MSN Messenger Facebook spam getting annoying!

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

MSN Messenger Facebook spam getting annoying!, My msn keeps sending fake ''face-book'' links

Options

jocacobe View Member Profile	Aug 3 2009, 06:17 AM Post #1
Member Posts: 12 From: Dominican Republic OS: XP	Hi there, It's been two days since a friend of mine told me I kept sending them a weird link (spam). These links are mostly like www.face-book.com, www.face-book.ws, etc... I've looked everywhere for a fix to this apparent MSN spam or hijack or w/e, but I can't find a solution! I have the AVG anti-virus and I've scanned twice with Spybot and AVG and my messenger keeps sending the links! Also, MSN Virus Remover doesn't work. I've also tried changing my hotmail account password, but with no success... UPDATE I've been having a new symptom: A new tab opens up by itself in Firefox with the following URL : http://www.thenewspedia.com/index.php/components/health ... and another one with some kind of 'windows live survey, we need your help' scam... Here is my HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:11:50 a.m., on 03/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\S3trayp.exe C:\WINDOWS\RTHDCPL.EXE C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\Communications_Helper.exe C:\Archivos de programa\Logitech\QuickCam10\QuickCam10.exe C:\ARCHIV~1\AVG\AVG8\avgtray.exe C:\Archivos de programa\Windows Live\Family Safety\fsui.exe C:\Archivos de programa\Java\jre6\bin\jusched.exe C:\Archivos de programa\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe C:\Archivos de programa\Bonjour\mDNSResponder.exe C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\LVComSX.exe C:\Archivos de programa\Java\jre6\bin\jqs.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\ARCHIV~1\AVG\AVG8\avgrsx.exe C:\ARCHIV~1\AVG\AVG8\avgemc.exe C:\ARCHIV~1\AVG\AVG8\avgnsx.exe C:\Archivos de programa\AVG\AVG8\avgcsrvx.exe C:\Archivos de programa\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Archivos de programa\Logitech\QuickCam10\COCIManager.exe C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe C:\Archivos de programa\Windows Live\Contacts\wlcomm.exe C:\Archivos de programa\Mozilla Firefox\firefox.exe C:\Archivos de programa\Windows Live\Mail\wlmail.exe C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Archivos de programa\Windows Live\Family Safety\fssbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Archivos de programa\Windows Live\Messenger\wlchtc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Archivos de programa\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\winampa.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Archivos de programa\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [fssui] "C:\Archivos de programa\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h O4 - HKCU\..\Run: [LDM] C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICIO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Servicio de red') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: bw+0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll O18 - Protocol: offline-8876480 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Archivos de programa\Archivos comunes\Logitech\SrvLnch\SrvLnch.exe -- End of file - 24145 bytes Any help will be appreciated, Thanks in advance! -Joseph C. This post has been edited by jocacobe: Aug 9 2009, 04:53 AM

SpySentinel View Member Profile	Aug 10 2009, 02:53 PM Post #2
Trusted Helper Posts: 3,969 From: The United States OS: Windows XP SP3 & Windows Vista SP1	Hi Joseph, Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem. Sorry for the delay, we have been very busy lately, and I apologize for your wait. Step #1 Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. Step #2 We Need to check for Rootkits with RootRepeal Download RootRepeal from the following location and save it to your desktop. Zip Mirrors (Recommended) Primary Mirror Secondary Mirror Secondary Mirror Rar Mirrors - Only if you know what a RAR is and can extract it. Primary Mirror Secondary Mirror Secondary Mirror Extract RootRepeal.exe from the archive. Open on your desktop. Click the tab. Click the button. Check all seven boxes: Push Ok Check the box for your main system drive (Usually C:), and press Ok. Allow RootRepeal to run a scan of your system. This may take some time. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please. Step #3 Please download Malwarebytes' Anti-Malware Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Logs to Post: OTL Log RootRepeal Log MBAM Log

