Comodo Firewall Pro svchost.exe popup problem
khany
Madrid - Spain
Hello,
I hope someone can help me with an annoying problem that I have since installing Comodo Firewall Pro.
Every time I start up my computer I get the message that I have included in
the attached Word document.
My first reaction was to Deny access. When I choose this option I am unable to connect to Internet so I have to restart the computer.
The same message comes up again and I press allow. Despite pressing allow I still get the same message again for a couple of times so I keep on pressing allow. After a couple of repeats of the same I can connect.
Is this a virus or something else?
Appreciate any help.
Best regards,
FRank
I hope someone can help me with an annoying problem that I have since installing Comodo Firewall Pro.
Every time I start up my computer I get the message that I have included in
the attached Word document.
My first reaction was to Deny access. When I choose this option I am unable to connect to Internet so I have to restart the computer.
The same message comes up again and I press allow. Despite pressing allow I still get the same message again for a couple of times so I keep on pressing allow. After a couple of repeats of the same I can connect.
Is this a virus or something else?
Appreciate any help.
Best regards,
FRank
0
This discussion has been closed.
Comments
Welcome to Icrontic Malware Removal Forum.
My name is peku006 and I will be assisting you.
services.exe is good, If it runs in C:\Windows\System32\folder
Please do the following...
Please Click here to download HJTsetup.exe
* Save HJTsetup.exe to your desktop.
* Double click on the HJTsetup.exe icon on your desktop.
* By default it will install to C:\Program Files\Hijack This.
* Continue to click Next(three times) in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
* Put a check by Create a desktop icon then click Next again.
* Then you will need to click on install
* At the final dialogue box click Finish and it will launch Hijack This.
* Click on the Do a system scan and save a log file button. It will scan and then notepad will open up
* Click file>save as and save it to your desktop
* Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
* Come back here to this thread and Paste the log in your next reply.
* DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
A million and one apologies for my delay in answering but thanks in advance for your help.
Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:55:46, on 13/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\acer\epm\epm-dm.exe
C:\Archivos de programa\Launch Manager\QtZgAcer.EXE
C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\TomTom HOME\TomTomHOME.exe
C:\Archivos de programa\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE
C:\Archivos de programa\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Acer\eManager\anbmServ.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
C:\Archivos de programa\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tilesandtiles.uk.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Archivos de programa\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Archivos de programa\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Archivos de programa\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Archivos de programa\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [updateMgr] "C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://personal.telefonica.terra.es
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Control de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.0.5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165017140173
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Archivos de programa\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Archivos de programa\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7518 bytes
Best regards,
Frank
Just based on your log content alone, the machine does not show any malware. Are you having any trouble
Please do the following...
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
Please find information you requested.
Main.txt:
Deckard's System Scanner v20070711.54
Run by Frank Khan on 2007-07-13 at 19:25:44
Computer is in Normal Mode.
-- System Restore
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
30: 2007-07-13 17:25:53 UTC - RP347 - Deckard's System Scanner Restore Point
29: 2007-07-13 14:49:35 UTC - RP346 - Punto de control del sistema
28: 2007-07-12 12:07:01 UTC - RP345 - Punto de control del sistema
27: 2007-07-10 21:30:14 UTC - RP344 - Software Distribution Service 3.0
26: 2007-07-10 21:10:37 UTC - RP343 - Software Distribution Service 3.0
-- First Restore Point --
1: 2007-06-07 21:07:06 UTC - RP318 - Punto de control del sistema
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Frank Khan.exe)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:55:46, on 13/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\acer\epm\epm-dm.exe
C:\Archivos de programa\Launch Manager\QtZgAcer.EXE
C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\TomTom HOME\TomTomHOME.exe
C:\Archivos de programa\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE
C:\Archivos de programa\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Acer\eManager\anbmServ.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
C:\Archivos de programa\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tilesandtiles.uk.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Archivos de programa\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Archivos de programa\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Archivos de programa\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Archivos de programa\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [updateMgr] "C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://personal.telefonica.terra.es
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Control de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.0.5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165017140173
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Archivos de programa\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Archivos de programa\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7518 bytes
-- File Associations
Extra.txt
Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
-- System Information
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Spanish
CPU 0: Intel(R) Pentium(R) M processor 1.60GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 494.42 MiB / 181.59 MiB
Pagefile Memory (total/avail): 1156.65 MiB / 786.17 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1963.41 MiB
C: is Fixed (FAT32) - 17.07 GiB total, 4.07 GiB free.
