trying to delet 9ringtone

Unknown · June 2005

hello:
I am new to this, but very angry because 9ringtone has taken over and even shutted down my computer.
I have taken the steps in running spywear and ad aware
run hijakthis and this is the log:
Logfile of HijackThis v1.99.1
Scan saved at 9:46:09, on 21/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\S3apphk.exe
C:\WINDOWS\System32\carpserv.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Archivos de programa\Palm\HOTSYNC.EXE
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Barbara Faudoa\Configuración local\Temp\Directorio temporal 1 para hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\ARCHIV~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Archivos de programa\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [faqnedmd] c:\windows\system32\faqnedmd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RamBooster] C:\Archivos de programa\RamBooster\Rambooster.exe
O4 - Startup: HotSync Manager.lnk = C:\Archivos de programa\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Archivos de programa\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ru-mx - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\ru-mx\0.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119305875531
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DFC83BE-859D-4893-94B9-772C545EB086}: NameServer = 211.200.175.100
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\lv6009jme.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thanks everyone.

Buckeye_Sam · June 2005

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

roroman · June 2005

here is the log
there were two windows that appeared that said this program could not be runned.
I just accepted and continued.
thanks buck eye

L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDLLs]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\h84m0ih1e84.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{1650E643-B940-3489-72E8-4478ACC2FE50}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Hoja de propiedades de archivos multimedia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Administraci¢n de esc*ner ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="P*gina de seguridad NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="P*gina de propiedades del archivo de documentos OLE"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del adaptador de pantalla"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del monitor de pantalla"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n de paneo de pantalla del Panel de control"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="P*gina de seguridad DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="P*gina de compatibilidad"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extensi¢n de copia de discos"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensiones del shell para objetos de la red de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Administraci¢n de monitor ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Administraci¢n de impresora ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensiones del shell para compresi¢n de archivos"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extensi¢n del shell de impresora en Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Men£ de contexto de cifrado"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Malet¡n"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extensi¢n de icono de HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fuentes"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Perfil de ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="P*gina de seguridad de impresoras"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n PKO cifrada"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n de firma cifrada"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Conexiones de red"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Conexiones de red"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&C*maras y esc*neres"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&C*maras y esc*neres"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&C*maras y esc*neres"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&C*maras y esc*neres"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&C*maras y esc*neres"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensiones del shell para Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="V¡nculos a datos de Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tareas programadas"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra de tareas y men£ Inicio"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Buscar"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ejecutar..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Correo electr¢nico"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fuentes"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Herramientas administrativas"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra de herramientas de Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Estado de la descarga"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Carpeta Shell aumentada"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Carpeta 2 Shell aumentada"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Banda del explorador de Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Banda de b£squeda"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Banda multimedia"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="B£squeda en panel"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="B£squeda Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilidad de opciones del *rbol de Registro"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Direcci¢n"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Cuadro de la direcci¢n"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autocompletar de Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autocompleta MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Lista autocompleta MRU personalizada"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barra de progreso emergente"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizador de Barra de direcciones"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autocompleta de la historia de Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autocompleta de la carpeta Shell de Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Contenedor de la Lista m£ltiple de Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Men£ de sitio de bandas Shell"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barra de escritorio Shell"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Asistencia al usuario"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Configuraci¢n de carpeta global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Servicio de Historial de las direcciones URL de Microsoft"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historial"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Hook de b£squeda de direcciones URL de Microsoft"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Pantalla de bienvenida de IE4 Suite"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Banda de Explorador"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Carpeta del cach‚ de ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Carpeta de suscripciones"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Administrador de aplicaciones de Shell"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerador de aplicaciones instaladas"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extractor de vistas en miniatura de archivos GDI+"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Controlador de la informaci¢n de resumen para vistas en miniatura (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extractor de vistas en miniatura HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Asistente para la publicaci¢n en Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Pedido de impresiones v¡a web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objeto de Asistente de publicaci¢n de shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Asistente para obtener pasaporte"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Cuentas de usuario"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Archivo de canal"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Acceso directo al canal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Objeto de control de canal"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Carpeta de archivos sin conexi¢n"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personas..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Carpetas Web"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{528721DB-AEA0-4353-BD58-3A4244AA9E7A}"=""
"{290EB4F9-D200-475B-96E2-D4BF7BF013FE}"=""
"{B4670C62-D629-4D60-BAE8-6C7786128284}"=""
"{CAD8AAC7-C065-497D-8592-9B324AEBC23D}"=""
"{80DB5FE8-7669-4888-9155-53CA4DC4FE90}"=""
"{7E987D8C-BDAE-48EE-BFE9-A6CEAAF0E1F8}"=""
"{E07DAF7C-FCB9-4ED7-8ADA-7676144FCBF3}"=""
"{820B2230-82BA-46D3-BCD4-68BD69990696}"=""
"{773040AD-48ED-4175-92EB-CA8E1FA11926}"=""
"{7B63B720-B5FC-4E1E-A6C8-C7A4C5DEEC82}"=""
"{7FEA7DF1-E1F5-4A0B-A1C9-F843DF57E1C1}"=""
"{61CC718F-9FCF-464B-B325-35DBD6A457B0}"=""
"{4BBFC0CA-09FA-4092-95FF-71756CA52AD2}"=""
"{CA7E8D1B-CE14-4C66-9D33-20E0EF655499}"=""
"{3CDC2D76-0C1E-429E-910A-4920ED19EED9}"=""
"{0CF1F215-C032-497F-B708-4305B2B2BFBD}"=""
"{6B44ACF6-4565-4017-9062-08CAB72B3CC2}"=""
"{2B1F1857-9CF9-4D16-9D5E-63F0BCC652B2}"=""
"{C0767202-9AE8-4EB1-8CBB-D2148A940218}"=""
"{8e9d6600-f84a-11ce-8daa-00aa004a5691}"="Shell extensions for NetWare"
"{e3f2bac0-099f-11cf-8daa-00aa004a5691}"="Shell extensions for NetWare"
"{52c68510-09a0-11cf-8daa-00aa004a5691}"="Shell extensions for NetWare"
"{F55D92A0-879C-461A-BF82-064D8BEE31E5}"=""
"{5F100917-DC78-45A5-858C-019B078221C7}"=""
"{03E341BA-BA34-4F14-B085-F33E31FBC714}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{528721DB-AEA0-4353-BD58-3A4244AA9E7A}]
@=""
"IDEx"="BM2"

