"loading web site" "9ringtone"...
Hello I'm new here and my english is really poor, so I copied user "hate-ads" post but included my log instead of his...
Could some kind expert help me get rid of some pesky web pages that keep loading. they consist of www.loadingwebsite , www.9ringtone, www.jamster and others. I've tried to do some self help but I don't seem to be able to get rid of them. Its astonshing how resilient they seem to be !!
I have run adware and spbot as per the into instructions and my HJT log follows.
I've reviewed other relevant threads but I thought I had better ask in case thee are subtle differences that would trip me up.
I'd appreciate your help.
Could some kind expert help me get rid of some pesky web pages that keep loading. they consist of www.loadingwebsite , www.9ringtone, www.jamster and others. I've tried to do some self help but I don't seem to be able to get rid of them. Its astonshing how resilient they seem to be !!
I have run adware and spbot as per the into instructions and my HJT log follows.
I've reviewed other relevant threads but I thought I had better ask in case thee are subtle differences that would trip me up.
I'd appreciate your help.
0
This discussion has been closed.
Comments
Scan saved at 20:35:52, on 01/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\Explorer.EXE
D:\Archivos de programa\ZyXEL\ADSL USB Modem\CnxDslTb.exe
D:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
D:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Archivos de programa\Winamp\winampa.exe
D:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe
D:\Archivos de programa\Microsoft AntiSpyware\gcasDtServ.exe
D:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
D:\Archivos de programa\Mozilla Firefox\firefox.exe
D:\Archivos de programa\Free Surfer\fs20.exe
C:\Downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = latam.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\ARCHIV~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\MSDXM.OCX
O4 - HKLM\..\Run: [CnxDslTaskBar] "D:\Archivos de programa\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] D:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Búsqueda en Google - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traducir palabra inglesa - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Descargar con Star Downloader - D:\ARCHIV~1\STARDO~1\sdie.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13A5AA7F-FEFE-4360-A8C7-3B799239FFBA}: NameServer = 200.51.212.7 200.51.211.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{19667BDC-CB0D-4E6F-B840-2FB2DF736B7F}: NameServer = 169.182.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{13A5AA7F-FEFE-4360-A8C7-3B799239FFBA}: NameServer = 200.51.212.7 200.51.211.7
O20 - Winlogon Notify: BITS - D:\WINDOWS\system32\iirnonce.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP]
"Asynchronous"=dword:00000000
"DllName"="D:\\WINDOWS\\system32\\aEd.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{0ADB77AE-30B6-4809-3C2F-2041884789D7}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Hoja de propiedades de archivos multimedia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Administraci¢n de esc*ner ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="P*gina de seguridad NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="P*gina de propiedades del archivo de documentos OLE"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del adaptador de pantalla"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del monitor de pantalla"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n de paneo de pantalla del Panel de control"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="P*gina de seguridad DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="P*gina de compatibilidad"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extensi¢n de copia de discos"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensiones del shell para objetos de la red de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Administraci¢n de monitor ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Administraci¢n