D: is Fixed (FAT32) - 17.24 GiB total, 14.25 GiB free.
E: is CDROM (Unformatted)
-- Security Center
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: COMODO Firewall Pro v2.3.035 (COMODO)
AV: AVG 7.5.476 v7.5.476 (GRISOFT)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Archivos de programa\\Hewlett-Packard\\Toolbox\\JRE\\BIN\\JAVAW.EXE"="C:\\Archivos de programa\\Hewlett-Packard\\Toolbox\\JRE\\BIN\\JAVAW.EXE:*:Enabled:javaw"
"C:\\Archivos de programa\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Archivos de programa\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager"
"C:\\Archivos de programa\\MSN Messenger\\MSNMSGR.EXE"="C:\\Archivos de programa\\MSN Messenger\\MSNMSGR.EXE:*:Enabled:Messenger"
"C:\\Archivos de programa\\Ares\\Ares.exe"="C:\\Archivos de programa\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Archivos de programa\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Archivos de programa\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\Archivos comunes\\Intuit\\Entitlement Client\\v3\\Server\\Intuit.Spc.Map.EntitlementClient.Server.Service.exe"="C:\\Archivos de programa\\Archivos comunes\\Intuit\\Entitlement Client\\v3\\Server\\Intuit.Spc.Map.EntitlementClient.Server.Service.exe:LocalSubNet:Enabled:Intuit Entitlement Service v3"
"C:\\Archivos de programa\\LimeWire\\LimeWire.exe"="C:\\Archivos de programa\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Archivos de programa\\Grisoft\\AVG7\\avginet.exe"="C:\\Archivos de programa\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Archivos de programa\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Archivos de programa\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Archivos de programa\\Grisoft\\AVG7\\avgcc.exe"="C:\\Archivos de programa\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Archivos de programa\\Azureus\\Azureus.exe"="C:\\Archivos de programa\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Archivos de programa\\SmartFTP Client\\SmartFTP.exe"="C:\\Archivos de programa\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Archivos de programa\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Archivos de programa\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\\Archivos de programa\\Skype\\Phone\\Skype.exe"="C:\\Archivos de programa\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
-- Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Frank Khan\Datos de programa
CommonProgramFiles=C:\Archivos de programa\Archivos comunes
COMPUTERNAME=RFK-FRANKKHAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Frank Khan
LOGONSERVER=\\RFK-FRANKKHAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Archivos de programa\Internet Explorer;;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\Archivos de programa\Samsung\Samsung PC Studio 3\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Archivos de programa
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\FRANKK~1\CONFIG~1\Temp
TMP=C:\DOCUME~1\FRANKK~1\CONFIG~1\Temp
USERDOMAIN=RFK-FRANKKHAN
USERNAME=Frank Khan
USERPROFILE=C:\Documents and Settings\Frank Khan
windir=C:\WINDOWS
-- User Profiles
Frank Khan (admin)
Administrador (admin)
-- Add/Remove Programs
--> C:\WINDOWS\IsUninst.exe -f"C:\Archivos de programa\Acer Inc.\Acer Spanish Guide Link\Uninst.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eManager for Notebook --> C:\Archivos de programa\Archivos comunes\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer ePowerManagement --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0xa
Actualización de seguridad para el Reproductor de Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Actualización de seguridad para el Reproductor de Windows Media 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Actualización de seguridad para el Reproductor de Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Actualización de seguridad para el Reproductor de Windows Media 9 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Actualización para Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Actualización para Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Actualización para Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Actualización para Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Actualización para Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Actualización para Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Actualización para Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Actualización para Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Actualización para Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Actualización para Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Actualización para Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Actualización para Windows XP (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Actualización para Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Actualización para Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Actualización para Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Actualización para Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Actualización para Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Ad-Aware SE Personal --> C:\ARCHIV~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\ARCHIV~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Ares 2.0.8 --> "C:\Archivos de programa\Ares\uninstall.exe"
