Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

MSN Messenger Facebook spam getting annoying!

Started by jocacobe , Aug 03 2009 06:17 AM

Please log in to reply

#1
jocacobe

Posted 03 August 2009 - 06:17 AM

Member

Member
12 posts

Hi there,

It's been two days since a friend of mine told me I kept sending them a weird link (spam). These links are mostly like www.face-book.com, www.face-book.ws, etc... I've looked everywhere for a fix to this apparent MSN spam or hijack or w/e, but I can't find a solution! I have the AVG anti-virus and I've scanned twice with Spybot and AVG and my messenger keeps sending the links! Also, MSN Virus Remover doesn't work. I've also tried changing my hotmail account password, but with no success...

**UPDATE**
I've been having a new symptom: A new tab opens up by itself in Firefox with the following URL : http://www.thenewspe...mponents/health ... and another one with some kind of 'windows live survey, we need your help' scam...

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:11:50 a.m., on 03/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\Communications_Helper.exe
C:\Archivos de programa\Logitech\QuickCam10\QuickCam10.exe
C:\ARCHIV~1\AVG\AVG8\avgtray.exe
C:\Archivos de programa\Windows Live\Family Safety\fsui.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe
C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\LVComSX.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\ARCHIV~1\AVG\AVG8\avgemc.exe
C:\ARCHIV~1\AVG\AVG8\avgnsx.exe
C:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Archivos de programa\Logitech\QuickCam10\COCIManager.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\Archivos de programa\Windows Live\Contacts\wlcomm.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Windows Live\Mail\wlmail.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Archivos de programa\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Archivos de programa\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Archivos de programa\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Archivos de programa\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fssui] "C:\Archivos de programa\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [LDM] C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: bw+0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Archivos de programa\Archivos comunes\Logitech\SrvLnch\SrvLnch.exe

--
End of file - 24145 bytes

Any help will be appreciated,
Thanks in advance!

-Joseph C.

Edited by jocacobe, 09 August 2009 - 04:53 AM.

#2
SpySentinel

Posted 10 August 2009 - 02:53 PM

R.I.P.

Retired Staff
5,152 posts

Hi Joseph,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.

Step #1

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Step #2

We Need to check for Rootkits with RootRepeal

Download RootRepeal from the following location and save it to your desktop.
- Zip Mirrors (Recommended)
  - Primary Mirror
  - [url="http://<a%20href="http://rootrepeal.googlepages.com/RootRepeal.zip"%20target="_blank">http://rootrepeal.go...tRepeal.zip</a>"]Secondary Mirror[/url]
  - Secondary Mirror
- Rar Mirrors - Only if you know what a RAR is and can extract it.
Extract RootRepeal.exe from the archive.
Open on your desktop.
Click the tab.
Click the button.
Check all seven boxes:
Push Ok
Check the box for your main system drive (Usually C:), and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Step #3

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Logs to Post:

OTL Log
RootRepeal Log
MBAM Log

#3
jocacobe

Posted 12 August 2009 - 06:28 AM

Member

Topic Starter
Member
12 posts

Hey SpySentinel!

Thank you so much for helping me!

Ok, first of all, before you replied to my topic I read the guide in the forum to remove malware and used some of the tools there. This had no sucess, however found a few infections which I removed. I had used MBAM on August 10th, but I will post both MBAM logs; the one from today and the one from the 10th, since they both found some problem.

Second, my OS language is spanish

(I work in the Dominican Republic), and I noticed that on Extra.txt log there are some errors which are in spanish. I hope there will be no problem with this since it's easy to understand the context. If you need translation just post it here and I'll tell you!