de impresora ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensiones del shell para compresi¢n de archivos"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extensi¢n del shell de impresora en Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Men£ de contexto de cifrado"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Malet¡n"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extensi¢n de icono de HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fuentes"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Perfil de ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="P*gina de seguridad de impresoras"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n PKO cifrada"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n de firma cifrada"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Conexiones de red"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Conexiones de red"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&C*maras y esc*neres"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&C*maras y esc*neres"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&C*maras y esc*neres"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&C*maras y esc*neres"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&C*maras y esc*neres"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="V¡nculos a datos de Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tareas programadas"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra de tareas y men£ Inicio"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Buscar"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ejecutar..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Correo electr¢nico"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fuentes"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Herramientas administrativas"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra de herramientas de Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Estado de la descarga"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Carpeta Shell aumentada"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Carpeta 2 Shell aumentada"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Banda del explorador de Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Banda de b£squeda"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Banda multimedia"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="B£squeda en panel"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="B£squeda Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilidad de opciones del *rbol de Registro"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Direcci¢n"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Cuadro de la direcci¢n"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autocompletar de Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autocompleta MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Lista autocompleta MRU personalizada"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barra de progreso emergente"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizador de Barra de direcciones"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autocompleta de la historia de Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autocompleta de la carpeta Shell de Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Contenedor de la Lista m£ltiple de Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Men£ de sitio de bandas Shell"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barra de escritorio Shell"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Asistencia al usuario"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Configuraci¢n de carpeta global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Servicio de Historial de las direcciones URL de Microsoft"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historial"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Hook de b£squeda de direcciones URL de Microsoft"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Pantalla de bienvenida de IE4 