• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Aralom

I can't remove FirewallBypass nor SpamTool.Win32.Agent.u

8 posts in this topic

First of all, I have read the FAQ and I have followed the instructions. My system is Windows XP Professional.

 

Last week I was attacked by a bunch of malware and at least one of them was a backdoor. Also, some or them blocked my internet usage, but I was finally able to clean them almost all. Only one problem remains, or it seems to be only one.

 

The symptoms are these:

-Each time I log on to Windows, the Security Center tells me that the state of the firewall is unknown. It takes to a window where I can check the problem and reactive the firewall. Sometimes that does not work and I have to go to Control Panel, etc., to fix it. Any way, once the problem is supposedly fixed, it does not cause trouble any more, unless I log off and on again.

-SpyBot Search & Destroy detects Microsoft.WindowsSecurityCenter.FirewallBypass. It supposedly fixes it, but each time I log on to Windows and run a scan it finds it again.

-AVG Anti-Spyware finds Not-A-Virus.SpamTool.Win32.Agent.u (I have posted the complete log). I do not believe the "Not-A-Virus"-thing, so I ask the tool to quarantine it. In order to do that, it reboots the computer, but if I run the scan again, it finds the same again.

-CounterSpy finds Spammer-Win32/Agent.U Zombie/Bot. Apparently, this corresponds to the same files that AVG Anti-Spyware finds suspicious. It reboots the computer to fix the problem, but the problem appears again each time.

-If I am connected to the Internet, AVG Anti-Virus alerts me of totour.exe in system32. However, that stopped happening some days ago, after a Windows Update, I think.

 

 

 

What I have done so far:

-Installed ZoneAlarm.

-Run AdAware, AVG Anti-Rootkit, and even Combofix, but they find nothing.

-Run the other tools I mentioned.

-Run most of these tools also in Safe Mode.

 

What I did last before posting:

-Run AdAware, but found nothing.

-Run SpyBot, but the same happened.

-Run AVG Anti-Spyware, but the same happened (I had to reboot). I saved the report.

-After rebooting, run Hijackthis. I saved the report.

 

Here is the complete AVG Anti-Spyware log:

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 12:52:01 p.m. 17/06/2007

 

+ Scan result:

 

 

 

[1564] c:\cd1041.nls -> Not-A-Virus.SpamTool.Win32.Agent.u : Cleaned with backup (quarantined).

 

 

::Report end

 

 

Here is the complete HJT log:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 12:59:25 p.m., on 17/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe

C:\Archivos de programa\Bonjour\mDNSResponder.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

C:\Archivos de programa\Sunbelt Software\CounterSpy\SBCSSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe

C:\Archivos de programa\Sunbelt Software\CounterSpy\SBCSTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Archivos de programa\hijackthis\analyze.exe

C:\WINDOWS\system32\wscntfy.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARCHIV~1\TEXTAL~1\TAForIE.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sBCSTray] C:\Archivos de programa\Sunbelt Software\CounterSpy\SBCSTray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Text To Speech Live Player - {03b5d444-9d5c-4361-aab5-f81f37f0f704} - C:\Archivos de programa\Text To Speech Live Player\ttslpcomIE.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Change voice - {489BD066-48C3-4c2b-92A6-9311462429F3} - C:\Archivos de programa\Text To Speech Live Player\changevoice.exe

O9 - Extra button: Pause Or Resume Speaking - {6f193b8e-2ad2-44ce-93a7-db3e042589ed} - C:\Archivos de programa\Text To Speech Live Player\pausepeak.exe

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Archivos de programa\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Stop Speaking - {c14815f2-50bc-4f98-8d78-401bcc828a5f} - C:\Archivos de programa\Text To Speech Live Player\stopspeak.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O16 - DPF: Yahoo! Chess -

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Control HouseCall) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -

O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe

O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe

O23 - Service: Servicio del iPod (iPodService) - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Archivos de programa\Sunbelt Software\CounterSpy\SBCSSvc.exe

O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\ARCHIV~1\ARCHIV~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

 

--

End of file - 7529 bytes

 

 

One last question. I have been told that it is not functional to have two different firewalls at the same time. Since I installed ZoneAlarm, does that mean I should turn off the Windows Firewall?

 

 

If there is anything that can be done, I would truly appreciate your help.

 

 

 

-------------------------

Update from jun 21

 

As I continued investigating about my problem, I discovered that someone else had a problem with infected files, which had a name like cd1041.nls. They used a tool called SDfix. So I used the tool and discovered that ndis.sys was infected. The tool fixed the file by itself and some of the problems I had disappeared. The only ones that remain are those related to the Windows Security Center:

+SpyBot Search & Destroy detects Microsoft.WindowsSecurityCenter.FirewallBypass. It supposedly fixes it, but each time I log on to Windows and run a scan it finds it again.