Ok, here we go:

OTL LOG:

OTL logfile created on: 12/08/2009 07:50:02 a.m. - Run 1
OTL by OldTimer - Version 3.0.10.6 Folder = C:\Documents and Settings\Felipe\Escritorio\ñema
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

958.36 Mb Total Physical Memory | 179.09 Mb Available Physical Memory | 18.69% Memory free
2.85 Gb Paging File | 2.16 Gb Available in Paging File | 75.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 37.99 Gb Total Space | 23.09 Gb Free Space | 60.79% Space Free | Partition Type: NTFS
Drive D: | 36.53 Gb Total Space | 19.13 Gb Free Space | 52.36% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Felipe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\WINDOWS\System32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\System32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Archivos de programa\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\System32\S3trayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
PRC - C:\Archivos de programa\Logitech\QuickCam10\QuickCam10.exe ()
PRC - C:\Archivos de programa\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Archivos de programa\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
PRC - C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\Archivos de programa\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Archivos de programa\Logitech\QuickCam10\COCIManager.exe (Logitech Inc.)
PRC - C:\Archivos de programa\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Felipe\Escritorio\ñema\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\System32\msfeedssync.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Archivos de programa\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Archivos de programa\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Archivos de programa\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [Auto | Running]) -- C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Archivos de programa\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Archivos de programa\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\System32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVSrvLauncher [Auto | Stopped]) -- C:\Archivos de programa\Archivos comunes\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (MDM [Auto | Running]) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (fssfltr [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LVcKap [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LVcKap.sys (Logitech Inc.)
DRV - (LVMVDrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\lvusbsta.sys (Logitech Inc.)
DRV - (PID_0928 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LV561AV.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (S3GIGP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\S3gIGPm.sys (S3 Graphics Co., Ltd.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (tap0801 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\tap0801.sys (The OpenVPN Project)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (videX32 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (xfilt [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:1.2
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Archivos de programa\AVG\AVG8\Firefox [2009/07/01 08:26:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Archivos de programa\AVG\AVG8\Toolbar\Firefox\[email protected] [2009/07/01 08:26:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ff [2008/10/30 15:26:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/12 03:11:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2009/08/04 08:48:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2009/08/04 08:48:38 | 00,000,000 | ---D | M]