jocacobe View Member Profile	Aug 12 2009, 06:28 AM Post #3
Member Posts: 12 From: Dominican Republic OS: XP	Hey SpySentinel! Thank you so much for helping me! Ok, first of all, before you replied to my topic I read the guide in the forum to remove malware and used some of the tools there. This had no sucess, however found a few infections which I removed. I had used MBAM on August 10th, but I will post both MBAM logs; the one from today and the one from the 10th, since they both found some problem. Second, my OS language is spanish (I work in the Dominican Republic), and I noticed that on Extra.txt log there are some errors which are in spanish. I hope there will be no problem with this since it's easy to understand the context. If you need translation just post it here and I'll tell you! Ok, here we go: OTL LOG: OTL logfile created on: 12/08/2009 07:50:02 a.m. - Run 1 OTL by OldTimer - Version 3.0.10.6 Folder = C:\Documents and Settings\Felipe\Escritorio\ñema Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00002C0A \| Country: Argentina \| Language: ESS \| Date Format: dd/MM/yyyy 958.36 Mb Total Physical Memory \| 179.09 Mb Available Physical Memory \| 18.69% Memory free 2.85 Gb Paging File \| 2.16 Gb Available in Paging File \| 75.64% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Archivos de programa Drive C: \| 37.99 Gb Total Space \| 23.09 Gb Free Space \| 60.79% Space Free \| Partition Type: NTFS Drive D: \| 36.53 Gb Total Space \| 19.13 Gb Free Space \| 52.36% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC Current User Name: Felipe Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\WINDOWS\System32\LEXBCES.EXE (Lexmark International, Inc.) PRC - C:\WINDOWS\System32\LEXPPS.EXE (Lexmark International, Inc.) PRC - c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Archivos de programa\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Archivos de programa\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) PRC - C:\Archivos de programa\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Archivos de programa\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Archivos de programa\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation) PRC - C:\Archivos de programa\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Archivos de programa\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.) PRC - C:\WINDOWS\System32\S3trayp.exe (S3 Graphics Co., Ltd.) PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) PRC - C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.) PRC - C:\Archivos de programa\Logitech\QuickCam10\QuickCam10.exe () PRC - C:\Archivos de programa\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Archivos de programa\Windows Live\Family Safety\fsui.exe (Microsoft Corporation) PRC - C:\Archivos de programa\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Archivos de programa\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) PRC - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech) PRC - C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\LVComSX.exe (Logitech Inc.) PRC - C:\Archivos de programa\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Archivos de programa\Logitech\QuickCam10\COCIManager.exe (Logitech Inc.) PRC - C:\Archivos de programa\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Archivos de programa\Windows Live\Mail\wlmail.exe (Microsoft Corporation) PRC - C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Documents and Settings\Felipe\Escritorio\ñema\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\System32\msfeedssync.exe (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device [Auto \| Running]) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (avg8emc [Auto \| Running]) -- C:\Archivos de programa\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg8wd [Auto \| Running]) -- C:\Archivos de programa\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Bonjour Service [Auto \| Running]) -- C:\Archivos de programa\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (fsssvc [Auto \| Running]) -- C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (gusvc [On_Demand \| Stopped]) -- C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (iPod Service [On_Demand \| Running]) -- C:\Archivos de programa\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto \| Running]) -- C:\Archivos de programa\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (Lavasoft Ad-Aware Service [Auto \| Running]) -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (LexBceS [Auto \| Running]) -- C:\WINDOWS\System32\LEXBCES.EXE (Lexmark International, Inc.) SRV - (LVPrcSrv [Auto \| Running]) -- c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe (Logitech Inc.) SRV - (LVSrvLauncher [Auto \| Stopped]) -- C:\Archivos de programa\Archivos comunes\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (MDM [Auto \| Running]) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (ose [On_Demand \| Stopped]) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (UMWdf [Auto \| Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AvgLdx86 [System \| Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86 [System \| Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgTdiX [System \| Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (FETNDIS [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. ) DRV - (FETNDISB [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. ) DRV - (fssfltr [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation) DRV - (GEARAspiWDM [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (HDAudBus [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider) DRV - (IntcAzAudAddService [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (Lbd [Boot \| Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (LVcKap [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\LVcKap.sys (Logitech Inc.) DRV - (LVMVDrv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys (Logitech Inc.) DRV - (LVPr2Mon [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys () DRV - (LVUSBSta [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\lvusbsta.sys (Logitech Inc.) DRV - (PID_0928 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\LV561AV.SYS (Logitech Inc.) DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot \| Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (S3GIGP [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\S3gIGPm.sys (S3 Graphics Co., Ltd.) DRV - (Secdrv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (tap0801 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\tap0801.sys (The OpenVPN Project) DRV - (USBAAPL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.) DRV - (usbaudio [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (videX32 [Boot \| Running]) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.) DRV - (xfilt [Boot \| Running]) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 FF - prefs.js..extensions.enabledItems: es-MX@dictionaries.addons.mozilla.org:1.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6 FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:1.2 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Archivos de programa\AVG\AVG8\Firefox [2009/07/01 08:26:46 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Archivos de programa\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/07/01 08:26:05 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ff [2008/10/30 15:26:40 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/12 03:11:56 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2009/08/04 08:48:37 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2009/08/04 08:48:38 \| 00,000,000 \| ---D \| M] [2009/01/09 17:53:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Felipe\Datos de programa\mozilla\Extensions [2009/01/09 17:53:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Felipe\Datos de programa\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/08/12 07:36:42 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Felipe\Datos de programa\mozilla\Firefox\Profiles\7esjtkhz.default\extensions [2009/01/07 17:00:00 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Felipe\Datos de programa\mozilla\Firefox\Profiles\7esjtkhz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/07/23 16:36:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Felipe\Datos de programa\mozilla\Firefox\Profiles\7esjtkhz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/07/01 17:17:56 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Felipe\Datos de programa\mozilla\Firefox\Profiles\7esjtkhz.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08} [2009/02/18 20:30:59 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Felipe\Datos de programa\mozilla\Firefox\Profiles\7esjtkhz.default\extensions\es-MX@dictionaries.addons.mozilla.org [2008/11/06 14:31:49 \| 00,002,109 \| ---- \| M] () -- C:\Documents and Settings\Felipe\Datos de programa\Mozilla\FireFox\Profiles\7esjtkhz.default\searchplugins\youtube-video-search.xml [2009/08/12 07:36:42 \| 00,000,000 \| ---D \| M] -- C:\Archivos de programa\mozilla firefox\extensions [2008/06/16 22:45:04 \| 00,000,000 \| ---D \| M] -- C:\Archivos de programa\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/08/04 08:48:37 \| 00,000,000 \| ---D \| M] -- C:\Archivos de programa\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/10/30 15:26:56 \| 00,000,000 \| ---D \| M] -- C:\Archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2008/12/04 00:24:42 \| 00,000,000 \| ---D \| M] -- C:\Archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/04/02 12:44:26 \| 00,000,000 \| ---D \| M] -- C:\Archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/08/06 09:42:32 \| 00,000,000 \| ---D \| M] -- C:\Archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/08/04 08:48:31 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browserdirprovider.dll [2009/08/04 08:48:31 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\brwsrcmp.dll [2009/07/25 05:23:01 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdeploytk.dll [2008/06/10 20:03:12 \| 01,335,600 \| ---- \| M] (DivX,Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdivx32.dll [2009/08/04 08:48:32 \| 00,065,528 \| ---- \| M] (mozilla.org) -- C:\Archivos de programa\mozilla firefox\plugins\npnul32.dll [2007/03/22 21:23:30 \| 00,017,248 \| ---- \| M] (Microsoft Corporation) -- C:\Archivos de programa\mozilla firefox\plugins\NPOFFICE.DLL [2008/10/14 21:33:30 \| 00,095,600 \| ---- \| M] (Adobe Systems Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\nppdf32.dll [2009/07/08 15:30:58 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin.dll [2009/07/08 15:30:58 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin2.dll [2009/07/08 15:30:58 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin3.dll [2009/07/08 15:30:58 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin4.dll [2009/07/08 15:30:58 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin5.dll [2009/07/08 15:30:58 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin6.dll [2009/07/08 15:30:58 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin7.dll [2009/07/08 15:30:58 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin8.dll [2009/01/09 17:53:40 \| 00,001,394 \| ---- \| M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\amazondotcom.xml [2009/01/09 17:53:40 \| 00,002,193 \| ---- \| M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\answers.xml [2009/07/01 14:15:14 \| 00,001,489 \| ---- \| M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\avg_igeared.xml [2009/01/09 17:53:40 \| 00,001,534 \| ---- \| M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\creativecommons.xml [2009/01/09 17:53:40 \| 00,002,343 \| ---- \| M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay.xml [2009/01/09 17:53:40 \| 00,001,706 \| ---- \| M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\google.xml [2009/01/09 17:53:40 \| 00,001,178 \| ---- \| M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia.xml [2009/01/09 17:53:40 \| 00,000,792 \| ---- \| M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (318491 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10922 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Archivos de programa\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Archivos de programa\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Archivos de programa\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Archivos de programa\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [fssui] C:\Archivos de programa\Windows Live\Family Safety\fsui.exe (Microsoft Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Archivos de programa\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Archivos de programa\Logitech\QuickCam10\QuickCam10.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [QuickTime Task] C:\Archivos de programa\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [S3Trayp] C:\WINDOWS\System32\S3trayp.exe (S3 Graphics Co., Ltd.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe File not found O4 - HKCU..\Run: [ares] C:\Archivos de programa\Ares\Ares.exe File not found O4 - HKCU..\Run: [LDM] C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech) O4 - HKCU..