Suite"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Banda de Explorador"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Carpeta del cach‚ de ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Carpeta de suscripciones"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Administrador de aplicaciones de Shell"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerador de aplicaciones instaladas"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extractor de vistas en miniatura de archivos GDI+"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Controlador de la informaci¢n de resumen para vistas en miniatura (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extractor de vistas en miniatura HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Asistente para la publicaci¢n en Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Pedido de impresiones v¡a web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objeto de Asistente de publicaci¢n de shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Asistente para obtener pasaporte"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Cuentas de usuario"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Archivo de canal"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Acceso directo al canal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Objeto de control de canal"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Carpeta de archivos sin conexi¢n"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personas..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Carpetas Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{767096BA-F135-434F-AF44-423F67E673DA}"=""
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{767096BA-F135-434F-AF44-423F67E673DA}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{767096BA-F135-434F-AF44-423F67E673DA}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{767096BA-F135-434F-AF44-423F67E673DA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{767096BA-F135-434F-AF44-423F67E673DA}\InprocServer32]
@="
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
D:\WINDOWS\SYSTEM32\
aed.dll Mon 1 Aug 2005 15.01.00 ..S.R 417.792 408,00 K
anledit.dll Thu 28 Jul 2005 19.49.46 ..S.R 417.792 408,00 K
cctsrvut.dll Thu 21 Jul 2005 20.35.28 ..S.R 417.792 408,00 K
citsrv.dll Thu 21 Jul 2005 20.35.22 ..S.R 417.792 408,00 K
cufgnt.dll Fri 22 Jul 2005 20.33.00 ..S.R 417.792 408,00 K
dkd8thk.dll Fri 22 Jul 2005 1.16.26 ..S.R 417.792 408,00 K
dpghelp.dll Fri 22 Jul 2005 1.16.32 ..S.R 417.792 408,00 K
gccoll~1.dll Tue 12 Jul 2005 15.35.14 A.... 126.680 123,71 K
gcmd5q~1.dll Sat 11 Jun 2005 15.07.00 A.... 10.752 10,50 K
gcunco~1.dll Tue 12 Jul 2005 15.35.10 A.... 95.448 93,21 K
hashlib.dll Tue 12 Jul 2005 15.35.14 A.... 117.976 115,21 K
iirnonce.dll Thu 28 Jul 2005 14.30.34 ..... 417.792 408,00 K
iksetup.dll Thu 21 Jul 2005 21.49.22 ..S.R 417.792 408,00 K
islzma.dll Wed 29 Jun 2005 16.33.54 A.... 102.912 100,50 K
iujp81k.dll Thu 21 Jul 2005 21.49.28 ..S.R 417.792 408,00 K
jzmd400.dll Tue 2 Aug 2005 0.11.12 ..S.R 417.792 408,00 K
kmdsf.dll Thu 21 Jul 2005 18.03.32 ..S.R 417.792 408,00 K
krdsp.dll Thu 21 Jul 2005 18.03.40 ..S.R 417.792 408,00 K
meobjs.dll Sun 31 Jul 2005 16.32.54 ..S.R 417.792 408,00 K
mlsign32.dll Mon 11 Jul 2005 12.05.06 ..... 417.792 408,00 K
mmiole16.dll Thu 28 Jul 2005 21.25.12 ..S.R 417.792 408,00 K
morle32.dll Mon 11 Jul 2005 16.53.22 ..S.R 417.792 408,00 K
msi.dll Wed 4 May 2005 14.45.32 A.... 2.890.240 2,75 M
msihnd.dll Wed 4 May 2005 14.45.36 A.... 271.360 265,00 K
msimsg.dll Wed 4 May 2005 14.45.36 A.... 884.736 864,00 K
msisip.dll Wed 4 May 2005 14.45.36 A.... 15.360 15,00 K
msssc.dll Mon 6 Jun 2005 21.44.54 A.... 44 0,04 K
msvcp71.dll Mon 6 Jun 2005 22.08.38 A.... 499.712 488,00 K
nvcod.dll Wed 15 Jun 2005 17.20.00 A.... 32.768 32,00 K
nvcodins.dll Wed 15 Jun 2005 17.20.00 A.... 32.768 32,00 K
nvcplins.dll Wed 15 Jun 2005 17.20.00 A.... 6.803.456 6,49 M
nvhwvid.dll Wed 15 Jun 2005 17.20.00 A.... 540.672 528,00 K
nview.dll Wed 15 Jun 2005 17.20.00 A.... 1.462.272 1,39 M
nvnt4cpl.dll Wed 15 Jun 2005 17.20.00 A.... 286.720 280,00 K