[2009/01/09 17:53:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe\Datos de programa\mozilla\Extensions
[2009/01/09 17:53:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe\Datos de programa\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/12 07:36:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe\Datos de programa\mozilla\Firefox\Profiles\7esjtkhz.default\extensions
[2009/01/07 17:00:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe\Datos de programa\mozilla\Firefox\Profiles\7esjtkhz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/23 16:36:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe\Datos de programa\mozilla\Firefox\Profiles\7esjtkhz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/01 17:17:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe\Datos de programa\mozilla\Firefox\Profiles\7esjtkhz.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2009/02/18 20:30:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe\Datos de programa\mozilla\Firefox\Profiles\7esjtkhz.default\extensions\[email protected]
[2008/11/06 14:31:49 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\Felipe\Datos de programa\Mozilla\FireFox\Profiles\7esjtkhz.default\searchplugins\youtube-video-search.xml
[2009/08/12 07:36:42 | 00,000,000 | ---D | M] -- C:\Archivos de programa\mozilla firefox\extensions
[2008/06/16 22:45:04 | 00,000,000 | ---D | M] -- C:\Archivos de programa\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/04 08:48:37 | 00,000,000 | ---D | M] -- C:\Archivos de programa\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/10/30 15:26:56 | 00,000,000 | ---D | M] -- C:\Archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/04 00:24:42 | 00,000,000 | ---D | M] -- C:\Archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/02 12:44:26 | 00,000,000 | ---D | M] -- C:\Archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/06 09:42:32 | 00,000,000 | ---D | M] -- C:\Archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/04 08:48:31 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 08:48:31 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdeploytk.dll
[2008/06/10 20:03:12 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdivx32.dll
[2009/08/04 08:48:32 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Archivos de programa\mozilla firefox\plugins\npnul32.dll
[2007/03/22 21:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\mozilla firefox\plugins\NPOFFICE.DLL
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\nppdf32.dll
[2009/07/08 15:30:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin.dll
[2009/07/08 15:30:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/08 15:30:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/08 15:30:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/08 15:30:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/08 15:30:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/08 15:30:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/08 15:30:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin8.dll
[2009/01/09 17:53:40 | 00,001,394 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/09 17:53:40 | 00,002,193 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\answers.xml
[2009/07/01 14:15:14 | 00,001,489 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\avg_igeared.xml
[2009/01/09 17:53:40 | 00,001,534 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/09 17:53:40 | 00,002,343 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay.xml
[2009/01/09 17:53:40 | 00,001,706 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\google.xml
[2009/01/09 17:53:40 | 00,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/09 17:53:40 | 00,000,792 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (318491 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10922 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Archivos de programa\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Archivos de programa\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Archivos de programa\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Archivos de programa\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [fssui] C:\Archivos de programa\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Archivos de programa\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Archivos de programa\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Archivos de programa\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [S3Trayp] C:\WINDOWS\System32\S3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe File not found
O4 - HKCU..\Run: [ares] C:\Archivos de programa\Ares\Ares.exe File not found
O4 - HKCU..\Run: [LDM] C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKCU..\Run: [MsnMsgr] C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Logitech Desktop Messenger.lnk = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 196.3.81.5 200.88.127.22
O18 - Protocol\Handler\bw+0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {45042735-6a39-4b23-a480-adad6fcb8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-7116568769-7389958157-042186739-2252\nissan.exe) - C:\RECYCLER\S-1-5-21-7116568769-7389958157-042186739-2252\nissan.exe ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/19 23:30:50 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f837f514-30e8-11de-8d60-0019dbabc147}\Shell\AutoRun\command - "" = F:\BORO\kawasaki.exe -- File not found
O33 - MountPoints2\{f837f514-30e8-11de-8d60-0019dbabc147}\Shell\explore\command - "" = F:\.\\BORO\\\kawasaki.exe -- File not found
O33 - MountPoints2\{f837f514-30e8-11de-8d60-0019dbabc147}\Shell\open\command - "" = F:\BORO\\\\\kawasaki.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/08/12 05:55:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/08/12 03:08:38 | 00,000,000 | ---D | C] -- C:\8bd9f25ee2e36cf8576b9732
[2009/08/12 03:01:16 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/10 17:25:57 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/08/10 17:15:15 | 00,000,500 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/10 17:14:56 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/08/10 17:13:49 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Datos de programa\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/08/10 17:13:48 | 00,000,916 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Ad-Aware.lnk
[2009/08/10 17:13:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Lavasoft
[2009/08/10 17:13:33 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Lavasoft
[2009/08/10 17:00:42 | 60,857,536 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Felipe\Escritorio\Ad-AwareAE.exe
[2009/08/10 16:57:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Felipe\Datos de programa\Malwarebytes