\Run: [MsnMsgr] C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Logitech Desktop Messenger.lnk = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 196.3.81.5 200.88.127.22 O18 - Protocol\Handler\bw+0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw+0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw-0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw00 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw00s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw-0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw10 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw10s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw20 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw20s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw30 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw30s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw40 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw40s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw50 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw50s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw60 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw60s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw70 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw70s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw80 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw80s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw90 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw90s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwa0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwa0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwb0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwb0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwc0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwc0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwd0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwd0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwe0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwe0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwf0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwf0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwg0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwg0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwh0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwh0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwi0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwi0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwj0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwj0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwk0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwk0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwl0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwl0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwm0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwm0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwn0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwn0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwo0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwo0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwp0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwp0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwq0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwq0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwr0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwr0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bws0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bws0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwt0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwt0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwu0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwu0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwv0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwv0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bww0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bww0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwx0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwx0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwy0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwy0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwz0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwz0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\offline-8876480 {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter: - x-sdch - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-7116568769-7389958157-042186739-2252\nissan.exe) - C:\RECYCLER\S-1-5-21-7116568769-7389958157-042186739-2252\nissan.exe () O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/05/19 23:30:50 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{f837f514-30e8-11de-8d60-0019dbabc147}\Shell\AutoRun\command - "" = F:\BORO\kawasaki.exe -- File not found O33 - MountPoints2\{f837f514-30e8-11de-8d60-0019dbabc147}\Shell\explore\command - "" = F:\.\\BORO\\\kawasaki.exe -- File not found O33 - MountPoints2\{f837f514-30e8-11de-8d60-0019dbabc147}\Shell\open\command - "" = F:\BORO\\\\\kawasaki.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () ========== Files/Folders - Created Within 30 Days ========== [2009/08/12 05:55:50 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\LastGood [2009/08/12 03:08:38 \| 00,000,000 \| ---D \| C] -- C:\8bd9f25ee2e36cf8576b9732 [2009/08/12 03:01:16 \| 00,000,000 \| -HSD \| C] -- C:\Config.Msi [2009/08/10 17:25:57 \| 00,015,688 \| ---- \| C] () -- C:\WINDOWS\System32\lsdelete.exe [2009/08/10 17:15:15 \| 00,000,500 \| ---- \| C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/08/10 17:14:56 \| 00,064,160 \| ---- \| C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009/08/10 17:13:49 \| 00,000,000 \| -H-D \| C] -- C:\Documents and Settings\All Users\Datos de programa\{EF63305C-BAD7-4144-9208-D65528260864} [2009/08/10 17:13:48 \| 00,000,916 \| ---- \| C] () -- C:\Documents and Settings\All Users\Escritorio\Ad-Aware.lnk [2009/08/10 17:13:33 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Datos de programa\Lavasoft [2009/08/10 17:13:33 \| 00,000,000 \| ---D \| C] -- C:\Archivos de programa\Lavasoft [2009/08/10 17:00:42 \| 60,857,536 \| ---- \| C] (Lavasoft ) -- C:\Documents and Settings\Felipe\Escritorio\Ad-AwareAE.exe [2009/08/10 16:57:08 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Felipe\Datos de programa\Malwarebytes [2009/08/10 16:57:05 \| 00,000,731 \| ---- \| C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk [2009/08/10 16:57:02 \| 00,038,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/08/10 16:57:01 \| 00,019,096 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/08/10 16:57:01 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes [2009/08/10 16:57:01 \| 00,000,000 \| ---D \| C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware [2009/08/10 16:55:04 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/08/10 16:54:45 \| 00,000,646 \| ---- \| C] () -- C:\Documents and Settings\Felipe\Escritorio\NTREGOPT.lnk [2009/08/10 16:54:44 \| 00,000,627 \| ---- \| C] () -- C:\Documents and Settings\Felipe\Escritorio\ERUNT.lnk [2009/08/10 16:54:40 \| 00,000,000 \| ---D \| C] -- C:\Archivos de programa\ERUNT [2009/08/10 16:51:09 \| 00,000,000 \| ---D \| C] -- C:\Archivos de programa\MSBuild [2009/08/10 16:47:40 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\System32\XPSViewer [2009/08/10 16:46:58 \| 00,000,000 \| ---D \| C] -- C:\Archivos de programa\Reference Assemblies [2009/08/10 16:46:25 \| 00,014,048 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll [2009/08/10 16:31:02 \| 00,000,000 \| R-SD \| C] -- C:\WINDOWS\assembly [2009/08/10 16:31:01 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\Microsoft.NET [2009/08/10 16:30:57 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\System32\URTTemp [2009/08/10 16:14:54 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Felipe\Escritorio\ñema [2009/08/06 09:42:30 \| 00,149,280 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/08/06 09:42:30 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/08/06 09:42:30 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/08/03 08:11:21 \| 00,001,797 \| ---- \| C] () -- C:\Documents and Settings\Felipe\Escritorio\HijackThis.lnk [2009/08/03 08:11:19 \| 00,000,000 \| ---D \| C] -- C:\Archivos de programa\Trend Micro [2009/08/03 07:12:38 \| 00,000,982 \| ---- \| C] () -- C:\Documents and Settings\Felipe\Escritorio\Spybot - Search & Destroy.lnk [2009/08/03 07:12:28 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy [2009/08/03 07:12:28 \| 00,000,000 \| ---D \| C] -- C:\Archivos de programa\Spybot - Search & Destroy [2009/07/31 02:20:39 \| 00,000,839 \| ---- \| C] () -- C:\Documents and Settings\Felipe\Escritorio\Reproductor de Windows Media.lnk [2009/06/29 17:45:17 \| 00,000,023 \| ---- \| C] () -- C:\WINDOWS\SWFDecompiler.INI [2009/06/29 16:19:29 \| 01,970,176 \| ---- \| C] () -- C:\WINDOWS\System32\d3dx9.dll [2009/06/14 17:39:41 \| 00,192,512 \| ---- \| C] () -- C:\WINDOWS\System32\ssresources.dll [2009/06/14 17:39:41 \| 00,020,481 \| ---- \| C] () -- C:\WINDOWS\System32\SystemsHook.dll [2009/06/10 03:01:59 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\PROTOCOL.INI [2009/03/04 12:22:48 \| 00,000,434 \| ---- \| C] () -- C:\WINDOWS\LEXSTAT.INI [2009/02/27 03:37:47 \| 04,762,112 \| ---- \| C] () -- C:\WINDOWS\System32\NCMedia.dll [2008/11/08 14:02:12 \| 00,000,049 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2008/10/11 20:00:04 \| 00,000,031 \| ---- \| C] () -- C:\WINDOWS\System32\winnsdows2.dll [2008/10/10 01:38:32 \| 00,765,952 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2008/10/10 01:38:32 \| 00,383,238 \| ---- \| C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2008/05/24 19:03:45 \| 00,000,379 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2007/10/12 03:11:58 \| 00,022,334 \| R--- \| C] () -- C:\WINDOWS\System32\lvcoinst.ini [2006/06/26 10:33:40 \| 00,023,472 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2003/04/11 12:14:14 \| 00,005,827 \| ---- \| C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001/08/24 06:00:00 \| 00,000,647 \| ---- \| C] () -- C:\WINDOWS\win.ini [2001/08/24 06:00:00 \| 00,000,263 \| ---- \| C] () -- C:\WINDOWS\system.ini ========== Files - Modified Within 30 Days ========== [2009/08/12 07:50:24 \| 00,000,490 \| -H-- \| M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1D1F8161-9D7D-4E01-AC74-37A2BC799E8B}.job [2009/08/12 07:47:24 \| 00,069,656 \| ---- \| M] () -- C:\Documents and Settings\Felipe\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT [2009/08/12 03:25:04 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/08/12 03:25:00 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/08/12 03:24:58 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/08/12 03:24:55 \| 00,269,392 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/08/12 03:16:12 \| 01,078,316 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/08/12 03:16:12 \| 00,505,318 \| ---- \| M] () -- C:\WINDOWS\System32\perfh00A.dat [2009/08/12 03:16:12 \| 00,441,574 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2009/08/12 03:16:12 \| 00,090,948 \| ---- \| M] () -- C:\WINDOWS\System32\perfc00A.dat [2009/08/12 03:16:12 \| 00,071,510 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2009/08/11 10:18:02 \| 00,000,434 \| ---- \| M] () -- C:\WINDOWS\LEXSTAT.INI [2009/08/11 10:15:00 \| 00,078,507 \| ---- \| M] () -- C:\Documents and Settings\Felipe\Escritorio\Envio Datos.mht [2009/08/11 08:58:28 \| 39,735,262 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/08/11 08:58:28 \| 00,060,374 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/08/10 17:15:15 \| 00,000,500 \| ---- \| M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/08/10 17:13:48 \| 00,000,916 \| ---- \| M] () -- C:\Documents and Settings\All Users\Escritorio\Ad-Aware.lnk [2009/08/10 17:08:32 \| 60,857,536 \| ---- \| M] (Lavasoft ) -- C:\Documents and Settings\Felipe\Escritorio\Ad-AwareAE.exe [2009/08/10 16:57:05 \| 00,000,731 \| ---- \| M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk [2009/08/10 16:54:45 \| 00,000,646 \| ---- \| M] () -- C:\Documents and Settings\Felipe\Escritorio\NTREGOPT.lnk [2009/08/10 16:54:44 \| 00,000,627 \| ---- \| M] () -- C:\Documents and Settings\Felipe\Escritorio\ERUNT.lnk [2009/08/09 23:27:15 \| 00,068,608 \| ---- \| M] () -- C:\Documents and Settings\Felipe\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/06 14:16:34 \| 00,318,491 \| R--- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/08/03 13:36:28 \| 00,038,160 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/08/03 13:36:06 \| 00,019,096 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/08/03 08:11:21 \| 00,001,797 \| ---- \| M] () -- C:\Documents and Settings\Felipe\Escritorio\HijackThis.lnk [2009/08/03 07:12:38 \| 00,000,982 \| ---- \| M] () -- C:\Documents and Settings\Felipe\Escritorio\Spybot - Search & Destroy.lnk [2009/07/31 23:03:10 \| 00,000,049 \| ---- \| M] () -- C:\WINDOWS\NeroDigital.ini [2009/07/31 02:20:39 \| 00,000,839 \| ---- \| M] () -- C:\Documents and Settings\Felipe\Escritorio\Reproductor de Windows Media.lnk [2009/07/29 03:01:47 \| 00,000,584 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/07/25 05:23:07 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/07/25 05:23:07 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/07/25 05:23:05 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/07/25 05:23:00 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/07/25 03:00:33 \| 00,073,728 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/07/24 08:56:35 \| 00,335,752 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009/07/19 09:28:27 \| 03,597,824 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2009/07/19 09:28:27 \| 03,597,824 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2009/07/19 09:28:25 \| 06,067,200 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll [2009/07/19 09:28:25 \| 06,067,200 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2009/07/13 17:10:44 \| 00,000,647 \| ---- \| M] () -- C:\WINDOWS\win.ini ========== LOP Check ========== [2009/08/10 17:13:33 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Datos de programa [2009/04/13 17:23:27 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Datos de programa\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/08/10 17:13:49 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Datos de programa\{EF63305C-BAD7-4144-9208-D65528260864} [2009/07/01 17:22:15 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Datos de programa\AVG Security Toolbar [2009/02/25 13:00:00 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Datos de programa\Azureus [2008/09/18 12:34:17 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Datos de programa\CanonBJ [2008/12/28 08:24:15 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Datos de programa\OrbNetworks [2009/07/01 17:20:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Datos de programa\TEMP [2009/08/10 16:57:08 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Felipe\Datos de programa [2008/10/30 16:19:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Felipe\Datos de programa\Ahead [2008/09/10 15:05:12 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Felipe\Datos de programa\AVGTOOLBAR [2009/02/25 13:10:39 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Felipe\Datos de programa\Azureus [2008/10/30 16:04:55 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Felipe\Datos de programa\FinalBurner MP3 [2009/02/24 09:26:17 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Felipe\Datos de programa\GetRight [2009/04/15 22:58:55 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Felipe\Datos de programa\U3 [2009/03/01 21:33:31 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Felipe\Datos de programa\uTorrent [2009/06/19 12:55:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Felipe\Datos de programa\YoudaGames [2009/08/10 17:15:15 \| 00,000,500 \| ---- \| M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2001/08/24 06:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/08/12 03:25:04 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/08/12 07:50:24 \| 00,000,490 \| -H-- \| M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1D1F8161-9D7D-4E01-AC74-37A2BC799E8B}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:0C1EFF69 < End of report > ROOTREPEAL LOG:* ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/12 07:51 Program Version: Version 1.3.3.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF55B8000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7B2B000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xEFB65000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "Lbd.sys" at address 0xf75c187e #: 247 Function Name: NtSetValueKey Status: Hooked by "Lbd.sys" at address 0xf75c1bfe ==EOF== MBAM LOG(S): (2009-08-10): Malwarebytes' Anti-Malware 1.40 Database version: 2594 Windows 5.1.2600 Service Pack 3 10/08/2009 05:04:36 p.m. mbam-log-2009-08-10 (17-04-36).txt Scan type: Quick Scan Objects scanned: 92115 Time elapsed: 6 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) (2009-08-12): Malwarebytes' Anti-Malware 1.40 Database version: 2594 Windows 5.1.2600 Service Pack 3 12/08/2009 08:14:04 a.m. mbam-log-2009-08-12 (08-14-04).txt Scan type: Quick Scan Objects scanned: 92415 Time elapsed: 6 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Thanks in advance! -Joseph