AVG 7.5 --> C:\Archivos de programa\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BlackBerry Desktop Software 4.0.1 --> MsiExec.exe /I{60041461-D167-4796-AF92-3AEF8C329811}
BlackBerry Desktop Software 4.0.1 --> MsiExec.exe /i{60041461-D167-4796-AF92-3AEF8C329811}
CCleaner (remove only) --> "C:\Archivos de programa\CCleaner\uninst.exe"
COMODO Firewall Pro --> C:\Archivos de programa\Comodo\Firewall\fwconfig.exe -uninstalln
Compresor WinRAR --> C:\Archivos de programa\WinRAR\uninstall.exe
Conexant AC-Link Audio --> CIAunwdm.exe
Easy Unit Converter --> C:\ARCHIV~1\FILESWEB\EUC\UNWISE.EXE C:\ARCHIV~1\FILESWEB\EUC\INSTALL.LOG
El cuerpo humano 2.0 --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{B0401AB7-FD2C-4454-8775-583D87A2CFA4}\Setup.exe" -l0xa
El gran atlas del pequeño aventurero --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{133A6843-4F13-4D10-AA00-31C5E5304D75}\Setup.exe" -l0xa
ForeverFriends Screensaver --> C:\WINDOWS\system32\FFScreensaveruninst.exe
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\archivos de programa\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp LaserJet 1160/1320 series --> MsiExec.exe /x {7F04B272-E0DD-47E7-8B55-D97483DB0EBD}
HP Software Update --> MsiExec.exe /X{90B5E602-1867-449D-86FD-FC9DEA4434BF}
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
ISO Recorder --> MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
La Máquina del Tiempo --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{D4F28213-D41D-44A7-8C33-C23F96ED4B5C}\Setup.exe" -l0xa
Launch Manager --> C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
LimeWire 4.12.11 --> "C:\Archivos de programa\LimeWire\uninstall.exe"
Macromedia Dreamweaver 8 --> MsiExec.exe /I{117E076F-5EB0-408D-B7A9-D94511FE834D}
Macromedia Extension Manager --> MsiExec.exe /I{F443F171-B49B-4645-915C-580E7ED79992}
Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUN040A.EXE" -f"C:\Archivos de programa\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Archivos de programa\Microsoft ActiveSync\ceuninst.dll"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110C0A-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0C0A-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSN --> C:\Archivos de programa\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 6 Ultra Edition --> C:\Archivos de programa\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NTI Backup NOW! 3 --> C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E68EAA3-775A-4542-A08A-47DB8E8E74A6} /l1034 BUNText
NTI CD & DVD-Maker Gold --> C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1034 AnyText
Paquete de proveedor base de servicios de cifrado para tarjetas inteligentes de Microsoft --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
PDFCreator --> C:\Archivos de programa\PDFCreator\unins000.exe
PowerDVD --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Revisión de Windows XP - KB867282 --> C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Revisión de Windows XP - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Revisión de Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Revisión de Windows XP - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Revisión de Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Revisión de Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Revisión de Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Revisión de Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Revisión de Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Revisión de Windows XP - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Revisión de Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Revisión de Windows XP - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Revisión de Windows XP - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Revisión de Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Revisión de Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Revisión para Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype 2.5 --> "C:\Archivos de programa\Skype\Phone\unins000.exe"
SoftV92 Data Fax Modem with SmartCP --> C:\Archivos de programa\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_00641025\HXFSETUP.EXE -U -Iqta00645.inf
Spybot - Search & Destroy 1.4 --> "C:\Archivos de programa\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Archivos de programa\SpywareBlaster\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Archivos de programa\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{23C7348E-131C-4BFF-9763-2C804D6B87AE}
TomTom HOME --> C:\Archivos de programa\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
VIMICRO USB PC Camera --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\setup.exe" -l0x9
Vodafone 804SS USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{FD3FEE11-A03E-47DC-971B-60F73D7128A4}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Archivos de programa\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
-- End of Deckard's System Scanner: finished at 2007-07-13 at 19:29:20
Best regards,
Dss.main.txt cuts off,
Please re-send it
My apologies. I am resending the complete file.
At the same time, just to let you know that I continuously get the same message even when I allow it in Comodo Firewall.
Deckard's System Scanner v20070711.54
Run by Frank Khan on 2007-07-16 at 12:10:19
Computer is in Normal Mode.