[2009/08/10 16:57:05 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2009/08/10 16:57:02 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/10 16:57:01 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/10 16:57:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2009/08/10 16:57:01 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2009/08/10 16:55:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/10 16:54:45 | 00,000,646 | ---- | C] () -- C:\Documents and Settings\Felipe\Escritorio\NTREGOPT.lnk
[2009/08/10 16:54:44 | 00,000,627 | ---- | C] () -- C:\Documents and Settings\Felipe\Escritorio\ERUNT.lnk
[2009/08/10 16:54:40 | 00,000,000 | ---D | C] -- C:\Archivos de programa\ERUNT
[2009/08/10 16:51:09 | 00,000,000 | ---D | C] -- C:\Archivos de programa\MSBuild
[2009/08/10 16:47:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/10 16:46:58 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Reference Assemblies
[2009/08/10 16:46:25 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009/08/10 16:31:02 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/08/10 16:31:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/08/10 16:30:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2009/08/10 16:14:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Felipe\Escritorio\ñema
[2009/08/06 09:42:30 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/06 09:42:30 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/06 09:42:30 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/03 08:11:21 | 00,001,797 | ---- | C] () -- C:\Documents and Settings\Felipe\Escritorio\HijackThis.lnk
[2009/08/03 08:11:19 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Trend Micro
[2009/08/03 07:12:38 | 00,000,982 | ---- | C] () -- C:\Documents and Settings\Felipe\Escritorio\Spybot - Search & Destroy.lnk
[2009/08/03 07:12:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
[2009/08/03 07:12:28 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Spybot - Search & Destroy
[2009/07/31 02:20:39 | 00,000,839 | ---- | C] () -- C:\Documents and Settings\Felipe\Escritorio\Reproductor de Windows Media.lnk
[2009/06/29 17:45:17 | 00,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/06/29 16:19:29 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/06/14 17:39:41 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\ssresources.dll
[2009/06/14 17:39:41 | 00,020,481 | ---- | C] () -- C:\WINDOWS\System32\SystemsHook.dll
[2009/06/10 03:01:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/03/04 12:22:48 | 00,000,434 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2009/02/27 03:37:47 | 04,762,112 | ---- | C] () -- C:\WINDOWS\System32\NCMedia.dll
[2008/11/08 14:02:12 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/11 20:00:04 | 00,000,031 | ---- | C] () -- C:\WINDOWS\System32\winnsdows2.dll
[2008/10/10 01:38:32 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/10 01:38:32 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/05/24 19:03:45 | 00,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/12 03:11:58 | 00,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/06/26 10:33:40 | 00,023,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2003/04/11 12:14:14 | 00,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/24 06:00:00 | 00,000,647 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/24 06:00:00 | 00,000,263 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[2009/08/12 07:50:24 | 00,000,490 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1D1F8161-9D7D-4E01-AC74-37A2BC799E8B}.job
[2009/08/12 07:47:24 | 00,069,656 | ---- | M] () -- C:\Documents and Settings\Felipe\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT
[2009/08/12 03:25:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/12 03:25:00 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/12 03:24:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/12 03:24:55 | 00,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/12 03:16:12 | 01,078,316 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/12 03:16:12 | 00,505,318 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2009/08/12 03:16:12 | 00,441,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/12 03:16:12 | 00,090,948 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2009/08/12 03:16:12 | 00,071,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/11 10:18:02 | 00,000,434 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI
[2009/08/11 10:15:00 | 00,078,507 | ---- | M] () -- C:\Documents and Settings\Felipe\Escritorio\Envio Datos.mht
[2009/08/11 08:58:28 | 39,735,262 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/11 08:58:28 | 00,060,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/10 17:15:15 | 00,000,500 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/10 17:13:48 | 00,000,916 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Ad-Aware.lnk
[2009/08/10 17:08:32 | 60,857,536 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Felipe\Escritorio\Ad-AwareAE.exe
[2009/08/10 16:57:05 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2009/08/10 16:54:45 | 00,000,646 | ---- | M] () -- C:\Documents and Settings\Felipe\Escritorio\NTREGOPT.lnk
[2009/08/10 16:54:44 | 00,000,627 | ---- | M] () -- C:\Documents and Settings\Felipe\Escritorio\ERUNT.lnk
[2009/08/09 23:27:15 | 00,068,608 | ---- | M] () -- C:\Documents and Settings\Felipe\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/06 14:16:34 | 00,318,491 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/03 08:11:21 | 00,001,797 | ---- | M] () -- C:\Documents and Settings\Felipe\Escritorio\HijackThis.lnk
[2009/08/03 07:12:38 | 00,000,982 | ---- | M] () -- C:\Documents and Settings\Felipe\Escritorio\Spybot - Search & Destroy.lnk
[2009/07/31 23:03:10 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/31 02:20:39 | 00,000,839 | ---- | M] () -- C:\Documents and Settings\Felipe\Escritorio\Reproductor de Windows Media.lnk
[2009/07/29 03:01:47 | 00,000,584 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/25 05:23:07 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/25 05:23:07 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/25 05:23:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/25 05:23:00 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/25 03:00:33 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/24 08:56:35 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/19 09:28:27 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 09:28:27 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/19 09:28:25 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 09:28:25 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/13 17:10:44 | 00,000,647 | ---- | M] () -- C:\WINDOWS\win.ini