nvrsar.dll Wed 15 Jun 2005 17.20.00 A.... 315.392 308,00 K
nvrscs.dll Wed 15 Jun 2005 17.20.00 A.... 233.472 228,00 K
nvrsda.dll Wed 15 Jun 2005 17.20.00 A.... 241.664 236,00 K
nvrsde.dll Wed 15 Jun 2005 17.20.00 A.... 266.240 260,00 K
nvrsel.dll Wed 15 Jun 2005 17.20.00 A.... 270.336 264,00 K
nvrseng.dll Wed 15 Jun 2005 17.20.00 A.... 233.472 228,00 K
nvrsesm.dll Wed 15 Jun 2005 17.20.00 A.... 262.144 256,00 K
nvrsfi.dll Wed 15 Jun 2005 17.20.00 A.... 233.472 228,00 K
nvrsfr.dll Wed 15 Jun 2005 17.20.00 A.... 270.336 264,00 K
nvrshe.dll Wed 15 Jun 2005 17.20.00 A.... 311.296 304,00 K
nvrshu.dll Wed 15 Jun 2005 17.20.00 A.... 245.760 240,00 K
nvrsit.dll Wed 15 Jun 2005 17.20.00 A.... 266.240 260,00 K
nvrsja.dll Wed 15 Jun 2005 17.20.00 A.... 253.952 248,00 K
nvrsko.dll Wed 15 Jun 2005 17.20.00 A.... 249.856 244,00 K
nvrsnl.dll Wed 15 Jun 2005 17.20.00 A.... 262.144 256,00 K
nvrsno.dll Wed 15 Jun 2005 17.20.00 A.... 241.664 236,00 K
nvrspl.dll Wed 15 Jun 2005 17.20.00 A.... 241.664 236,00 K
nvrspt.dll Wed 15 Jun 2005 17.20.00 A.... 258.048 252,00 K
nvrsptb.dll Wed 15 Jun 2005 17.20.00 A.... 253.952 248,00 K
nvrsru.dll Wed 15 Jun 2005 17.20.00 A.... 258.048 252,00 K
nvrssk.dll Wed 15 Jun 2005 17.20.00 A.... 245.760 240,00 K
nvrssl.dll Wed 15 Jun 2005 17.20.00 A.... 241.664 236,00 K
nvrssv.dll Wed 15 Jun 2005 17.20.00 A.... 241.664 236,00 K
nvrstr.dll Wed 15 Jun 2005 17.20.00 A.... 245.760 240,00 K
nvrszhc.dll Wed 15 Jun 2005 17.20.00 A.... 212.992 208,00 K
nvrszht.dll Wed 15 Jun 2005 17.20.00 A.... 114.688 112,00 K
nvshell.dll Wed 15 Jun 2005 17.20.00 A.... 466.944 456,00 K
nvwddi.dll Wed 15 Jun 2005 17.20.00 A.... 81.920 80,00 K
nvwdmcpl.dll Wed 15 Jun 2005 17.20.00 A.... 1.662.976 1,59 M
nvwimg.dll Wed 15 Jun 2005 17.20.00 A.... 1.019.904 996,00 K
nvwrsar.dll Wed 15 Jun 2005 17.20.00 A.... 282.624 276,00 K
nvwrscs.dll Wed 15 Jun 2005 17.20.00 A.... 286.720 280,00 K
nvwrsda.dll Wed 15 Jun 2005 17.20.00 A.... 294.912 288,00 K
nvwrsde.dll Wed 15 Jun 2005 17.20.00 A.... 311.296 304,00 K
nvwrsel.dll Wed 15 Jun 2005 17.20.00 A.... 335.872 328,00 K
nvwrseng.dll Wed 15 Jun 2005 17.20.00 A.... 286.720 280,00 K
nvwrses.dll Wed 15 Jun 2005 17.20.00 A.... 335.872 328,00 K
nvwrsesm.dll Wed 15 Jun 2005 17.20.00 A.... 327.680 320,00 K
nvwrsfi.dll Wed 15 Jun 2005 17.20.00 A.... 303.104 296,00 K
nvwrsfr.dll Wed 15 Jun 2005 17.20.00 A.... 327.680 320,00 K
nvwrshe.dll Wed 15 Jun 2005 17.20.00 A.... 278.528 272,00 K
nvwrshu.dll Wed 15 Jun 2005 17.20.00 A.... 315.392 308,00 K
nvwrsit.dll Wed 15 Jun 2005 17.20.00 A.... 323.584 316,00 K
nvwrsja.dll Wed 15 Jun 2005 17.20.00 A.... 212.992 208,00 K
nvwrsko.dll Wed 15 Jun 2005 17.20.00 A.... 200.704 196,00 K
nvwrsnl.dll Wed 15 Jun 2005 17.20.00 A.... 319.488 312,00 K
nvwrsno.dll Wed 15 Jun 2005 17.20.00 A.... 299.008 292,00 K
nvwrspl.dll Wed 15 Jun 2005 17.20.00 A.... 294.912 288,00 K
nvwrspt.dll Wed 15 Jun 2005 17.20.00 A.... 323.584 316,00 K
nvwrsptb.dll Wed 15 Jun 2005 17.20.00 A.... 319.488 312,00 K
nvwrsru.dll Wed 15 Jun 2005 17.20.00 A.... 315.392 308,00 K
nvwrssk.dll Wed 15 Jun 2005 17.20.00 A.... 299.008 292,00 K
nvwrssl.dll Wed 15 Jun 2005 17.20.00 A.... 303.104 296,00 K
nvwrssv.dll Wed 15 Jun 2005 17.20.00 A.... 294.912 288,00 K
nvwrstr.dll Wed 15 Jun 2005 17.20.00 A.... 303.104 296,00 K
nvwrszhc.dll Wed 15 Jun 2005 17.20.00 A.... 167.936 164,00 K
nvwrszht.dll Wed 15 Jun 2005 17.20.00 A.... 172.032 168,00 K
rksdlg.dll Thu 21 Jul 2005 23.00.28 ..S.R 417.792 408,00 K
rssapi32.dll Thu 21 Jul 2005 23.00.24 ..S.R 417.792 408,00 K
spmsg.dll Wed 4 May 2005 14.45.28 ..... 15.072 14,72 K
uxtheme.dll Thu 23 Jun 2005 20.34.28 A.... 204.800 200,00 K
vb6stkit.dll Thu 28 Jul 2005 22.20.42 A.... 102.400 100,00 K
96 items found: 96 files (17 H/S), 0 directories.
Total of file sizes: 39.973.268 bytes 38,12 M
Locate .tmp files:
D:\WINDOWS\SYSTEM32\
guard.tmp Sun 24 Jul 2005 2.06.14 ..S.R 417.792 408,00 K
1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 417.792 bytes 408,00 K
**********************************************************************************
Directory Listing of system files:
El volumen de la unidad D no tiene etiqueta.