SpySentinel View Member Profile	Aug 12 2009, 07:35 PM Post #4
Trusted Helper Posts: 3,969 From: The United States OS: Windows XP SP3 & Windows Vista SP1	Hi Joseph, You're welcome Thanks for offering to translate. I will let you know if I need help with anything, I took Spanish for 4 years but forget a lot if it Run OTL.exe Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-7116568769-7389958157-042186739-2252\nissan.exe) - C:\RECYCLER\S-1-5-21-7116568769-7389958157-042186739-2252\nissan.exe () O33 - MountPoints2\{f837f514-30e8-11de-8d60-0019dbabc147}\Shell\AutoRun\command - "" = F:\BORO\kawasaki.exe -- File not found O33 - MountPoints2\{f837f514-30e8-11de-8d60-0019dbabc147}\Shell\explore\command - "" = F:\.\\BORO\\\kawasaki.exe -- File not found O33 - MountPoints2\{f837f514-30e8-11de-8d60-0019dbabc147}\Shell\open\command - "" = F:\BORO\\\\\kawasaki.exe -- File not found :Commands [purity] [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Download and scan with SUPERAntiSpyware Free for Home Users Double-click SUPERAntiSpyware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.) Under "Configuration and Preferences", click the Preferences button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning. Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen. Back on the main screen, under "Scan for Harmful Software" click Scan your computer. On the left, make sure you check C:\Fixed Drive. On the right, under "Complete Scan", choose Perform Complete Scan. Click "Next" to start the scan. Please be patient while it scans your computer. After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". Make sure everything has a checkmark next to it and click "Next". A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. If asked if you want to reboot, click "Yes". To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. Click Close to exit the program. Run ESET Online Scan Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Check Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the button. Push You can refer to this animation by neomage if needed.