========== LOP Check ==========

[2009/08/10 17:13:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Datos de programa
[2009/04/13 17:23:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/10 17:13:49 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/07/01 17:22:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\AVG Security Toolbar
[2009/02/25 13:00:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Azureus
[2008/09/18 12:34:17 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\CanonBJ
[2008/12/28 08:24:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\OrbNetworks
[2009/07/01 17:20:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TEMP
[2009/08/10 16:57:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Felipe\Datos de programa
[2008/10/30 16:19:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe\Datos de programa\Ahead
[2008/09/10 15:05:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe\Datos de programa\AVGTOOLBAR
[2009/02/25 13:10:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe\Datos de programa\Azureus
[2008/10/30 16:04:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe\Datos de programa\FinalBurner MP3
[2009/02/24 09:26:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe\Datos de programa\GetRight
[2009/04/15 22:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe\Datos de programa\U3
[2009/03/01 21:33:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe\Datos de programa\uTorrent
[2009/06/19 12:55:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe\Datos de programa\YoudaGames
[2009/08/10 17:15:15 | 00,000,500 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2001/08/24 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/12 03:25:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/12 07:50:24 | 00,000,490 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1D1F8161-9D7D-4E01-AC74-37A2BC799E8B}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:0C1EFF69
< End of report >

ROOTREPEAL LOG:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/12 07:51
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF55B8000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B2B000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEFB65000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf75c187e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf75c1bfe

==EOF==

MBAM LOG(S):

(2009-08-10):

Malwarebytes' Anti-Malware 1.40
Database version: 2594
Windows 5.1.2600 Service Pack 3

10/08/2009 05:04:36 p.m.
mbam-log-2009-08-10 (17-04-36).txt

Scan type: Quick Scan
Objects scanned: 92115
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

(2009-08-12):

Malwarebytes' Anti-Malware 1.40
Database version: 2594
Windows 5.1.2600 Service Pack 3

12/08/2009 08:14:04 a.m.
mbam-log-2009-08-12 (08-14-04).txt

Scan type: Quick Scan
Objects scanned: 92415
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks in advance!
-Joseph

#4
SpySentinel

Posted 12 August 2009 - 07:35 PM

R.I.P.

Retired Staff
5,152 posts

Hi Joseph,

You're welcome

Thanks for offering to translate. I will let you know if I need help with anything, I took Spanish for 4 years but forget a lot if it

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-7116568769-7389958157-042186739-2252\nissan.exe) - C:\RECYCLER\S-1-5-21-7116568769-7389958157-042186739-2252\nissan.exe ()
O33 - MountPoints2\{f837f514-30e8-11de-8d60-0019dbabc147}\Shell\AutoRun\command - "" = F:\BORO\kawasaki.exe -- File not found
O33 - MountPoints2\{f837f514-30e8-11de-8d60-0019dbabc147}\Shell\explore\command - "" = F:\.\\BORO\\\kawasaki.exe -- File not found
O33 - MountPoints2\{f837f514-30e8-11de-8d60-0019dbabc147}\Shell\open\command - "" = F:\BORO\\\\\kawasaki.exe -- File not found

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

You can refer to this animation by neomage if needed.

