~1\McAfee.com\PERSON~1\MpfTray.exe
C:\archiv~1\mcafee\MCAFEE~1\masalert.exe
c:\archiv~1\mcafee.com\vso\mcvsescn.exe
C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\DVDRAMSV.exe
c:\archiv~1\mcafee\mcafee antispyware\massrv.exe
c:\archivos de programa\mcafee.com\agent\mcdetect.exe
c:\ARCHIV~1\mcafee.com\vso\mcshield.exe
c:\ARCHIV~1\mcafee.com\agent\mctskshd.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\ARCHIV~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Archivos de programa\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\rnathchk.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propietario\Mis documentos\Nuevo Maletín\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\archiv~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Archivos de programa\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\ARCHIV~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Archivos de programa\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Archivos de programa\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\ARCHIV~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\ARCHIV~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\ARCHIV~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\archiv~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MI699F~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europ...vex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bi...datePortal.cab
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www1.aeat.es/imagenes/comun/cactivex.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/act...a/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1A65B7C-F18E-46B6-8872-02C836BA62C7}: NameServer = 195.235.113.3,195.235.96.96
O17 - HKLM\System\CS2\Services\Tcpip\..\{32A997A7-3D6C-4FD1-B199-21207B14BDA8}: NameServer = 195.235.113.3,195.235.96.90
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\archiv~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\archivos de programa\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\ARCHIV~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\ARCHIV~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARCHIV~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\ARCHIV~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Programador de LiveUpdate automático - Unknown owner - C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Archivos de programa\SiteAdvisor\6066\SAService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

==============================

I'm waiting your answer again.
Thanks
FJ

[tetonbob]

Hi FJ -

Can you translate these into English for me, please?

C:\Archivos de programa\eMule\Incoming\reparador de cds rayados, copiar en el disco curo y hacer una copia\reparador de cds rayados, copiar en el disco curo y hacer una copia\badcdrepairpro\bad_cd_repair_pro_install.exe
C:\Documents and Settings\Propietario\Mis documentos\Copia seguridad Outlook\Bandeja entrada 8-11-03 a 8-12-05.dbx
C:\Documents and Settings\Propietario\Mis documentos\Copia seguridad Outlook\Bandeja entrada 8-11-03 a 8-12-05.dbx
H:\Comprimidos ya grabados\reparador de cds rayados, copiar en el disco curo y hacer una copia.rar
H:\Comprimidos ya grabados\reparador de cds rayados, copiar en el disco curo y hacer una copia.rar

It is these items which Kaspersky is finding as infected.

[fjfm]

Hello Tetonbob:

Here it is my "horrible" translation in English:


C:\Archivos de programa\eMule\Incoming\reparador de cds rayados, copiar en el disco curo y hacer una copia\reparador de cds rayados, copiar en el disco curo y hacer una copia\badcdrepairpro\bad_cd_repair_pro_install.exe

It's a program for repair scratched Cds. It was downloaded from "Emule" (Emule = for sharing music, programs..from internet). I can delete it without any problem.It was saved on my Hard Drive Disk (C:)


C:\Documents and Settings\Propietario\Mis documentos\Copia seguridad Outlook\Bandeja entrada 8-11-03 a 8-12-05.dbx

It's a copy of my emails from 8th-November-2003 up to 8th-December-2005


C:\Documents and Settings\Propietario\Mis documentos\Copia seguridad Outlook\Bandeja entrada 8-11-03 a 8-12-05.dbx

It's a copy of my emails from 8th-November-2003 up to 8th-December-2005



H:\Comprimidos ya grabados\reparador de cds rayados, copiar en el disco curo y hacer una copia.rar

It's a program for repair scratched Cds. It was downloaded from "Emule" (Emule = for sharing music, programs..from internet). I can delete it without any problem.It was saved on my other Hard Drive Disk (H:)



H:\Comprimidos ya grabados\reparador de cds rayados, copiar en el disco curo y hacer una copia.rar

It's a program for repair scratched Cds. It was downloaded from "Emule" (Emule = for sharing music, programs..from internet). I can delete it without any problem.It was saved on my other Hard Drive Disk (H:)



I think is better delete all these infected files. I can do it without any problem.

About my last HijackThis Log...Did you find anything wrong??.

Thanks again my friend
Fco.Javier

[tetonbob]

Thanks for the translation....yes, I agree it's best to delete those.

Regarding eMule....

Please note: Even if you are using a "safe" P2P program, such as is indicated in this thread

http://p2p.malwareremoval.com

it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

---------------------------------------------------------------------------------------------

Your last HijackThis log was clean.

Well done. You should be good to go. We still have a few items to address.


Clear & Reset System Restore's Cache

• click Start >> Run - type SYSDM.CPL & press Enter
• select the System Restore Tab
• tick on the checkbox - "Turn off System Restore on all drives"
• click Apply
• then untick the same checkbox & click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you don't have them already:

• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• SpywareGuard to catch and block spyware before it can execute.
  
• SPYBOT - SEARCH & DESTROY
  Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  
• AD-AWARE
  Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
  
  
• IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Download IE-SpyAD - Extract the contents to a new folder
    From within the folder, double-click install.bat
    Select Option #2 - Install the new IE-SPYAD list.
    Then return to the main menu.
    Select option #4 - Add the old porn sites domain
  
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

[fjfm]

Hi Tetonbob!!!!!!:

I deleted all these infected files!!.

I cleared & reseted System Restore's Cache and enable Windows Auto Update.

I had installed on my PC "Spyware Blaster" + "SpyBoot, search and destroy"+ "Ad-Aware-SE".

I think all is ok now, don't you??.

Thank you very much my friend (Muchas gracias amigo) for your helping and hard work!!!!.
I apreciate your job very much!!!. Thanks again.
Fco.Javier

[tetonbob]

Hi FJ -

You're quite welcome...you should be in good shape now.

Happy Computing, and Safe Surfing to you!