El n£mero de serie del volumen es: 9C99-9DF7
Directorio de D:\WINDOWS\System32
02/08/2005 00:11 417.792 jzmd400.dll
01/08/2005 15:00 417.792 aEd.dll
31/07/2005 16:32 417.792 meobjs.dll
29/07/2005 00:34 <DIR> dllcache
28/07/2005 21:25 417.792 mmiole16.dll
28/07/2005 19:49 417.792 anledit.dll
24/07/2005 02:06 417.792 guard.tmp
22/07/2005 20:32 417.792 cufgnt.dll
22/07/2005 01:16 417.792 dpghelp.dll
22/07/2005 01:16 417.792 dKd8thk.dll
21/07/2005 23:00 417.792 rKsdlg.dll
21/07/2005 23:00 417.792 rSsapi32.dll
21/07/2005 21:49 417.792 iujp81k.dll
21/07/2005 21:49 417.792 iksetup.dll
21/07/2005 20:35 417.792 cCtsrvut.dll
21/07/2005 20:35 417.792 cItsrv.dll
21/07/2005 18:03 417.792 krdsp.dll
21/07/2005 18:03 417.792 kmdsf.dll
11/07/2005 16:53 417.792 morle32.dll
07/06/2005 00:33 <DIR> Microsoft
18 archivos 7.520.256 bytes
2 dirs 19.601.805.312 bytes libres
From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.
IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!
Running From:
D:\Documents and Settings\Administrador\Escritorio\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Read BUILTIN\Usuarios avanzados
(ID-IO) ALLOW Read BUILTIN\Usuarios avanzados
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C
BUILTIN\Administradores
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Read BUILTIN\Usuarios avanzados
(ID-IO) ALLOW Read BUILTIN\Usuarios avanzados
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
D:\Documents and Settings\Administrador\Escritorio\l2mfix
System Rebooted!
Running From:
D:\Documents and Settings\Administrador\Escritorio\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1488 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1856 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: D:\WINDOWS\system32\anledit.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\anledit.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\cCtsrvut.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\cCtsrvut.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\cItsrv.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\cItsrv.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\cufgnt.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\cufgnt.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\dKd8thk.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\dKd8thk.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\dpghelp.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\dpghelp.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\iksetup.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\iksetup.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\iujp81k.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\iujp81k.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\kmdsf.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\kmdsf.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\krdsp.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\krdsp.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\meobjs.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\meobjs.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\mlsign32.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\mlsign32.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\mmiole16.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\mmiole16.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\morle32.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\morle32.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\rKsdlg.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\rKsdlg.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\rSsapi32.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\rSsapi32.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\wunfax.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\wunfax.dll
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\guard.tmp
1 archivos copiados.
Backing Up: D:\WINDOWS\system32\guard.tmp
1 archivos copiados.
deleting: D:\WINDOWS\system32\anledit.dll
Successfully Deleted: D:\WINDOWS\system32\anledit.dll
deleting: D:\WINDOWS\system32\anledit.dll
Successfully Deleted: D:\WINDOWS\system32\anledit.dll
deleting: D:\WINDOWS\system32\cCtsrvut.dll