#5
jocacobe

Posted 13 August 2009 - 04:00 PM

Member

Topic Starter
Member
12 posts

Hi SpySentinel,

Ok, so here are the logs:

SUPERAntiSpyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/13/2009 at 12:33 PM

Application Version : 4.27.1002

Core Rules Database Version : 4054
Trace Rules Database Version: 1994

Scan type : Complete Scan
Total Scan Time : 01:22:03

Memory items scanned : 569
Memory threats detected : 0
Registry items scanned : 5492
Registry threats detected : 0
File items scanned : 46220
File threats detected : 139

Adware.Tracking Cookie
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][3].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][3].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][5].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt

Trojan.Agent/Gen-PennyStockChaser
C:\ARCHIVOS DE PROGRAMA\CHEAT ENGINE\SYSTEMCALLSIGNAL.EXE

Trojan.Agent/Gen-FakeAlert[Firewall]
C:\_OTL\MOVEDFILES\08132009_020659\RECYCLER\S-1-5-21-7116568769-7389958157-042186739-2252\NISSAN.EXE

ESET Online Scanner Log:

D:\documentos\Descargas\CheatEngine55.exe probably a variant of Win32/Genetik trojan deleted - quarantined

Thanks in advance!

-Joseph...

#6
SpySentinel

Posted 13 August 2009 - 04:31 PM

R.I.P.

Retired Staff
5,152 posts

You're welcome.

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

#7
jocacobe

Posted 13 August 2009 - 04:44 PM

Member

Topic Starter
Member
12 posts

Hi SpySentinel,

Here are the logs:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Felipe at 2009-08-13 18:41:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (62%) free of 39 GB
Total RAM: 958 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:42:13 p.m., on 13/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\ARCHIV~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\Communications_Helper.exe
C:\Archivos de programa\Logitech\QuickCam10\QuickCam10.exe
C:\ARCHIV~1\AVG\AVG8\avgtray.exe
C:\Archivos de programa\Windows Live\Family Safety\fsui.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\LVComSX.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Archivos de programa\Logitech\QuickCam10\COCIManager.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\Archivos de programa\Windows Live\Contacts\wlcomm.exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe
C:\Archivos de programa\Windows Live\Mail\wlmail.exe
C:\Documents and Settings\Felipe\Escritorio\ñema\RSIT.exe
C:\Archivos de programa\Trend Micro\HijackThis\Felipe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Archivos de programa\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Archivos de programa\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Archivos de programa\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Archivos de programa\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fssui] "C:\Archivos de programa\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [LDM] C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: bw+0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {45042735-6A39-4B23-A480-ADAD6FCB8976} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Archivos de programa\Archivos comunes\Logitech\SrvLnch\SrvLnch.exe

--
End of file - 24136 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\User_Feed_Synchronization-{1D1F8161-9D7D-4E01-AC74-37A2BC799E8B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Archivos de programa\AVG\AVG8\avgssie.dll [2009-07-24 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Archivos de programa\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Archivos de programa\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll [2009-06-16 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll [2009-06-16 259696]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-21 53248]
"S3Trayp"=C:\WINDOWS\system32\S3trayp.exe [2007-02-05 176128]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"LogitechCommunicationsManager"=C:\Archivos de programa\Archivos comunes\Logitech\LComMgr\Communications_Helper.exe [2006-06-26 497200]
"LogitechQuickCamRibbon"=C:\Archivos de programa\Logitech\QuickCam10\QuickCam10.exe [2006-06-26 614960]
"WinampAgent"=C:\Archivos de programa\Winamp\winampa.exe []
"AVG8_TRAY"=C:\ARCHIV~1\AVG\AVG8\avgtray.exe [2009-07-01 1948440]
"Easy-PrintToolBox"=C:\Archivos de programa\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-13 409600]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"fssui"=C:\Archivos de programa\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
"QuickTime Task"=C:\Archivos de programa\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Archivos de programa\iTunes\iTunesHelper.exe [2009-04-02 342312]
"SunJavaUpdateSched"=C:\Archivos de programa\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"ares"=C:\Archivos de programa\Ares\Ares.exe -h []
"LDM"=C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-30 36864]
"SUPERAntiSpyware"=C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-05 1830128]