[HKEY_CLASSES_ROOT\CLSID\{528721DB-AEA0-4353-BD58-3A4244AA9E7A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{528721DB-AEA0-4353-BD58-3A4244AA9E7A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{528721DB-AEA0-4353-BD58-3A4244AA9E7A}\InprocServer32]
@="C:\\WINDOWS\\system32\\skredir.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{290EB4F9-D200-475B-96E2-D4BF7BF013FE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{290EB4F9-D200-475B-96E2-D4BF7BF013FE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{290EB4F9-D200-475B-96E2-D4BF7BF013FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{290EB4F9-D200-475B-96E2-D4BF7BF013FE}\InprocServer32]
@="C:\\WINDOWS\\system32\\tZpiui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B4670C62-D629-4D60-BAE8-6C7786128284}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B4670C62-D629-4D60-BAE8-6C7786128284}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B4670C62-D629-4D60-BAE8-6C7786128284}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B4670C62-D629-4D60-BAE8-6C7786128284}\InprocServer32]
@="C:\\WINDOWS\\system32\\sslunirl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CAD8AAC7-C065-497D-8592-9B324AEBC23D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAD8AAC7-C065-497D-8592-9B324AEBC23D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAD8AAC7-C065-497D-8592-9B324AEBC23D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAD8AAC7-C065-497D-8592-9B324AEBC23D}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{80DB5FE8-7669-4888-9155-53CA4DC4FE90}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80DB5FE8-7669-4888-9155-53CA4DC4FE90}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80DB5FE8-7669-4888-9155-53CA4DC4FE90}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80DB5FE8-7669-4888-9155-53CA4DC4FE90}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7E987D8C-BDAE-48EE-BFE9-A6CEAAF0E1F8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E987D8C-BDAE-48EE-BFE9-A6CEAAF0E1F8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E987D8C-BDAE-48EE-BFE9-A6CEAAF0E1F8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E987D8C-BDAE-48EE-BFE9-A6CEAAF0E1F8}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E07DAF7C-FCB9-4ED7-8ADA-7676144FCBF3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E07DAF7C-FCB9-4ED7-8ADA-7676144FCBF3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E07DAF7C-FCB9-4ED7-8ADA-7676144FCBF3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E07DAF7C-FCB9-4ED7-8ADA-7676144FCBF3}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{820B2230-82BA-46D3-BCD4-68BD69990696}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{820B2230-82BA-46D3-BCD4-68BD69990696}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{820B2230-82BA-46D3-BCD4-68BD69990696}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{820B2230-82BA-46D3-BCD4-68BD69990696}\InprocServer32]
@="C:\\WINDOWS\\system32\\msicda.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{773040AD-48ED-4175-92EB-CA8E1FA11926}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{773040AD-48ED-4175-92EB-CA8E1FA11926}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{773040AD-48ED-4175-92EB-CA8E1FA11926}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{773040AD-48ED-4175-92EB-CA8E1FA11926}\InprocServer32]
@="C:\\WINDOWS\\system32\\rngapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7B63B720-B5FC-4E1E-A6C8-C7A4C5DEEC82}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B63B720-B5FC-4E1E-A6C8-C7A4C5DEEC82}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B63B720-B5FC-4E1E-A6C8-C7A4C5DEEC82}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B63B720-B5FC-4E1E-A6C8-C7A4C5DEEC82}\InprocServer32]
@="C:\\WINDOWS\\system32\\oxedlg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7FEA7DF1-E1F5-4A0B-A1C9-F843DF57E1C1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7FEA7DF1-E1F5-4A0B-A1C9-F843DF57E1C1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7FEA7DF1-E1F5-4A0B-A1C9-F843DF57E1C1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7FEA7DF1-E1F5-4A0B-A1C9-F843DF57E1C1}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{61CC718F-9FCF-464B-B325-35DBD6A457B0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{61CC718F-9FCF-464B-B325-35DBD6A457B0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{61CC718F-9FCF-464B-B325-35DBD6A457B0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{61CC718F-9FCF-464B-B325-35DBD6A457B0}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4BBFC0CA-09FA-4092-95FF-71756CA52AD2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4BBFC0CA-09FA-4092-95FF-71756CA52AD2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4BBFC0CA-09FA-4092-95FF-71756CA52AD2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4BBFC0CA-09FA-4092-95FF-71756CA52AD2}\InprocServer32]
@="C:\\WINDOWS\\system32\\ofeaccrc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CA7E8D1B-CE14-4C66-9D33-20E0EF655499}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CA7E8D1B-CE14-4C66-9D33-20E0EF655499}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CA7E8D1B-CE14-4C66-9D33-20E0EF655499}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CA7E8D1B-CE14-4C66-9D33-20E0EF655499}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3CDC2D76-0C1E-429E-910A-4920ED19EED9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3CDC2D76-0C1E-429E-910A-4920ED19EED9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3CDC2D76-0C1E-429E-910A-4920ED19EED9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3CDC2D76-0C1E-429E-910A-4920ED19EED9}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0CF1F215-C032-497F-B708-4305B2B2BFBD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0CF1F215-C032-497F-B708-4305B2B2BFBD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0CF1F215-C032-497F-B708-4305B2B2BFBD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0CF1F215-C032-497F-B708-4305B2B2BFBD}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6B44ACF6-4565-4017-9062-08CAB72B3CC2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B44ACF6-4565-4017-9062-08CAB72B3CC2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B44ACF6-4565-4017-9062-08CAB72B3CC2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B44ACF6-4565-4017-9062-08CAB72B3CC2}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2B1F1857-9CF9-4D16-9D5E-63F0BCC652B2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B1F1857-9CF9-4D16-9D5E-63F0BCC652B2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B1F1857-9CF9-4D16-9D5E-63F0BCC652B2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B1F1857-9CF9-4D16-9D5E-63F0BCC652B2}\InprocServer32]
@="C:\\WINDOWS\\system32\\snsvcs.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C0767202-9AE8-4EB1-8CBB-D2148A940218}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0767202-9AE8-4EB1-8CBB-D2148A940218}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0767202-9AE8-4EB1-8CBB-D2148A940218}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0767202-9AE8-4EB1-8CBB-D2148A940218}\InprocServer32]
@="C:\\WINDOWS\\system32\\gmlql3351.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F55D92A0-879C-461A-BF82-064D8BEE31E5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F55D92A0-879C-461A-BF82-064D8BEE31E5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F55D92A0-879C-461A-BF82-064D8BEE31E5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F55D92A0-879C-461A-BF82-064D8BEE31E5}\InprocServer32]
@="C:\\WINDOWS\\system32\\ctmctl32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5F100917-DC78-45A5-858C-019B078221C7}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{5F100917-DC78-45A5-858C-019B078221C7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5F100917-DC78-45A5-858C-019B078221C7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5F100917-DC78-45A5-858C-019B078221C7}\InprocServer32]
@="C:\\WINDOWS\\system32\\mprclr40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{03E341BA-BA34-4F14-B085-F33E31FBC714}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{03E341BA-BA34-4F14-B085-F33E31FBC714}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{03E341BA-BA34-4F14-B085-F33E31FBC714}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{03E341BA-BA34-4F14-B085-F33E31FBC714}\InprocServer32]
@="C:\\WINDOWS\\system32\\cxmodem.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
El volumen de la unidad C no tiene etiqueta.
El n£mero de serie del volumen es: 78AC-B37A