jocacobe View Member Profile	Aug 13 2009, 04:00 PM Post #5
Member Posts: 12 From: Dominican Republic OS: XP	Hi SpySentinel, Ok, so here are the logs: SUPERAntiSpyware Log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/13/2009 at 12:33 PM Application Version : 4.27.1002 Core Rules Database Version : 4054 Trace Rules Database Version: 1994 Scan type : Complete Scan Total Scan Time : 01:22:03 Memory items scanned : 569 Memory threats detected : 0 Registry items scanned : 5492 Registry threats detected : 0 File items scanned : 46220 File threats detected : 139 Adware.Tracking Cookie C:\Documents and Settings\Felipe\Cookies\felipe@tribalfusion[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@pool2.stolenpornpasswords[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@intershare.112.2o7[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@66303986[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads2.slickdeals[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@checkstat[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@front[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@hotlog[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@trafficmp[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@click.cashengines[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@metacafe.122.2o7[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@1071030248[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@www.sexytubevideos[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@counter.cnw[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@diginet.112.2o7[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@imrworldwide[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@adserver.hispavista[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@adverticum[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@sweetysexybeba.spaces.live[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@adecn[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@revenue[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@insightexpressai[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@overture[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@richmedia.yahoo[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@microsoftgamestudio.112.2o7[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads.clicksor[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads2.weblogssl[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@socialmedia[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@advertising[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads-dev.youporn[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@pornhub[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@anad.tacoda[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@cgm.adbureau[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@videoegg.adbureau[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@msnaccountservices.112.2o7[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@lstat.youku[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@adserver.aol[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@microsoftwlmessengermkt.112.2o7[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@adserver.medialoopsa[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads.us.e-planning[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@onclickvideos[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@realmedia[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@server.iad.liveperson[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads.softure[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads.pointroll[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@adserver.dalealplay[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@serving-sys[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@questionmarket[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@hearstmagazines.112.2o7[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@ad.zanox[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads.bnamericas[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@xiti[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@edge.ru4[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@yadro[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@adlegend[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@1062518088[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@indextools[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads.realtechnetwork[3].txt C:\Documents and Settings\Felipe\Cookies\felipe@mmstat[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@www.sexhub[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@perf.overture[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@1068632757[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@adserver.mommo[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@imediablast[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@pornotube[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@www7.addfreestats[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@atdmt[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@warnerbros.112.2o7[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@revsci[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads.enalquiler[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@adopt.specificclick[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads.widgetbucks[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@adserver.easyad[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@click.orgycash[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@audit.median[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@azjmp[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@adbrite[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@player[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads.addynamix[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@tns-counter[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@www5.addfreestats[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@sweetysexybeba.spaces.live[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@atwola[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@teenycinema[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@specificclick[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@m1.webstats.motigo[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@youporn[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@toplist[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@msnportal.112.2o7[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@dandmholdings.112.2o7[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@eas.apm.emediate[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@adopt.euroclick[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@bs.serving-sys[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@weborama[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@adv.xboard[3].txt C:\Documents and Settings\Felipe\Cookies\felipe@ad2.doublepimp[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@neocounter2[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@sexhub[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@miarroba.solution.weborama[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@interclick[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@click.adultxfun[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@chitika[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads.realtechnetwork[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@windowsmedia[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@www.allrealitypass[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@adservingml[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@oas.adservingml[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@adv.xboard[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads.realtechnetwork[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@server.cpmstar[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@video[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@partner2profit[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@microsoftwindows.112.2o7[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@ad.pandora[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@adinterax[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads.orb[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@avgtechnologies.112.2o7[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@tracking.publicidees[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads.realtechnetwork[5].txt C:\Documents and Settings\Felipe\Cookies\felipe@estat[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@collective-media[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@ero-advertising[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads.bridgetrack[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@nextag[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@adultfriendfinder[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@webmasterplan[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@www6.addfreestats[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@myroitracking[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@divx.112.2o7[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@msnbc.112.2o7[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads.crakmedia[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@ad1.clickhype[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@clickz.lonelycheatingwives[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@ads.telegraph.co[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@adrenaline[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@tripod[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@qnsr[1].txt Trojan.Agent/Gen-PennyStockChaser C:\ARCHIVOS DE PROGRAMA\CHEAT ENGINE\SYSTEMCALLSIGNAL.EXE Trojan.Agent/Gen-FakeAlert[Firewall] C:\_OTL\MOVEDFILES\08132009_020659\RECYCLER\S-1-5-21-7116568769-7389958157-042186739-2252\NISSAN.EXE ESET Online Scanner Log: D:\documentos\Descargas\CheatEngine55.exe probably a variant of Win32/Genetik trojan deleted - quarantined Thanks in advance! -Joseph...