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
Logitech Desktop Messenger.lnk - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-01 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Archivos de programa\Internet Explorer\iexplore.exe"="C:\Archivos de programa\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Archivos de programa\Mozilla Firefox\firefox.exe"="C:\Archivos de programa\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Archivos de programa\Windows Live\Mail\wlmail.exe"="C:\Archivos de programa\Windows Live\Mail\wlmail.exe:*:Enabled:Windows Live Mail"
"C:\Archivos de programa\AVG\AVG8\avgtray.exe"="C:\Archivos de programa\AVG\AVG8\avgtray.exe:*:Enabled:AVG Free Tray Icon"
"C:\Archivos de programa\Java\jre6\bin\java.exe"="C:\Archivos de programa\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe"="C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Archivos de programa\iTunes\iTunes.exe"="C:\Archivos de programa\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Archivos de programa\Windows Media Player\wmplayer.exe"="C:\Archivos de programa\Windows Media Player\wmplayer.exe:*:Enabled:wmplayer"
"C:\Archivos de programa\Skype\Phone\Skype.exe"="C:\Archivos de programa\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-08-13 18:41:46 ----D---- C:\rsit
2009-08-13 12:49:45 ----D---- C:\Archivos de programa\ESET
2009-08-13 03:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 03:13:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 03:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-13 03:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 03:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 03:10:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 03:07:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 03:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 03:07:06 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-08-13 03:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 03:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-13 02:28:43 ----D---- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2009-08-13 02:28:19 ----D---- C:\Documents and Settings\Felipe\Datos de programa\SUPERAntiSpyware.com
2009-08-13 02:28:19 ----D---- C:\Archivos de programa\SUPERAntiSpyware
2009-08-13 02:27:46 ----D---- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2009-08-13 02:06:59 ----D---- C:\_OTL
2009-08-12 07:59:51 ----A---- C:\RootRepeal report 08-12-09 (07-59-51).txt
2009-08-12 03:08:38 ----D---- C:\8bd9f25ee2e36cf8576b9732
2009-08-10 17:13:49 ----HDC---- C:\Documents and Settings\All Users\Datos de programa\~0
2009-08-10 17:13:33 ----D---- C:\Documents and Settings\All Users\Datos de programa\Lavasoft
2009-08-10 16:57:08 ----D---- C:\Documents and Settings\Felipe\Datos de programa\Malwarebytes
2009-08-10 16:57:01 ----D---- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2009-08-10 16:57:01 ----D---- C:\Archivos de programa\Malwarebytes' Anti-Malware
2009-08-10 16:55:04 ----D---- C:\WINDOWS\ERDNT
2009-08-10 16:54:40 ----D---- C:\Archivos de programa\ERUNT
2009-08-10 16:52:24 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-08-10 16:51:09 ----D---- C:\Archivos de programa\MSBuild
2009-08-10 16:47:40 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-10 16:46:58 ----D---- C:\Archivos de programa\Reference Assemblies
2009-08-10 16:46:25 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-08-10 16:31:02 ----RSD---- C:\WINDOWS\assembly
2009-08-10 16:31:01 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-10 16:30:57 ----D---- C:\WINDOWS\system32\URTTemp
2009-08-06 09:42:30 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-06 09:42:30 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-06 09:42:30 ----A---- C:\WINDOWS\system32\java.exe
2009-08-03 08:11:19 ----D---- C:\Archivos de programa\Trend Micro
2009-08-03 07:12:28 ----D---- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2009-08-03 07:12:28 ----D---- C:\Archivos de programa\Spybot - Search & Destroy
2009-07-15 03:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-08-13 18:41:46 ----D---- C:\WINDOWS\Prefetch
2009-08-13 18:30:31 ----D---- C:\Documents and Settings\Felipe\Datos de programa\Skype
2009-08-13 18:10:58 ----D---- C:\Documents and Settings\Felipe\Datos de programa\skypePM
2009-08-13 18:05:31 ----SHD---- C:\WINDOWS\Installer
2009-08-13 18:05:30 ----RD---- C:\Archivos de programa