Directorio de C:\WINDOWS\System32

23/06/2005 10:43 234.305 guard.tmp
21/06/2005 19:44 234.157 dn6m01j1e.dll
21/06/2005 09:55 234.157 absmsext.dll
21/06/2005 09:55 234.305 h84m0ih1e84.dll
20/06/2005 17:40 234.088 l0n40a5qed.dll
20/06/2005 17:20 <DIR> dllcache
17/06/2005 16:48 235.654 ugtfs.dll
17/06/2005 15:37 235.654 cxmodem.dll
17/06/2005 15:36 234.784 g640lghm164a.dll
17/06/2005 12:05 234.748 p4r4le9q1h.dll
17/06/2005 12:05 234.272 ctmctl32.dll
17/06/2005 11:47 236.174 m2640cjqefoe0.dll
17/06/2005 11:47 234.513 gmlql3351.dll
17/06/2005 11:46 234.272 lvro0993e.dll
17/06/2005 11:38 234.272 snsvcs.dll
14/06/2005 19:58 234.272 wehisn.dll
14/06/2005 19:52 236.072 crseqchk.dll
14/06/2005 19:52 236.123 dnn0015me.dll
13/06/2005 19:46 236.072 k244lchq1f4e.dll
07/06/2005 12:00 236.072 mcc42loc.dll
27/05/2005 12:12 234.991 enpul1791.dll
26/05/2005 14:57 233.020 fp2203foe.dll
25/05/2005 18:29 235.462 i242lcho1f4c.dll
25/05/2005 11:38 233.020 q2rqlc951f.dll
24/05/2005 19:56 235.462 ofeaccrc.dll
23/05/2005 21:19 233.066 ir86l5ls1.dll
23/05/2005 13:58 233.185 g2lmlc311f.dll
16/05/2005 19:30 235.462 oxedlg.dll
16/05/2005 19:24 236.076 rngapi.dll
12/05/2005 21:14 234.156 msicda.dll
10/05/2005 11:55 232.974 mgastmib.dll
07/05/2005 12:04 232.276 jysh400.dll
27/04/2005 10:41 235.713 gplql3351.dll
25/04/2005 20:25 235.590 h0j4la1q1d.dll
24/04/2005 17:24 235.383 sslunirl.dll
24/09/2003 16:25 <DIR> Microsoft
34 archivos 7.979.802 bytes
2 dirs 5.324.550.144 bytes libres

Buckeye_Sam · June 2005

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

roroman · June 2005

here is the log of l2mfix and the hijackthis log.
thanks buckeye so far my computer is running faster (wow)

L2Mfix 1.03

Running From:
C:\Documents and Settings\Barbara Faudoa\Escritorio\rodrigo\l2mfix

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Read BUILTIN\Usuarios avanzados
(ID-IO) ALLOW Read BUILTIN\Usuarios avanzados
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Setting registry permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry

Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C

BUILTIN\Administradores
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Read BUILTIN\Usuarios avanzados
(ID-IO) ALLOW Read BUILTIN\Usuarios avanzados
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Setting up for Reboot

Starting Reboot!