+Each time I log on to Windows, the Security Center tells me that the state of the firewall is unknown. It takes to a window where I can check the problem and reactive the firewall.Once the problem is supposedly fixed, it does not cause trouble any more, unless I log off and on again.

+AVG Anti-Spyware/Anti-Virus/Anti-Rootkit find nothing. The same goes for CounterSpy and Ad-Aware.

 

Perhaps there are no viruses or spyware any longer? If you need any new logs, just tell me.

 

One last question. I have been told that it is not functional to have two different firewalls at the same time. Since I installed ZoneAlarm, does that mean I should turn off the Windows Firewall?

Edited by Aralom

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Sorry for this long delay.

 

If you still need help please submit a fresh HijackThis log for may review.

Share this post


Link to post
Share on other sites

Here is the new HJT log:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 08:53:47 p.m., on 27/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe

C:\Archivos de programa\Bonjour\mDNSResponder.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

C:\Archivos de programa\Prevx2\PXAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Archivos de programa\Prevx2\PXConsole.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Archivos de programa\hijackthis\analyze.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O1 - Hosts: 189.153.97.100 L2authd.lineage2.com #Xaras

O1 - Hosts: 189.153.97.100 l2testauthd.lineage2.com #Xaras

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Datos de programa\Prevx\pxbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARCHIV~1\TEXTAL~1\TAForIE.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [PrevxOne] "C:\Archivos de programa\Prevx2\PXConsole.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Text To Speech Live Player - {03b5d444-9d5c-4361-aab5-f81f37f0f704} - C:\Archivos de programa\Text To Speech Live Player\ttslpcomIE.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Change voice - {489BD066-48C3-4c2b-92A6-9311462429F3} - C:\Archivos de programa\Text To Speech Live Player\changevoice.exe

O9 - Extra button: Pause Or Resume Speaking - {6f193b8e-2ad2-44ce-93a7-db3e042589ed} - C:\Archivos de programa\Text To Speech Live Player\pausepeak.exe

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Archivos de programa\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Stop Speaking - {c14815f2-50bc-4f98-8d78-401bcc828a5f} - C:\Archivos de programa\Text To Speech Live Player\stopspeak.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O16 - DPF: Yahoo! Chess -

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Control HouseCall) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -

O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe

O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe

O23 - Service: Servicio del iPod (iPodService) - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Archivos de programa\Prevx2\PXAgent.exe

O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\ARCHIV~1\ARCHIV~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

 

--

End of file - 7553 bytes

 

 

I am running Prevx2 now, but it has not found anything yet. Also, I have two questions:

-If I am running Prevx, should I deactivate my AVG Anti-Virus?

-If I am running Prevx (or anything that can be considered as a firewall), should I deactivate the Windows built-in firewall?

 

I am asking about that because I read that it is a bad idea to have two different Antivirus or two different Firewalls at the same time.

 

 

Thanks for the help.

Share this post


Link to post
Share on other sites

Nice Work your log is clean.

 

Please read this Prevention page with lots of info and tips how to prevent this in the future.

http://users.telenet.be/bluepatchy/miekiem...prevention.html

 

You are correct about having duplicate Firewalls and Virus protection. Follow these recommendations.

 

Take a look at this page created by miekiemoes, one of the Global Moderators here, on slow systems, and some things you can try to do to try to improve it:

http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

Share this post


Link to post
Share on other sites

Thanks for the help!

But it stills worries me that the problems that are related to the Windows Security Center have not disappeared. However, it may not matter if I am not using the Windows Firewall anymore. Should I simply ignore those problems?

Share this post


Link to post
Share on other sites

Try this.

 

Remove Spybod and destroy completely then reinstall.

  1. Download the latest version of Spybot from either:

[*]Install spybot and by default is should install into C:\Program Files\Spybot - Search & Destroy.

[*]Run Spybot by clicking on "Start" => "Programs" => "Spybot - Search & Destroy" => "Spybot - Search & Destroy".

[*]The first time you run it, allow it to create a backup of your registry when prompted. This will take a few minutes to complete.

[*]Click on "Search for Updates".

[*]If any updates are found, place a check mark next to each and click on "Download Updates".

[*]Click on "Immunize" and once it detect what has or has not been blocked, block all remaining items by clicking on the green plus sign next to immunize at the top.

[*]Click on "Search & Destroy" => "Check for Problems".

[*]If any problems are found, be sure to click on "Fix Selected Problems."

Let me know the exact error message if any.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0