Successfully Deleted: D:\WINDOWS\system32\cCtsrvut.dll
deleting: D:\WINDOWS\system32\cCtsrvut.dll
Successfully Deleted: D:\WINDOWS\system32\cCtsrvut.dll
deleting: D:\WINDOWS\system32\cItsrv.dll
Successfully Deleted: D:\WINDOWS\system32\cItsrv.dll
deleting: D:\WINDOWS\system32\cItsrv.dll
Successfully Deleted: D:\WINDOWS\system32\cItsrv.dll
deleting: D:\WINDOWS\system32\cufgnt.dll
Successfully Deleted: D:\WINDOWS\system32\cufgnt.dll
deleting: D:\WINDOWS\system32\cufgnt.dll
Successfully Deleted: D:\WINDOWS\system32\cufgnt.dll
deleting: D:\WINDOWS\system32\dKd8thk.dll
Successfully Deleted: D:\WINDOWS\system32\dKd8thk.dll
deleting: D:\WINDOWS\system32\dKd8thk.dll
Successfully Deleted: D:\WINDOWS\system32\dKd8thk.dll
deleting: D:\WINDOWS\system32\dpghelp.dll
Successfully Deleted: D:\WINDOWS\system32\dpghelp.dll
deleting: D:\WINDOWS\system32\dpghelp.dll
Successfully Deleted: D:\WINDOWS\system32\dpghelp.dll
deleting: D:\WINDOWS\system32\iksetup.dll
Successfully Deleted: D:\WINDOWS\system32\iksetup.dll
deleting: D:\WINDOWS\system32\iksetup.dll
Successfully Deleted: D:\WINDOWS\system32\iksetup.dll
deleting: D:\WINDOWS\system32\iujp81k.dll
Successfully Deleted: D:\WINDOWS\system32\iujp81k.dll
deleting: D:\WINDOWS\system32\iujp81k.dll
Successfully Deleted: D:\WINDOWS\system32\iujp81k.dll
deleting: D:\WINDOWS\system32\kmdsf.dll
Successfully Deleted: D:\WINDOWS\system32\kmdsf.dll
deleting: D:\WINDOWS\system32\kmdsf.dll
Successfully Deleted: D:\WINDOWS\system32\kmdsf.dll
deleting: D:\WINDOWS\system32\krdsp.dll
Successfully Deleted: D:\WINDOWS\system32\krdsp.dll
deleting: D:\WINDOWS\system32\krdsp.dll
Successfully Deleted: D:\WINDOWS\system32\krdsp.dll
deleting: D:\WINDOWS\system32\meobjs.dll
Successfully Deleted: D:\WINDOWS\system32\meobjs.dll
deleting: D:\WINDOWS\system32\meobjs.dll
Successfully Deleted: D:\WINDOWS\system32\meobjs.dll
deleting: D:\WINDOWS\system32\mlsign32.dll
Successfully Deleted: D:\WINDOWS\system32\mlsign32.dll
deleting: D:\WINDOWS\system32\mlsign32.dll
Successfully Deleted: D:\WINDOWS\system32\mlsign32.dll
deleting: D:\WINDOWS\system32\mmiole16.dll
Successfully Deleted: D:\WINDOWS\system32\mmiole16.dll
deleting: D:\WINDOWS\system32\mmiole16.dll
Successfully Deleted: D:\WINDOWS\system32\mmiole16.dll
deleting: D:\WINDOWS\system32\morle32.dll
Successfully Deleted: D:\WINDOWS\system32\morle32.dll
deleting: D:\WINDOWS\system32\morle32.dll
Successfully Deleted: D:\WINDOWS\system32\morle32.dll
deleting: D:\WINDOWS\system32\rKsdlg.dll
Successfully Deleted: D:\WINDOWS\system32\rKsdlg.dll
deleting: D:\WINDOWS\system32\rKsdlg.dll
Successfully Deleted: D:\WINDOWS\system32\rKsdlg.dll
deleting: D:\WINDOWS\system32\rSsapi32.dll
Successfully Deleted: D:\WINDOWS\system32\rSsapi32.dll
deleting: D:\WINDOWS\system32\rSsapi32.dll
Successfully Deleted: D:\WINDOWS\system32\rSsapi32.dll
deleting: D:\WINDOWS\system32\wunfax.dll
Successfully Deleted: D:\WINDOWS\system32\wunfax.dll
deleting: D:\WINDOWS\system32\wunfax.dll
Successfully Deleted: D:\WINDOWS\system32\wunfax.dll
deleting: D:\WINDOWS\system32\guard.tmp
Successfully Deleted: D:\WINDOWS\system32\guard.tmp
deleting: D:\WINDOWS\system32\guard.tmp
Successfully Deleted: D:\WINDOWS\system32\guard.tmp
Zipping up files for submission:
adding: anledit.dll (164 bytes security) (deflated 48%)
adding: cCtsrvut.dll (164 bytes security) (deflated 48%)
adding: cItsrv.dll (164 bytes security) (deflated 48%)
adding: cufgnt.dll (164 bytes security) (deflated 48%)
adding: dKd8thk.dll (164 bytes security) (deflated 48%)
adding: dpghelp.dll (164 bytes security) (deflated 48%)
adding: iksetup.dll (164 bytes security) (deflated 48%)
adding: iujp81k.dll (164 bytes security) (deflated 48%)
adding: kmdsf.dll (164 bytes security) (deflated 48%)
adding: krdsp.dll (164 bytes security) (deflated 48%)
adding: meobjs.dll (164 bytes security) (deflated 48%)
adding: mlsign32.dll (164 bytes security) (deflated 48%)
adding: mmiole16.dll (164 bytes security) (deflated 48%)
adding: morle32.dll (164 bytes security) (deflated 48%)
adding: rKsdlg.dll (164 bytes security) (deflated 48%)
adding: rSsapi32.dll (164 bytes security) (deflated 48%)
adding: wunfax.dll (164 bytes security) (deflated 48%)
adding: guard.tmp (164 bytes security) (deflated 48%)