C:\Documents and Settings\Barbara Faudoa\Escritorio\rodrigo\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Barbara Faudoa\Escritorio\rodrigo\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 684 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\absmsext.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\crseqchk.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\ctmctl32.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\cxmodem.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\dn6m01j1e.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\dnn0015me.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\enpul1791.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\fp2203foe.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\g2lmlc311f.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\g640lghm164a.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\gmlql3351.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\gplql3351.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\h0j4la1q1d.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\i242lcho1f4c.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\ir86l5ls1.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\jysh400.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\k244lchq1f4e.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\l0n40a5qed.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\lvro0993e.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\m2640cjqefoe0.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\mcc42loc.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\mgastmib.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\msicda.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\ofeaccrc.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\oxedlg.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\p4r4le9q1h.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\q2rqlc951f.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\rngapi.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\snsvcs.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\sslunirl.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\ugtfs.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\wehisn.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 archivos copiados.
deleting: C:\WINDOWS\system32\absmsext.dll
Successfully Deleted: C:\WINDOWS\system32\absmsext.dll
deleting: C:\WINDOWS\system32\crseqchk.dll
Successfully Deleted: C:\WINDOWS\system32\crseqchk.dll
deleting: C:\WINDOWS\system32\ctmctl32.dll
Successfully Deleted: C:\WINDOWS\system32\ctmctl32.dll
deleting: C:\WINDOWS\system32\cxmodem.dll
Successfully Deleted: C:\WINDOWS\system32\cxmodem.dll
deleting: C:\WINDOWS\system32\dn6m01j1e.dll
Successfully Deleted: C:\WINDOWS\system32\dn6m01j1e.dll
deleting: C:\WINDOWS\system32\dnn0015me.dll
Successfully Deleted: C:\WINDOWS\system32\dnn0015me.dll
deleting: C:\WINDOWS\system32\enpul1791.dll
Successfully Deleted: C:\WINDOWS\system32\enpul1791.dll
deleting: C:\WINDOWS\system32\fp2203foe.dll
Successfully Deleted: C:\WINDOWS\system32\fp2203foe.dll
deleting: C:\WINDOWS\system32\g2lmlc311f.dll
Successfully Deleted: C:\WINDOWS\system32\g2lmlc311f.dll
deleting: C:\WINDOWS\system32\g640lghm164a.dll
Successfully Deleted: C:\WINDOWS\system32\g640lghm164a.dll
deleting: C:\WINDOWS\system32\gmlql3351.dll
Successfully Deleted: C:\WINDOWS\system32\gmlql3351.dll
deleting: C:\WINDOWS\system32\gplql3351.dll
Successfully Deleted: C:\WINDOWS\system32\gplql3351.dll
deleting: C:\WINDOWS\system32\h0j4la1q1d.dll
Successfully Deleted: C:\WINDOWS\system32\h0j4la1q1d.dll
deleting: C:\WINDOWS\system32\i242lcho1f4c.dll
Successfully Deleted: C:\WINDOWS\system32\i242lcho1f4c.dll
deleting: C:\WINDOWS\system32\ir86l5ls1.dll
Successfully Deleted: C:\WINDOWS\system32\ir86l5ls1.dll
deleting: C:\WINDOWS\system32\jysh400.dll
Successfully Deleted: C:\WINDOWS\system32\jysh400.dll
deleting: C:\WINDOWS\system32\k244lchq1f4e.dll
Successfully Deleted: C:\WINDOWS\system32\k244lchq1f4e.dll
deleting: C:\WINDOWS\system32\l0n40a5qed.dll
Successfully Deleted: C:\WINDOWS\system32\l0n40a5qed.dll
deleting: C:\WINDOWS\system32\lvro0993e.dll
Successfully Deleted: C:\WINDOWS\system32\lvro0993e.dll
deleting: C:\WINDOWS\system32\m2640cjqefoe0.dll
Successfully Deleted: C:\WINDOWS\system32\m2640cjqefoe0.dll
deleting: C:\WINDOWS\system32\mcc42loc.dll
Successfully Deleted: C:\WINDOWS\system32\mcc42loc.dll
deleting: C:\WINDOWS\system32\mgastmib.dll
Successfully Deleted: C:\WINDOWS\system32\mgastmib.dll
deleting: C:\WINDOWS\system32\msicda.dll
Successfully Deleted: C:\WINDOWS\system32\msicda.dll
deleting: C:\WINDOWS\system32\ofeaccrc.dll
Successfully Deleted: C:\WINDOWS\system32\ofeaccrc.dll
deleting: C:\WINDOWS\system32\oxedlg.dll
Successfully Deleted: C:\WINDOWS\system32\oxedlg.dll
deleting: C:\WINDOWS\system32\p4r4le9q1h.dll
Successfully Deleted: C:\WINDOWS\system32\p4r4le9q1h.dll
deleting: C:\WINDOWS\system32\q2rqlc951f.dll
Successfully Deleted: C:\WINDOWS\system32\q2rqlc951f.dll
deleting: C:\WINDOWS\system32\rngapi.dll
Successfully Deleted: C:\WINDOWS\system32\rngapi.dll
deleting: C:\WINDOWS\system32\snsvcs.dll
Successfully Deleted: C:\WINDOWS\system32\snsvcs.dll
deleting: C:\WINDOWS\system32\sslunirl.dll
Successfully Deleted: C:\WINDOWS\system32\sslunirl.dll
deleting: C:\WINDOWS\system32\ugtfs.dll
Successfully Deleted: C:\WINDOWS\system32\ugtfs.dll
deleting: C:\WINDOWS\system32\wehisn.dll
Successfully Deleted: C:\WINDOWS\system32\wehisn.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp

Zipping up files for submission:
adding: absmsext.dll (164 bytes security) (deflated 4%)
adding: crseqchk.dll (164 bytes security) (deflated 6%)
adding: ctmctl32.dll (164 bytes security) (deflated 4%)
adding: cxmodem.dll (164 bytes security) (deflated 5%)
adding: dn6m01j1e.dll (164 bytes security) (deflated 4%)
adding: dnn0015me.dll (164 bytes security) (deflated 6%)
adding: enpul1791.dll (164 bytes security) (deflated 5%)
adding: fp2203foe.dll (164 bytes security) (deflated 5%)
adding: g2lmlc311f.dll (164 bytes security) (deflated 5%)
adding: g640lghm164a.dll (164 bytes security) (deflated 4%)
adding: gmlql3351.dll (164 bytes security) (deflated 5%)
adding: gplql3351.dll (164 bytes security) (deflated 5%)
adding: h0j4la1q1d.dll (164 bytes security) (deflated 5%)
adding: i242lcho1f4c.dll (164 bytes security) (deflated 5%)
adding: ir86l5ls1.dll (164 bytes security) (deflated 5%)
adding: jysh400.dll (164 bytes security) (deflated 4%)
adding: k244lchq1f4e.dll (164 bytes security) (deflated 6%)
adding: l0n40a5qed.dll (164 bytes security) (deflated 4%)
adding: lvro0993e.dll (164 bytes security) (deflated 4%)
adding: m2640cjqefoe0.dll (164 bytes security) (deflated 5%)
adding: mcc42loc.dll (164 bytes security) (deflated 6%)
adding: mgastmib.dll (164 bytes security) (deflated 4%)
adding: msicda.dll (164 bytes security) (deflated 5%)
adding: ofeaccrc.dll (164 bytes security) (deflated 5%)
adding: oxedlg.dll (164 bytes security) (deflated 5%)
adding: p4r4le9q1h.dll (164 bytes security) (deflated 5%)
adding: q2rqlc951f.dll (164 bytes security) (deflated 5%)
adding: rngapi.dll (164 bytes security) (deflated 6%)
adding: snsvcs.dll (164 bytes security) (deflated 4%)
adding: sslunirl.dll (164 bytes security) (deflated 5%)
adding: ugtfs.dll (164 bytes security) (deflated 5%)
adding: wehisn.dll (164 bytes security) (deflated 4%)
adding: guard.tmp (164 bytes security) (deflated 5%)
adding: clear.reg (164 bytes security) (deflated 70%)
adding: echo.reg (164 bytes security) (deflated 12%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 85%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 73%)
adding: test.txt (164 bytes security) (deflated 81%)
adding: test2.txt (164 bytes security) (deflated 49%)
adding: test3.txt (164 bytes security) (deflated 49%)
adding: test5.txt (164 bytes security) (deflated 49%)
adding: xfind.txt (164 bytes security) (deflated 75%)
adding: backregs/03E341BA-BA34-4F14-B085-F33E31FBC714.reg (164 bytes security) (deflated 70%)
adding: backregs/0CF1F215-C032-497F-B708-4305B2B2BFBD.reg (164 bytes security) (deflated 70%)
adding: backregs/290EB4F9-D200-475B-96E2-D4BF7BF013FE.reg (164 bytes security) (deflated 70%)
adding: backregs/2B1F1857-9CF9-4D16-9D5E-63F0BCC652B2.reg (164 bytes security) (deflated 70%)
adding: backregs/3CDC2D76-0C1E-429E-910A-4920ED19EED9.reg (164 bytes security) (deflated 70%)
adding: backregs/4BBFC0CA-09FA-4092-95FF-71756CA52AD2.reg (164 bytes security) (deflated 70%)
adding: backregs/528721DB-AEA0-4353-BD58-3A4244AA9E7A.reg (164 bytes security) (deflated 69%)
adding: backregs/5F100917-DC78-45A5-858C-019B078221C7.reg (164 bytes security) (deflated 69%)
adding: backregs/61CC718F-9FCF-464B-B325-35DBD6A457B0.reg (164 bytes security) (deflated 70%)
adding: backregs/6B44ACF6-4565-4017-9062-08CAB72B3CC2.reg (164 bytes security) (deflated 70%)
adding: backregs/773040AD-48ED-4175-92EB-CA8E1FA11926.reg (164 bytes security) (deflated 70%)
adding: backregs/7B63B720-B5FC-4E1E-A6C8-C7A4C5DEEC82.reg (164 bytes security) (deflated 70%)
adding: backregs/7E987D8C-BDAE-48EE-BFE9-A6CEAAF0E1F8.reg (164 bytes security) (deflated 70%)
adding: backregs/7FEA7DF1-E1F5-4A0B-A1C9-F843DF57E1C1.reg (164 bytes security) (deflated 70%)
adding: backregs/80DB5FE8-7669-4888-9155-53CA4DC4FE90.reg (164 bytes security) (deflated 70%)
adding: backregs/820B2230-82BA-46D3-BCD4-68BD69990696.reg (164 bytes security) (deflated 70%)
adding: backregs/B4670C62-D629-4D60-BAE8-6C7786128284.reg (164 bytes security) (deflated 70%)
adding: backregs/C0767202-9AE8-4EB1-8CBB-D2148A940218.reg (164 bytes security) (deflated 70%)
adding: backregs/CA7E8D1B-CE14-4C66-9D33-20E0EF655499.reg (164 bytes security) (deflated 70%)
adding: backregs/CAD8AAC7-C065-497D-8592-9B324AEBC23D.reg (164 bytes security) (deflated 70%)
adding: backregs/E07DAF7C-FCB9-4ED7-8ADA-7676144FCBF3.reg (164 bytes security) (deflated 70%)
adding: backregs/F55D92A0-879C-461A-BF82-064D8BEE31E5.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Restoring Registry Permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!

Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Read BUILTIN\Usuarios avanzados
(ID-IO) ALLOW Read BUILTIN\Usuarios avanzados
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

deleting local copy: absmsext.dll
deleting local copy: crseqchk.dll
deleting local copy: ctmctl32.dll
deleting local copy: cxmodem.dll
deleting local copy: dn6m01j1e.dll
deleting local copy: dnn0015me.dll
deleting local copy: enpul1791.dll
deleting local copy: fp2203foe.dll
deleting local copy: g2lmlc311f.dll
deleting local copy: g640lghm164a.dll
deleting local copy: gmlql3351.dll
deleting local copy: gplql3351.dll
deleting local copy: h0j4la1q1d.dll
deleting local copy: i242lcho1f4c.dll
deleting local copy: ir86l5ls1.dll
deleting local copy: jysh400.dll
deleting local copy: k244lchq1f4e.dll
deleting local copy: l0n40a5qed.dll
deleting local copy: lvro0993e.dll
deleting local copy: m2640cjqefoe0.dll
deleting local copy: mcc42loc.dll
deleting local copy: mgastmib.dll
deleting local copy: msicda.dll
deleting local copy: ofeaccrc.dll
deleting local copy: oxedlg.dll
deleting local copy: p4r4le9q1h.dll
deleting local copy: q2rqlc951f.dll
deleting local copy: rngapi.dll
deleting local copy: snsvcs.dll
deleting local copy: sslunirl.dll
deleting local copy: ugtfs.dll
deleting local copy: wehisn.dll
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