SpySentinel View Member Profile	Aug 13 2009, 04:31 PM Post #6
Trusted Helper Posts: 3,969 From: The United States OS: Windows XP SP3 & Windows Vista SP1	You're welcome. Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

jocacobe View Member Profile	Aug 13 2009, 04:44 PM Post #7
Member Posts: 12 From: Dominican Republic OS: XP	Hi SpySentinel, Here are the logs: Logfile of random's system information tool 1.06 (written by random/random) Run by Felipe at 2009-08-13 18:41:46 Microsoft Windows XP Professional Service Pack 3 System drive C: has 24 GB (62%) free of 39 GB Total RAM: 958 MB (40% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:42:13 p.m., on 13/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe C:\Archivos de programa\Bonjour\mDNSResponder.exe C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe C:\Archivos de programa\Java\jre6\bin\jqs.exe C:\ARCHIV~1\AVG\AVG8\avgrsx.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE C:\ARCHIV~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\ARCHIV~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Archivos de programa\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\S3trayp.exe C:\WINDOWS\RTHDCPL.EXE C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\Communications_Helper.exe C:\Archivos de programa\Logitech\QuickCam10\QuickCam10.exe C:\ARCHIV~1\AVG\AVG8\avgtray.exe C:\Archivos de programa\Windows Live\Family Safety\fsui.exe C:\Archivos de programa\iTunes\iTunesHelper.exe C:\Archivos de programa\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\LVComSX.exe C:\Archivos de programa\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Archivos de programa\Logitech\QuickCam10\COCIManager.exe C:\Archivos de programa\Mozilla Firefox\firefox.exe C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe C:\Archivos de programa\Windows Live\Contacts\wlcomm.exe C:\Archivos de programa\Skype\Phone\Skype.exe C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe C:\Archivos de programa\Windows Live\Mail\wlmail.exe C:\Documents and Settings\Felipe\Escritorio\ñema\RSIT.exe C:\Archivos de programa\Trend Micro\HijackThis\Felipe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Archivos de programa\Windows Live\Family Safety\fssbho.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Archivos de programa\Windows Live\Messenger\wlchtc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Archivos de programa\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\winampa.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Archivos de programa\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [fssui] "C:\Archivos de programa\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h O4 - HKCU\..\Run: [LDM] C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICIO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Servicio de red') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: bw+0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll O18 - Protocol: offline-8876480 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Archivos de programa\Archivos comunes\Logitech\SrvLnch\SrvLnch.exe -- End of file - 24136 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\User_Feed_Synchronization-{1D1F8161-9D7D-4E01-AC74-37A2BC799E8B}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Archivos de programa\AVG\AVG8\avgssie.dll [2009-07-24 1111320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}] Windows Live Family Safety Browser Helper Class - C:\Archivos de programa\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] Click-to-Call BHO - C:\Archivos de programa\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] AVG Security Toolbar BHO - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll [2009-06-16 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-24 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll [2009-06-16 259696] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-21 53248] "S3Trayp"=C:\WINDOWS\system32\S3trayp.exe [2007-02-05 176128] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "LogitechCommunicationsManager"=C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\Communications_Helper.exe [2006-06-26 497200] "LogitechQuickCamRibbon"=C:\Archivos de programa\Logitech\QuickCam10\QuickCam10.exe [2006-06-26 614960] "WinampAgent"=C:\Archivos de programa\Winamp\winampa.exe [] "AVG8_TRAY"=C:\ARCHIV~1\AVG\AVG8\avgtray.exe [2009-07-01 1948440] "Easy-PrintToolBox"=C:\Archivos de programa\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-13 409600] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Adobe Reader Speed Launcher"=C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "fssui"=C:\Archivos de programa\Windows Live\Family Safety\fsui.exe [2009-02-06 454000] "QuickTime Task"=C:\Archivos de programa\QuickTime\QTTask.exe [2009-01-05 413696] "iTunesHelper"=C:\Archivos de programa\iTunes\iTunesHelper.exe [2009-04-02 342312] "SunJavaUpdateSched"=C:\Archivos de programa\Java\jre6\bin\jusched.exe [2009-07-25 149280] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "MsnMsgr"=C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408] "ares"=C:\Archivos de programa\Ares\Ares.exe -h [] "LDM"=C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-30 36864] "SUPERAntiSpyware"=C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-05 1830128] C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio Logitech Desktop Messenger.lnk - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-07-01 11952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Archivos de programa\Internet Explorer\iexplore.exe"="C:\Archivos de programa\Internet Explorer\iexplore.exe::Enabled:Internet Explorer" "C:\Archivos de programa\Mozilla Firefox\firefox.exe"="C:\Archivos de programa\Mozilla Firefox\firefox.exe::Enabled:Mozilla Firefox" "C:\Archivos de programa\Windows Live\Mail\wlmail.exe"="C:\Archivos de programa\Windows Live\Mail\wlmail.exe::Enabled:Windows Live Mail" "C:\Archivos de programa\AVG\AVG8\avgtray.exe"="C:\Archivos de programa\AVG\AVG8\avgtray.exe::Enabled:AVG Free Tray Icon" "C:\Archivos de programa\Java\jre6\bin\java.exe"="C:\Archivos de programa\Java\jre6\bin\java.exe::Enabled:Java™ Platform SE binary" "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe"="C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Archivos de programa\iTunes\iTunes.exe"="C:\Archivos de programa\iTunes\iTunes.exe::Enabled:iTunes" "C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" "C:\Archivos de programa\Windows Media Player\wmplayer.exe"="C:\Archivos de programa\Windows Media Player\wmplayer.exe::Enabled:wmplayer" "C:\Archivos de programa\Skype\Phone\Skype.exe"="C:\Archivos de programa\Skype\Phone\Skype.exe::Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2009-08-13 18:41:46 ----D---- C:\rsit 2009-08-13 12:49:45 ----D---- C:\Archivos de programa\ESET 2009-08-13 03:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-13 03:13:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-13 03:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-13 03:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-13 03:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-08-13 03:10:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-13 03:07:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-13 03:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-13 03:07:06 ----A---- C:\WINDOWS\system32\wmpns.dll 2009-08-13 03:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-08-13 03:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-13 02:28:43 ----D---- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com 2009-08-13 02:28:19 ----D---- C:\Documents and Settings\Felipe\Datos de programa\SUPERAntiSpyware.com 2009-08-13 02:28:19 ----D---- C:\Archivos de programa\SUPERAntiSpyware 2009-08-13 02:27:46 ----D---- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard 2009-08-13 02:06:59 ----D---- C:\_OTL 2009-08-12 07:59:51 ----A---- C:\RootRepeal report 08-12-09 (07-59-51).txt 2009-08-12 03:08:38 ----D---- C:\8bd9f25ee2e36cf8576b9732 2009-08-10 17:13:49 ----HDC---- C:\Documents and Settings\All Users\Datos de programa\~0 2009-08-10 17:13:33 ----D---- C:\Documents and Settings\All Users\Datos de programa\Lavasoft 2009-08-10 16:57:08 ----D---- C:\Documents and Settings\Felipe\Datos de programa\Malwarebytes 2009-08-10 16:57:01 ----D---- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes 2009-08-10 16:57:01 ----D---- C:\Archivos de programa\Malwarebytes' Anti-Malware 2009-08-10 16:55:04 ----D---- C:\WINDOWS\ERDNT 2009-08-10 16:54:40 ----D---- C:\Archivos de programa\ERUNT 2009-08-10 16:52:24 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2009-08-10 16:51:09 ----D---- C:\Archivos de programa\MSBuild 2009-08-10 16:47:40 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-10 16:46:58 ----D---- C:\Archivos de programa\Reference Assemblies 2009-08-10 16:46:25 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-08-10 16:31:02 ----RSD---- C:\WINDOWS\assembly 2009-08-10 16:31:01 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-10 16:30:57 ----D---- C:\WINDOWS\system32\URTTemp 2009-08-06 09:42:30 ----A---- C:\WINDOWS\system32\javaws.exe 2009-08-06 09:42:30 ----A---- C:\WINDOWS\system32\javaw.exe 2009-08-06 09:42:30 ----A---- C:\WINDOWS\system32\java.exe 2009-08-03 08:11:19 ----D---- C:\Archivos de programa\Trend Micro 2009-08-03 07:12:28 ----D---- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy 2009-08-03 07:12:28 ----D---- C:\Archivos de programa\Spybot - Search & Destroy 2009-07-15 03:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-07-15 03:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-07-15 03:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ ======List of files/folders modified in the last 1 months====== 2009-08-13 18:41:46 ----D---- C:\WINDOWS\Prefetch 2009-08-13 18:30:31 ----D---- C:\Documents and Settings\Felipe\Datos de programa\Skype 2009-08-13 18:10:58 ----D---- C:\Documents and Settings\Felipe\Datos de programa\skypePM 2009-08-13 18:05:31 ----SHD---- C:\WINDOWS\Installer 2009-08-13 18:05:30 ----RD---- C:\Archivos de programa 2009-08-13 18:05:05 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-08-13 18:05:02 ----D---- C:\WINDOWS\system32 2009-08-13 12:49:49 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-08-13 12:49:49 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-13 12:44:39 ----D---- C:\Archivos de programa\Mozilla Firefox 2009-08-13 12:42:25 ----D---- C:\WINDOWS\Temp 2009-08-13 12:40:49 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-13 11:03:23 ----D---- C:\WINDOWS 2009-08-13 03:22:43 ----D---- C:\Archivos de programa\Outlook Express 2009-08-13 03:15:17 ----HD---- C:\WINDOWS\inf 2009-08-13 03:15:09 ----D---- C:\WINDOWS\system32\DllCache 2009-08-13 03:13:16 ----A---- C:\WINDOWS\imsins.BAK 2009-08-13 03:12:43 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-13 03:10:40 ----HD---- C:\WINDOWS\$hf_mig$ 2009-08-13 02:27:46 ----D---- C:\Archivos de programa\Archivos comunes 2009-08-12 12:36:07 ----HD---- C:\$AVG8.VAULT$ 2009-08-12 07:51:22 ----D---- C:\WINDOWS\system32\drivers 2009-08-12 03:16:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-12 03:15:38 ----D---- C:\WINDOWS\WinSxS 2009-08-12 03:10:16 ----D---- C:\WINDOWS\system32\en-US 2009-08-12 03:10:10 ----RSD---- C:\WINDOWS\Fonts 2009-08-12 03:02:44 ----D---- C:\WINDOWS\Registration 2009-08-11 10:18:02 ----A---- C:\WINDOWS\LEXSTAT.INI 2009-08-10 19:59:32 ----SHD---- C:\RECYCLER 2009-08-10 17:15:15 ----SD---- C:\WINDOWS\Tasks 2009-08-10 16:52:09 ----D---- C:\WINDOWS\system32\es-es 2009-08-10 16:46:39 ----D---- C:\WINDOWS\system32\spool 2009-08-10 16:43:34 ----D---- C:\Archivos de programa\Internet Explorer 2009-08-10 16:31:16 ----D---- C:\WINDOWS\system32\mui 2009-08-06 09:42:04 ----D---- C:\Archivos de programa\Java 2009-08-05 05:00:12 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-07-31 23:03:10 ----A---- C:\WINDOWS\NeroDigital.ini 2009-07-29 20:49:14 ----A---- C:\WINDOWS\system32\MRT.exe 2009-07-29 03:01:17 ----D---- C:\WINDOWS\ie7updates 2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-07-19 09:28:27 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-07-19 09:28:25 ----A---- C:\WINDOWS\system32\ieframe.dll 2009-07-17 15:03:07 ----A---- C:\WINDOWS\system32\atl.