-- HijackThis (run as Frank Khan.exe)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:13, on 16/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\acer\epm\epm-dm.exe
C:\Archivos de programa\Launch Manager\QtZgAcer.EXE
C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\TomTom HOME\TomTomHOME.exe
C:\Archivos de programa\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE
C:\Archivos de programa\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Acer\eManager\anbmServ.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
C:\Archivos de programa\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\Grisoft\AVG7\avgw.exe
C:\ARCHIV~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Archivos de programa\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\ARCHIV~1\TRENDM~1\HIJACK~1\FRANKK~1.EXE
C:\WINDOWS\notepad.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tilesandtiles.uk.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Archivos de programa\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Archivos de programa\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Archivos de programa\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Archivos de programa\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [updateMgr] "C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://personal.telefonica.terra.es
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Control de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.0.5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165017140173
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Archivos de programa\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Archivos de programa\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7585 bytes
-- Files created between 2007-06-16 and 2007-07-16
2007-07-13 00:53:40 0 d
C:\Archivos de programa\Trend Micro
2007-06-28 00:43:45 0 d
C:\Archivos de programa\Comodo
2007-06-18 13:05:51 174592 --a
C:\WINDOWS\system32\framedyn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-18 13:05:05 5632 --a
C:\WINDOWS\system32\drivers\StarOpen.sys
2007-06-18 13:03:04 0 d
C:\Archivos de programa\Samsung
-- Find3M Report
2007-07-16 00:41:46 12 --a
C:\WINDOWS\bthservsdp.dat
2007-07-11 00:34:46 468398 --a
C:\WINDOWS\system32\perfh00A.dat
2007-07-11 00:34:46 83772 --a
C:\WINDOWS\system32\perfc00A.dat
2007-07-08 21:26:26 0 d
C:\Documents and Settings\Frank Khan\Datos de programa\Grisoft
2007-07-08 21:15:36 3960 --a
C:\WINDOWS\system32\tmp.reg
2007-06-28 00:46:36 0 d
C:\Documents and Settings\Frank Khan\Datos de programa\Comodo
2007-06-18 13:30:24 0 d
C:\Documents and Settings\Frank Khan\Datos de programa\TransRender
2007-06-18 13:30:24 0 d
C:\Documents and Settings\Frank Khan\Datos de programa\Temporary
2007-06-18 13:15:32 0 d
C:\Documents and Settings\Frank Khan\Datos de programa\ConvertTemp
2007-06-02 22:11:40 0 d
C:\Documents and Settings\Frank Khan\Datos de programa\InstallShield
-- Registry Dump
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\archivos de programa\google\googletoolbar2.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="Alaunch"
"SynTPLpr"="C:\\Archivos de programa\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Archivos de programa\\Synaptics\\SynTP\\SynTPEnh.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
"ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"
"LManager"="C:\\Archivos de programa\\Launch Manager\\QtZgAcer.EXE"
"StatusClient 2.6"="C:\\Archivos de programa\\Hewlett-Packard\\Toolbox\\StatusClient\\StatusClient.exe /auto"
"TomcatStartup 2.5"="C:\\Archivos de programa\\Hewlett-Packard\\Toolbox\\hpbpsttp.exe"
"AVG7_CC"="C:\\ARCHIV~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Archivos de programa\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Archivos de programa\\QuickTime\\qttask.exe\" -atboottime"
"TomTomHOME.exe"="\"C:\\Archivos de programa\\TomTom HOME\\TomTomHOME.exe\" -s"
"COMODO Firewall Pro"="\"C:\\Archivos de programa\\Comodo\\Firewall\\CPF.exe\" /background"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Archivos de programa\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"H/PC Connection Agent"="\"C:\\Archivos de programa\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"updateMgr"="\"C:\\Archivos de programa\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"DWQueuedReporting"="\"C:\\ARCHIV~1\\ARCHIV~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Gamma Loader.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\Adobe Gamma Loader.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\ARCHIV~1\\ARCHIV~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\ARCHIV~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Inicio rápido de Microsoft Office OneNote 2003.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\Inicio rápido de Microsoft Office OneNote 2003.lnk"
"backup"="C:\\WINDOWS\\pss\\Inicio rápido de Microsoft Office OneNote 2003.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\ARCHIV~1\\MICROS~2\\OFFICE11\\ONENOTEM.EXE /tsr"
"item"="Inicio rápido de Microsoft Office OneNote 2003"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VM_STI"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\VM_STI.EXE VIMICRO USB PC Camera"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WCESCOMM"
"hkey"="HKCU"
"command"="\"C:\\Archivos de programa\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="\"C:\\Archivos de programa\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"C:\\Archivos de programa\\Messenger\\MSMSGS.EXE\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Archivos de programa\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Archivos de programa\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Archivos de programa\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SiteAdv"
"hkey"="HKLM"
"command"="C:\\Archivos de programa\\SiteAdvisor\\6028\\SiteAdv.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Archivos de programa\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Archivos de programa\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08529000-cb4e-11db-9c9d-000e357e36d7}]
Shell\AutoRun\command F:\InstallTomTomHOME.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9eaeae50-1074-11dc-9d2c-000e357e36d7}]
Shell\AutoRun\command F:\InstallTomTomHOME.exe
-- End of Deckard's System Scanner: finished at 2007-07-16 at 12:11:47
Best regards,
services.exe is good,
Have you tried
define a New Allowed/ Trusted Application
(use Comodo Firewall help)
Please do the following...