adding: clear.reg (164 bytes security) (deflated 22%)
adding: echo.reg (164 bytes security) (deflated 11%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 88%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 69%)
adding: test.txt (164 bytes security) (deflated 89%)
adding: test2.txt (164 bytes security) (stored 0%)
adding: test3.txt (164 bytes security) (stored 0%)
adding: test5.txt (164 bytes security) (stored 0%)
adding: xfind.txt (164 bytes security) (deflated 86%)
adding: backregs/767096BA-F135-434F-AF44-423F67E673DA.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Read BUILTIN\Usuarios avanzados
(ID-IO) ALLOW Read BUILTIN\Usuarios avanzados
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332
deleting local copy: anledit.dll
deleting local copy: anledit.dll
deleting local copy: cCtsrvut.dll
deleting local copy: cCtsrvut.dll
deleting local copy: cItsrv.dll
deleting local copy: cItsrv.dll
deleting local copy: cufgnt.dll
deleting local copy: cufgnt.dll
deleting local copy: dKd8thk.dll
deleting local copy: dKd8thk.dll
deleting local copy: dpghelp.dll
deleting local copy: dpghelp.dll
deleting local copy: iksetup.dll
deleting local copy: iksetup.dll
deleting local copy: iujp81k.dll
deleting local copy: iujp81k.dll
deleting local copy: kmdsf.dll
deleting local copy: kmdsf.dll
deleting local copy: krdsp.dll
deleting local copy: krdsp.dll
deleting local copy: meobjs.dll
deleting local copy: meobjs.dll
deleting local copy: mlsign32.dll
deleting local copy: mlsign32.dll
deleting local copy: mmiole16.dll
deleting local copy: mmiole16.dll
deleting local copy: morle32.dll
deleting local copy: morle32.dll
deleting local copy: rKsdlg.dll
deleting local copy: rKsdlg.dll
deleting local copy: rSsapi32.dll
deleting local copy: rSsapi32.dll
deleting local copy: wunfax.dll
deleting local copy: wunfax.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
D:\WINDOWS\system32\anledit.dll
D:\WINDOWS\system32\anledit.dll
D:\WINDOWS\system32\cCtsrvut.dll
D:\WINDOWS\system32\cCtsrvut.dll
D:\WINDOWS\system32\cItsrv.dll
D:\WINDOWS\system32\cItsrv.dll
D:\WINDOWS\system32\cufgnt.dll
D:\WINDOWS\system32\cufgnt.dll
D:\WINDOWS\system32\dKd8thk.dll
D:\WINDOWS\system32\dKd8thk.dll
D:\WINDOWS\system32\dpghelp.dll
D:\WINDOWS\system32\dpghelp.dll
D:\WINDOWS\system32\iksetup.dll
D:\WINDOWS\system32\iksetup.dll
D:\WINDOWS\system32\iujp81k.dll
D:\WINDOWS\system32\iujp81k.dll
D:\WINDOWS\system32\kmdsf.dll
D:\WINDOWS\system32\kmdsf.dll
D:\WINDOWS\system32\krdsp.dll
D:\WINDOWS\system32\krdsp.dll
D:\WINDOWS\system32\meobjs.dll
D:\WINDOWS\system32\meobjs.dll
D:\WINDOWS\system32\mlsign32.dll
D:\WINDOWS\system32\mlsign32.dll
D:\WINDOWS\system32\mmiole16.dll
D:\WINDOWS\system32\mmiole16.dll
D:\WINDOWS\system32\morle32.dll
D:\WINDOWS\system32\morle32.dll
D:\WINDOWS\system32\rKsdlg.dll
D:\WINDOWS\system32\rKsdlg.dll
D:\WINDOWS\system32\rSsapi32.dll
D:\WINDOWS\system32\rSsapi32.dll
D:\WINDOWS\system32\wunfax.dll
D:\WINDOWS\system32\wunfax.dll
D:\WINDOWS\system32\guard.tmp
D:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{767096BA-F135-434F-AF44-423F67E673DA}"=-
[-HKEY_CLASSES_ROOT\CLSID\{767096BA-F135-434F-AF44-423F67E673DA}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Scan saved at 00:42:53, on 02/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Archivos de programa\ZyXEL\ADSL USB Modem\CnxDslTb.exe
D:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
D:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Archivos de programa\Winamp\winampa.exe
D:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe
D:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
D:\Archivos de programa\Microsoft AntiSpyware\gcasDtServ.exe
D:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
D:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\explorer.exe
C:\Downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = latam.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\ARCHIV~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\MSDXM.OCX