The following are the files found:
****************************************************************************
C:\WINDOWS\system32\absmsext.dll
C:\WINDOWS\system32\crseqchk.dll
C:\WINDOWS\system32\ctmctl32.dll
C:\WINDOWS\system32\cxmodem.dll
C:\WINDOWS\system32\dn6m01j1e.dll
C:\WINDOWS\system32\dnn0015me.dll
C:\WINDOWS\system32\enpul1791.dll
C:\WINDOWS\system32\fp2203foe.dll
C:\WINDOWS\system32\g2lmlc311f.dll
C:\WINDOWS\system32\g640lghm164a.dll
C:\WINDOWS\system32\gmlql3351.dll
C:\WINDOWS\system32\gplql3351.dll
C:\WINDOWS\system32\h0j4la1q1d.dll
C:\WINDOWS\system32\i242lcho1f4c.dll
C:\WINDOWS\system32\ir86l5ls1.dll
C:\WINDOWS\system32\jysh400.dll
C:\WINDOWS\system32\k244lchq1f4e.dll
C:\WINDOWS\system32\l0n40a5qed.dll
C:\WINDOWS\system32\lvro0993e.dll
C:\WINDOWS\system32\m2640cjqefoe0.dll
C:\WINDOWS\system32\mcc42loc.dll
C:\WINDOWS\system32\mgastmib.dll
C:\WINDOWS\system32\msicda.dll
C:\WINDOWS\system32\ofeaccrc.dll
C:\WINDOWS\system32\oxedlg.dll
C:\WINDOWS\system32\p4r4le9q1h.dll
C:\WINDOWS\system32\q2rqlc951f.dll
C:\WINDOWS\system32\rngapi.dll
C:\WINDOWS\system32\snsvcs.dll
C:\WINDOWS\system32\sslunirl.dll
C:\WINDOWS\system32\ugtfs.dll
C:\WINDOWS\system32\wehisn.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{528721DB-AEA0-4353-BD58-3A4244AA9E7A}"=-
"{290EB4F9-D200-475B-96E2-D4BF7BF013FE}"=-
"{B4670C62-D629-4D60-BAE8-6C7786128284}"=-
"{CAD8AAC7-C065-497D-8592-9B324AEBC23D}"=-
"{80DB5FE8-7669-4888-9155-53CA4DC4FE90}"=-
"{7E987D8C-BDAE-48EE-BFE9-A6CEAAF0E1F8}"=-
"{E07DAF7C-FCB9-4ED7-8ADA-7676144FCBF3}"=-
"{820B2230-82BA-46D3-BCD4-68BD69990696}"=-
"{773040AD-48ED-4175-92EB-CA8E1FA11926}"=-
"{7B63B720-B5FC-4E1E-A6C8-C7A4C5DEEC82}"=-
"{7FEA7DF1-E1F5-4A0B-A1C9-F843DF57E1C1}"=-
"{61CC718F-9FCF-464B-B325-35DBD6A457B0}"=-
"{4BBFC0CA-09FA-4092-95FF-71756CA52AD2}"=-
"{CA7E8D1B-CE14-4C66-9D33-20E0EF655499}"=-
"{3CDC2D76-0C1E-429E-910A-4920ED19EED9}"=-
"{0CF1F215-C032-497F-B708-4305B2B2BFBD}"=-
"{6B44ACF6-4565-4017-9062-08CAB72B3CC2}"=-
"{2B1F1857-9CF9-4D16-9D5E-63F0BCC652B2}"=-
"{C0767202-9AE8-4EB1-8CBB-D2148A940218}"=-
"{F55D92A0-879C-461A-BF82-064D8BEE31E5}"=-
"{5F100917-DC78-45A5-858C-019B078221C7}"=-
"{03E341BA-BA34-4F14-B085-F33E31FBC714}"=-
[-HKEY_CLASSES_ROOT\CLSID\{528721DB-AEA0-4353-BD58-3A4244AA9E7A}]
[-HKEY_CLASSES_ROOT\CLSID\{290EB4F9-D200-475B-96E2-D4BF7BF013FE}]
[-HKEY_CLASSES_ROOT\CLSID\{B4670C62-D629-4D60-BAE8-6C7786128284}]
[-HKEY_CLASSES_ROOT\CLSID\{CAD8AAC7-C065-497D-8592-9B324AEBC23D}]
[-HKEY_CLASSES_ROOT\CLSID\{80DB5FE8-7669-4888-9155-53CA4DC4FE90}]
[-HKEY_CLASSES_ROOT\CLSID\{7E987D8C-BDAE-48EE-BFE9-A6CEAAF0E1F8}]
[-HKEY_CLASSES_ROOT\CLSID\{E07DAF7C-FCB9-4ED7-8ADA-7676144FCBF3}]
[-HKEY_CLASSES_ROOT\CLSID\{820B2230-82BA-46D3-BCD4-68BD69990696}]
[-HKEY_CLASSES_ROOT\CLSID\{773040AD-48ED-4175-92EB-CA8E1FA11926}]
[-HKEY_CLASSES_ROOT\CLSID\{7B63B720-B5FC-4E1E-A6C8-C7A4C5DEEC82}]
[-HKEY_CLASSES_ROOT\CLSID\{7FEA7DF1-E1F5-4A0B-A1C9-F843DF57E1C1}]
[-HKEY_CLASSES_ROOT\CLSID\{61CC718F-9FCF-464B-B325-35DBD6A457B0}]
[-HKEY_CLASSES_ROOT\CLSID\{4BBFC0CA-09FA-4092-95FF-71756CA52AD2}]
[-HKEY_CLASSES_ROOT\CLSID\{CA7E8D1B-CE14-4C66-9D33-20E0EF655499}]
[-HKEY_CLASSES_ROOT\CLSID\{3CDC2D76-0C1E-429E-910A-4920ED19EED9}]
[-HKEY_CLASSES_ROOT\CLSID\{0CF1F215-C032-497F-B708-4305B2B2BFBD}]
[-HKEY_CLASSES_ROOT\CLSID\{6B44ACF6-4565-4017-9062-08CAB72B3CC2}]
[-HKEY_CLASSES_ROOT\CLSID\{2B1F1857-9CF9-4D16-9D5E-63F0BCC652B2}]
[-HKEY_CLASSES_ROOT\CLSID\{C0767202-9AE8-4EB1-8CBB-D2148A940218}]
[-HKEY_CLASSES_ROOT\CLSID\{F55D92A0-879C-461A-BF82-064D8BEE31E5}]
[-HKEY_CLASSES_ROOT\CLSID\{5F100917-DC78-45A5-858C-019B078221C7}]
[-HKEY_CLASSES_ROOT\CLSID\{03E341BA-BA34-4F14-B085-F33E31FBC714}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 20:10:50, on 23/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\S3apphk.exe
C:\WINDOWS\System32\carpserv.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Archivos de programa\Palm\HOTSYNC.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Barbara Faudoa\Configuración local\Temp\Directorio temporal 2 para hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\ARCHIV~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Archivos de programa\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [faqnedmd] c:\windows\system32\faqnedmd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RamBooster] C:\Archivos de programa\RamBooster\Rambooster.exe
O4 - Startup: HotSync Manager.lnk = C:\Archivos de programa\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Archivos de programa\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ru-mx - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\ru-mx\0.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119305875531
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DFC83BE-859D-4893-94B9-772C545EB086}: NameServer = 211.200.175.100
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Buckeye_Sam · June 2005

You're not out of the woods yet.

Please make sure that you can VIEW ALL HIDDEN FILES.

Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
O4 - HKLM\..\Run: [NaviSearch] C:\Archivos de programa\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [faqnedmd] c:\windows\system32\faqnedmd.exe
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

Reboot your computer into SAFE MODE

Then delete these files or directories (Do not be concerned if they do not exist):

c:\windows\system32\faqnedmd.exe
C:\WINDOWS\isrvs
C:\Archivos de programa\NaviSearch

Reboot your computer to go back to normal mode and post a new log.

roroman · June 2005

buckeye:
did not find the
c:\windows\system32\faqnedmd.exe
and
C:\Archivos de programa\NaviSearch
here is the new logs
L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Hoja de propiedades de archivos multimedia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Administraci¢n de esc*ner ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="P*gina de seguridad NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="P*gina de propiedades del archivo de documentos OLE"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del adaptador de pantalla"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del monitor de pantalla"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n de paneo de pantalla del Panel de control"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="P*gina de seguridad DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="P*gina de compatibilidad"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extensi¢n de copia de discos"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensiones del shell para objetos de la red de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Administraci¢n de monitor ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Administraci¢n de impresora ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensiones del shell para compresi¢n de archivos"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extensi¢n del shell de impresora en Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Men£ de contexto de cifrado"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Malet¡n"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extensi¢n de icono de HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fuentes"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Perfil de ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="P*gina de seguridad de impresoras"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n PKO cifrada"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n de firma cifrada"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Conexiones de red"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Conexiones de red"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&C*maras y esc*neres"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&C*maras y esc*neres"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&C*maras y esc*neres"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&C*maras y esc*neres"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&C*maras y esc*neres"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensiones del shell para Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="V¡nculos a datos de Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tareas programadas"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra de tareas y men£ Inicio"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Buscar"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ejecutar..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Correo electr¢nico"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fuentes"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Herramientas administrativas"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra de herramientas de Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Estado de la descarga"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Carpeta Shell aumentada"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Carpeta 2 Shell aumentada"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Banda del explorador de Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Banda de b£squeda"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Banda multimedia"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="B£squeda en panel"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="B£squeda Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilidad de opciones del *rbol de Registro"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Direcci¢n"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Cuadro de la direcci¢n"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autocompletar de Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autocompleta MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Lista autocompleta MRU personalizada"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barra de progreso emergente"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizador de Barra de direcciones"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autocompleta de la historia de Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autocompleta de la carpeta Shell de Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Contenedor de la Lista m£ltiple de Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Men£ de sitio de bandas Shell"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barra de escritorio Shell"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Asistencia al usuario"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Configuraci¢n de carpeta global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Servicio de Historial de las direcciones URL de Microsoft"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historial"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Hook de b£squeda de direcciones URL de Microsoft"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Pantalla de bienvenida de IE4 Suite"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Banda de Explorador"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Carpeta del cach‚ de ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Carpeta de suscripciones"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Administrador de aplicaciones de Shell"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerador de aplicaciones instaladas"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extractor de vistas en miniatura de archivos GDI+"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Controlador de la informaci¢n de resumen para vistas en miniatura (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extractor de vistas en miniatura HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Asistente para la publicaci¢n en Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Pedido de impresiones v¡a web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objeto de Asistente de publicaci¢n de shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Asistente para obtener pasaporte"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Cuentas de usuario"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Archivo de canal"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Acceso directo al canal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Objeto de control de canal"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Carpeta de archivos sin conexi¢n"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personas..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Carpetas Web"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{8e9d6600-f84a-11ce-8daa-00aa004a5691}"="Shell extensions for NetWare"
"{e3f2bac0-099f-11cf-8daa-00aa004a5691}"="Shell extensions for NetWare"
"{52c68510-09a0-11cf-8daa-00aa004a5691}"="Shell extensions for NetWare"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
Directory Listing of system files:
El volumen de la unidad C no tiene etiqueta.
El n£mero de serie del volumen es: 78AC-B37A

Directorio de C:\WINDOWS\System32

20/06/2005 17:20 <DIR> dllcache
24/09/2003 16:25 <DIR> Microsoft
0 archivos 0 bytes
2 dirs 5.296.693.248 bytes libres

Logfile of HijackThis v1.99.1
Scan saved at 19:17:39, on 26/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S3apphk.exe
C:\WINDOWS\System32\carpserv.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Archivos de programa\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Barbara Faudoa\Configuración local\Temp\Directorio temporal 5 para hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\ARCHIV~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RamBooster] C:\Archivos de programa\RamBooster\Rambooster.exe
O4 - Startup: HotSync Manager.lnk = C:\Archivos de programa\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Archivos de programa\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ru-mx - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\ru-mx\0.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119305875531
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DFC83BE-859D-4893-94B9-772C545EB086}: NameServer = 211.200.175.100
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thanks

Buckeye_Sam · June 2005

Fix this line with Hijackthis.

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

Aside from that, your log looks clean to me. Are you having any more problems?

roroman · June 2005

it is running smooth again.
thanks very much
Keep up the good spirits and the helping hand.

Buckeye_Sam · June 2005

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
  1. Change the Download signed ActiveX controls to Prompt
  2. Change the Download unsigned ActiveX controls to Disable
  3. Change the Initialize and script ActiveX controls not marked as safe to Disable
  4. Change the Installation of desktop items to Prompt
  5. Change the Launching programs and files in an IFRAME to Prompt
  6. Change the Navigate sub-frames across different domains to Prompt
  7. When all these settings have been made, click on the OK button.
  8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

A tutorial on installing & using this product can be found here:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

trying to delet 9ringtone

Comments