- Run HijackThis
- Click on the Scan button
- Put a check beside all of the items listed below (if present):
- Close all open windows and browsers/email, etc...
- Click on the "Fix Checked" button
- When completed, close the application.
Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
If you did not add this page to your trusted pages, this should be fixed.
O15 - Trusted Zone: http://personal.telefonica.terra.es
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Control de DownloadManager) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.0.5.cab
- The program will launch and then start to download the latest definition files.
- Once the scanner is installed and the definitions downloaded, click Next.
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
- Click OK
- Now under select a target to scan select My Computer
- The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button
- Save the file to your desktop.
- Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
I have followed your instructions and the KAspersky scan says that I am infected.
KASPERSKY ONLINE SCANNER REPORT
Monday, July 16, 2007 10:45:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 16/07/2007
Kaspersky Anti-Virus database records: 363050
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 66878
Number of viruses found: 1
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 00:47:40
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Windows Defender\Support\MPLog-10302006-122946.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Frank Khan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Frank Khan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Temp\jar_cache14619.tmp Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Temp\jar_cache14620.tmp Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Temp\jar_cache14621.tmp Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Temp\jar_cache14622.tmp Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Temp\jar_cache14623.tmp Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Temp\jar_cache14624.tmp Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Temp\jar_cache14625.tmp Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Temp\jar_cache14626.tmp Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Temp\jar_cache14627.tmp Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Temp\~DF13B6.tmp Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Temp\toolbox_healer14628.log Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Temp\jar_cache14629.tmp Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Temp\jar_cache14630.tmp Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Temp\jar_cache14631.tmp Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Archivos temporales de Internet\Content.IE5\OWNPWEFR\SmitfraudFix[1].zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Frank Khan\Configuración local\Archivos temporales de Internet\Content.IE5\OWNPWEFR\SmitfraudFix[1].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Frank Khan\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Frank Khan\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Frank Khan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\index2.dat Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\chat256.dbb Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\user16384.dbb Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\user1024.dbb Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\call256.dbb Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\profile16384.dbb Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\chat8192.dbb Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Frank Khan\Datos de programa\Skype\frank-rfk\chat512.dbb Object is locked skipped
C:\System Volume Information\_restore{0AF59319-765D-4E4A-9919-B5DCA421ADFE}\RP347\A0042649.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
Scan process completed.
Best regards,
Frank
Your comp looks clean.
Don't worry about
C:\Documents and Settings\Frank Khan\Configuración local\Archivos temporales de Internet\Content.IE5\OWNPWEFR\SmitfraudFix[1].zip
it´s not virus
Everything is good now
Use Explorer to navigate to and delete the following folders (if they are present):
Folders:
C:\Documents and Settings\Frank Khan\Configuración local\Archivos temporales de Internet\Content.IE5\OWNPWEFR\SmitfraudFix[1].zip
Now just exit Explorer.
Clean your System Restore:
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
- Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
Reenable system restore with instructions from tutorial aboveYou can find instructions on how to enable and reenable system restore here:
Managing Windows Millenium System Restore
or
Windows XP System Restore Guide
- Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:Virus, Spyware, and Malware Protection and Removal Resources
- Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
- Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
- Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
- Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
- Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
Instructions for - Spybot S & D and Ad-aware
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
Here are some additional utilities that will enhance your safety
- IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
- Google Toolbar <= Get the free google toolbar to help stop pop up windows.
- Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
- Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!Using Winpatrol to protect your computer from malicious software
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place
Happy surfing and stay clean!
Best regards,
FRank
This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead
Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here