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-24 335752] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-01 27784] R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-17 108552] R1 intelppm;Controlador de procesador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 SASDIFSV;SASDIFSV; \??\C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.sys [] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136] R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-14 42496] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 HDAudBus;Controlador de bus de Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2006-06-26 23472] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-06-22 38960] R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2006-06-22 293808] R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-03-04 709632] R3 SASENUM;SASENUM; \??\C:\Archivos de programa\SUPERAntiSpyware\SASENUM.SYS [] R3 usbaudio;Controlador de audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Controlador primario genérico USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Controlador minipuerto de la controladora mejorada USB 2.0 de Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Controlador de concentrador estándar USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Clase de impresora USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbuhci;Controlador minipuerto de la controladora de host universal USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 kbdhid;Controlador HID de teclado; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] S3 CCDECODE;Descodificador de título cerrado; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 FETNDIS;Controlador para NT del adaptador Fast Ethernet VIA PCI 10/100Mb; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2005-08-03 27165] S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [] S3 HidUsb;Controlador de clases HID de Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-06-26 1587632] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-06-26 1952816] S3 MSTEE;Convertidor Tee/Sink-to-Sink de transferencia de Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Códec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Conexión de TV/Vídeo de Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;Receptor BDA IP; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000] S3 usbscan;Controlador de escáner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;Códec de teletexto estándar mundial; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424] R2 avg8emc;AVG Free8 E-mail Scanner; C:\ARCHIV~1\AVG\AVG8\avgemc.exe [2009-07-24 907032] R2 avg8wd;AVG Free8 WatchDog; C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe [2009-07-01 298776] R2 Bonjour Service;Servicio Bonjour; C:\Archivos de programa\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 fsssvc;Windows Live Family Safety; C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] R2 JavaQuickStarterService;Java Quick Starter; C:\Archivos de programa\Java\jre6\bin\jqs.exe [2009-07-25 153376] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104] R2 LVPrcSrv;Logitech Process Monitor; c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe [2006-06-26 99888] R2 MDM;Machine Debug Manager; C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R3 iPod Service;Servicio del iPod; C:\Archivos de programa\iPod\bin\iPodService.exe [2009-04-02 656168] S2 LVSrvLauncher;LVSrvLauncher; C:\Archivos de programa\Archivos comunes\Logitech\SrvLnch\SrvLnch.exe [2006-06-26 91696] S3 aspnet_state;Servicio de estado de ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 182768] S3 IDriverT;InstallDriver Table Manager; C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 NetTcpPortSharing;Servicio de uso compartido de puertos Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-08-13 18:42:18 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Actualización de seguridad para el Reproductor de Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Actualización de seguridad para el Reproductor de Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Actualización de seguridad para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Actualización de seguridad para Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Actualización de seguridad para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Actualización de seguridad para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Actualización de seguridad para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Actualización de seguridad para Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Actualización de seguridad para Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Actualización de seguridad para Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Actualización de seguridad para Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Actualización para Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Actualización para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Actualización para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Actualización para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Actualización para Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Actualización para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Actualización para Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003} Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} AVG Free 8.5-->C:\Archivos de programa\AVG\AVG8\setup.exe /UNINSTALL Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Canon iP1300-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1300 /L0x000a Canon Utilities Easy-PhotoPrint-->C:\Archivos de programa\Canon\Easy-PhotoPrint\uninst.exe uninst.ini Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Combined Community Codec Pack 2008-01-24-->"C:\Archivos de programa\Combined Community Codec Pack\unins000.exe" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Controlador de Logitech® Camera-->"C:\Archivos de programa\Archivos comunes\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT DivX Web Player-->C:\Archivos de programa\DivX\DivXWebPlayerUninstall.exe /PLUGIN ERUNT 1.1j-->"C:\Archivos de programa\ERUNT\unins000.exe" ESET Online Scanner v3-->C:\Archivos de programa\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe Free DWG Viewer 6.2-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}\setup.exe" -l0x9 -removeonly Freez FLV to MP3 Converter-->"C:\Archivos de programa\Smallvideosoft\Freez FLV to MP3 Converter\unins000.exe" Google Toolbar for Internet Explorer-->"C:\Archivos de programa\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" iPod for Windows 2005-09-06-->C:\Archivos de programa\Archivos comunes\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1} /l1033 iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3} Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} Lexmark Z600 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870} Logitech Desktop Messenger-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0xa UNINSTALL Logitech QuickCam-->MsiExec.exe /X{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC} Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2} Malwarebytes' Anti-Malware-->"C:\Archivos de programa\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.0 Spanish Language Pack-->MsiExec.exe /X{EBDFE185-7DDD-4687-9EBA-1B24FF7FF496} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110C0A-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F} Mozilla Firefox (3.0.13)-->C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} Nero OEM-->C:\Archivos de programa\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Paquete de idioma de Microsoft .NET Framework 2.0 - ESN-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ESN\install.exe Paquete de idioma para español de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Spanish Language Pack\setup.exe Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3} QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} Realtek High Definition Audio Driver-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0xa -removeonly Revisión para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Revisión para Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} UMVPLStandalone-->MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1} VIA Administrador de dispositivos de plataforma-->C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VIA/S3G Display Driver 6.14.10.0086-->C:\ARCHIV~1\S3\UChromeP\s3minset.exe /u UChromeP.uns Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" Winamp Remote-->"C:\Archivos de programa\Winamp Remote\uninstall.exe" Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Archivos de programa\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536} Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA} Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6} Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C} Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5} Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Format Runtime-->"C:\Archivos de programa\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Presentation Foundation Language Pack (ESN)-->MsiExec.exe /X{5668914A-431C-4910-94E7-F6673615B538} Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation ES Language Pack-->MsiExec.exe /I{AB588DC0-FC95-42D2-908F-BCAD99596282} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Archivos de programa\WinRAR\uninstall.exe XAimer-->"C:\Archivos de programa\XAimer\unins000.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: AVG Anti-Virus Free ======System event log====== Computer Name: PC Event Code: 10010 Message: El servidor {DC0C2640-1415-4644-875C-6F4D769839BA} no se registró con DCOM dentro del tiempo de espera requerido. Record Number: 9938 Source Name: DCOM Time Written: 20090612000255.000000-240 Event Type: error User: PC\Felipe Computer Name: PC Event Code: 10010 Message: El servidor {DC0C2640-1415-4644-875C-6F4D769839BA} no se registró con DCOM dentro del tiempo de espera requerido. Record Number: 9937 Source Name: DCOM Time Written: 20090612000219.000000-240 Event Type: error User: PC\Felipe Computer Name: PC Event Code: 10010 Message: El servidor {DC0C2640-1415-4644-875C-6F4D769839BA} no se registró con DCOM dentro del tiempo de espera requerido. Record Number: 9936 Source Name: DCOM Time Written: 20090612000144.000000-240 Event Type: error User: PC\Felipe Computer Name: PC Event Code: 10010 Message: El servidor {DC0C2640-1415-4644-875C-6F4D769839BA} no se registró con DCOM dentro del tiempo de espera requerido. Record Number: 9935 Source Name: DCOM Time Written: 20090612000109.000000-240 Event Type: error User: PC\Felipe Computer Name: PC Event Code: 4226 Message: TCP/IP alcanzó el límite de seguridad impuesto sobre el número de intentos de conexión TCP simultáneas. Record Number: 9932 Source Name: Tcpip Time Written: 20090611173618.000000-240 Event Type: warning User: =====Application event log===== Computer Name: PC Event Code: 20 Message: Record Number: 4817 Source Name: Google Update Time Written: 20090628005627.000000-240 Event Type: error User: PC\Felipe Computer Name: PC Event Code: 20 Message: Record Number: 4816 Source Name: Google Update Time Written: 20090627235628.000000-240 Event Type: error User: PC\Felipe Computer Name: PC Event Code: 20 Message: Record Number: 4815 Source Name: Google Update Time Written: 20090627225627.000000-240 Event Type: error User: PC\Felipe Computer Name: PC Event Code: 20 Message: Record Number: 4814 Source Name: Google Update Time Written: 20090627215628.000000-240 Event Type: error User: PC\Felipe Computer Name: PC Event Code: 20 Message: Record Number: 4808 Source Name: Google Update Time Written: 20090627195319.000000-240 Event Type: error User: PC\Felipe ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Archivos de programa\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Archivos de programa\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Archivos de programa\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------