O4 - HKLM\..\Run: [CnxDslTaskBar] "D:\Archivos de programa\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] D:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Búsqueda en Google - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traducir palabra inglesa - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Descargar con Star Downloader - D:\ARCHIV~1\STARDO~1\sdie.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13A5AA7F-FEFE-4360-A8C7-3B799239FFBA}: NameServer = 200.51.212.7 200.51.211.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{19667BDC-CB0D-4E6F-B840-2FB2DF736B7F}: NameServer = 169.182.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{13A5AA7F-FEFE-4360-A8C7-3B799239FFBA}: NameServer = 200.51.212.7 200.51.211.7
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
===============
We'll need to unload Spybot's Teatimer before we begin. To do this can you start Spybot and go to Tools > Resident and uncheck the box next to Tea-Timer. Make sure that the icon in the system tray is no longer there. If it is, just right click on it and select "Exit". Do not forget to re-enable it when we are done
===============
Still in HiJackThis, click "Scan", then check(tick) the following, if present:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Scan saved at 01:03:58, on 02/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Archivos de programa\ZyXEL\ADSL USB Modem\CnxDslTb.exe
D:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
D:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Archivos de programa\Winamp\winampa.exe
D:\Archivos de programa\Microsoft AntiSpyware\gcasDtServ.exe
D:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
D:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe
D:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Archivos de programa\Winamp\winamp.exe
D:\Archivos de programa\Mozilla Firefox\firefox.exe
D:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = latam.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\ARCHIV~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\MSDXM.OCX
O4 - HKLM\..\Run: [CnxDslTaskBar] "D:\Archivos de programa\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] D:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Búsqueda en Google - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traducir palabra inglesa - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Descargar con Star Downloader - D:\ARCHIV~1\STARDO~1\sdie.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13A5AA7F-FEFE-4360-A8C7-3B799239FFBA}: NameServer = 200.51.212.7 200.51.211.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{19667BDC-CB0D-4E6F-B840-2FB2DF736B7F}: NameServer = 169.182.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{13A5AA7F-FEFE-4360-A8C7-3B799239FFBA}: NameServer = 200.51.212.7 200.51.211.7
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O2 - BHO: (no name) - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
Are you still having problems
Scan saved at 01:12:20, on 02/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Archivos de programa\ZyXEL\ADSL USB Modem\CnxDslTb.exe
D:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
D:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Archivos de programa\Winamp\winampa.exe
D:\Archivos de programa\Microsoft AntiSpyware\gcasDtServ.exe
D:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = latam.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\ARCHIV~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\MSDXM.OCX
O4 - HKLM\..\Run: [CnxDslTaskBar] "D:\Archivos de programa\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] D:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Búsqueda en Google - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traducir palabra inglesa - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Descargar con Star Downloader - D:\ARCHIV~1\STARDO~1\sdie.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://D:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19667BDC-CB0D-4E6F-B840-2FB2DF736B7F}: NameServer = 169.182.0.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O2 - BHO: (no name) - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
Thank You. I really appreciate your help.
This thread is now closed. If you need it reopened, please send a PM to one of our Mods.
Include the link to the thread and detail why you need it reopened.
If this is not your thread please start a New Topic.