SpySentinel View Member Profile	Aug 13 2009, 04:53 PM Post #8
Trusted Helper Posts: 3,969 From: The United States OS: Windows XP SP3 & Windows Vista SP1	How is your computer running? Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack. Please go to the link below to update. http://www.adobe.com/products/acrobat/readstep2.html Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems Upgrading Java: Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16. Click the "Download" button to the right. Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.". Click on Continue. Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager.. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u14-windows-i586.exe and select "Run as an Administrator.") Download and Run SystemLook Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. (If you are using Vista, please right-click and select run as administartor) A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff". Copy and Paste the content of the following codebox into the main textfield under "File": CODE :dir C:\Documents and Settings\All Users\Datos de programa\~0 Please Confirm everything is copied and Pasted as I have provided above Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt 2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task

jocacobe View Member Profile	Aug 13 2009, 05:32 PM Post #9
Member Posts: 12 From: Dominican Republic OS: XP	Hi SpySentinel, Ok, my computer is running normally (it has been this way even with the spam thing), lately none of my friends have received any spam (i think), but I'm not sure if this is completely gone. The popup tab of thenewspedia hasn't appeared in a while. I guess it may be fixed but I still wanna be REALLY SURE! Ok, the log: SystemLook v1.0 by jpshortstuff (22.05.09) Log created at 19:27 on 13/08/2009 by Felipe (Administrator - Elevation successful) ========== dir ========== C:\Documents and Settings\All Users\Datos de programa\~0 - Unable to find folder. -=End Of File=- Thanks -Joseph

SpySentinel View Member Profile	Aug 13 2009, 05:37 PM Post #10
Trusted Helper Posts: 3,969 From: The United States OS: Windows XP SP3 & Windows Vista SP1	Glad to here the popups are gone. Download and scan with SUPERAntiSpyware Free for Home Users Double-click SUPERAntiSpyware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.) Under "Configuration and Preferences", click the Preferences button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning. Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen. Back on the main screen, under "Scan for Harmful Software" click Scan your computer. On the left, make sure you check C:\Fixed Drive. On the right, under "Complete Scan", choose Perform Complete Scan. Click "Next" to start the scan. Please be patient while it scans your computer. After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". Make sure everything has a checkmark next to it and click "Next". A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. If asked if you want to reboot, click "Yes". To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. Click Close to exit the program. Run ESET Online Scan Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Check Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the button. Push You can refer to this animation by neomage if needed.

jocacobe View Member Profile	Aug 13 2009, 09:46 PM Post #11
Member Posts: 12 From: Dominican Republic OS: XP	Hi SpySentinel, The scans came out clean (finally!). I guess that the problem is gone. I will post the SUPERAntiSpyware log only because the ESET didn't come up with anything. Here is the log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/13/2009 at 10:04 PM Application Version : 4.27.1002 Core Rules Database Version : 4054 Trace Rules Database Version: 1994 Scan type : Complete Scan Total Scan Time : 02:24:25 Memory items scanned : 590 Memory threats detected : 0 Registry items scanned : 5505 Registry threats detected : 0 File items scanned : 45970 File threats detected : 4 Adware.Tracking Cookie C:\Documents and Settings\Felipe\Cookies\felipe@imrworldwide[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@collective-media[1].txt C:\Documents and Settings\Felipe\Cookies\felipe@atdmt[2].txt C:\Documents and Settings\Felipe\Cookies\felipe@ad.yieldmanager[2].txt Thanks a lot dude! You are the best! - Joseph

SpySentinel View Member Profile	Aug 14 2009, 03:26 PM Post #12
Trusted Helper Posts: 3,969 From: The United States OS: Windows XP SP3 & Windows Vista SP1	You're welcome, glad I could help. Your log looks clean, Great Job Now for some cleanup.. Please download OTC and save it to Desktop. Please make sure you are connecting to the Internet Double-click OTC.exe Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. *Set a New Restore Point to prevent possible reinfection* from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is: Go to Start > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then go to Start > Run and type: Cleanmgr Click "OK". Click the "More Options" Tab. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. No Firewall Onboard You don't seem to have a firewall program installed. Using a firewall will allow you to allow/deny access for applications that want to go online. Select one of these, or another of your choice: Online Armor Sunbelt Personal Firewall OutPost Firewall Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. here are some additional utilities that will enhance your safety McAfee Site Advisor <= McAfee Site Advisor protects your browser against malicious sites and warns you when you go to one. MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software**

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Web Browsers and Email MSN messenger problem-seriously need help!	6 / 474	14th August 2006 - 02:18 AM larxanne started - last by larxanne
Windows XP™, 2000, 2003, NT Need to Disable MSN Messenger on XP Pro - Help!	11 / 622	24th September 2006 - 09:37 PM rogerbid started - last by rogerbid
Virus, Spyware and Trojan Removal Msn messenger Virus Help plz!	5 / 985	8th September 2007 - 03:53 AM Jewelz started - last by harrythook
Virus, Spyware and Trojan Removal Some kind of virus whicg came through MSN Messenger! [RESOLVED]	12 / 2,065	29th January 2008 - 11:49 AM spoon007 started - last by sari