2009-08-13 18:05:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-13 18:05:02 ----D---- C:\WINDOWS\system32
2009-08-13 12:49:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-13 12:49:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-13 12:44:39 ----D---- C:\Archivos de programa\Mozilla Firefox
2009-08-13 12:42:25 ----D---- C:\WINDOWS\Temp
2009-08-13 12:40:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-13 11:03:23 ----D---- C:\WINDOWS
2009-08-13 03:22:43 ----D---- C:\Archivos de programa\Outlook Express
2009-08-13 03:15:17 ----HD---- C:\WINDOWS\inf
2009-08-13 03:15:09 ----D---- C:\WINDOWS\system32\DllCache
2009-08-13 03:13:16 ----A---- C:\WINDOWS\imsins.BAK
2009-08-13 03:12:43 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-13 03:10:40 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-13 02:27:46 ----D---- C:\Archivos de programa\Archivos comunes
2009-08-12 12:36:07 ----HD---- C:\$AVG8.VAULT$
2009-08-12 07:51:22 ----D---- C:\WINDOWS\system32\drivers
2009-08-12 03:16:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-12 03:15:38 ----D---- C:\WINDOWS\WinSxS
2009-08-12 03:10:16 ----D---- C:\WINDOWS\system32\en-US
2009-08-12 03:10:10 ----RSD---- C:\WINDOWS\Fonts
2009-08-12 03:02:44 ----D---- C:\WINDOWS\Registration
2009-08-11 10:18:02 ----A---- C:\WINDOWS\LEXSTAT.INI
2009-08-10 19:59:32 ----SHD---- C:\RECYCLER
2009-08-10 17:15:15 ----SD---- C:\WINDOWS\Tasks
2009-08-10 16:52:09 ----D---- C:\WINDOWS\system32\es-es
2009-08-10 16:46:39 ----D---- C:\WINDOWS\system32\spool
2009-08-10 16:43:34 ----D---- C:\Archivos de programa\Internet Explorer
2009-08-10 16:31:16 ----D---- C:\WINDOWS\system32\mui
2009-08-06 09:42:04 ----D---- C:\Archivos de programa\Java
2009-08-05 05:00:12 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-31 23:03:10 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-29 20:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-29 03:01:17 ----D---- C:\WINDOWS\ie7updates
2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-19 09:28:27 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 09:28:25 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-17 15:03:07 ----A---- C:\WINDOWS\system32\atl.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-24 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-01 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-17 108552]
R1 intelppm;Controlador de procesador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 SASDIFSV;SASDIFSV; \??\C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-14 42496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Controlador de bus de Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2006-06-26 23472]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-06-22 38960]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2006-06-22 293808]
R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-03-04 709632]
R3 SASENUM;SASENUM; \??\C:\Archivos de programa\SUPERAntiSpyware\SASENUM.SYS []
R3 usbaudio;Controlador de audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Controlador primario genérico USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Controlador minipuerto de la controladora mejorada USB 2.0 de Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Controlador de concentrador estándar USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Clase de impresora USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Controlador minipuerto de la controladora de host universal USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Controlador HID de teclado; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
S3 CCDECODE;Descodificador de título cerrado; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;Controlador para NT del adaptador Fast Ethernet VIA PCI 10/100Mb; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2005-08-03 27165]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Controlador de clases HID de Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-06-26 1587632]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-06-26 1952816]
S3 MSTEE;Convertidor Tee/Sink-to-Sink de transferencia de Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Códec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Conexión de TV/Vídeo de Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;Receptor BDA IP; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;Controlador de escáner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Códec de teletexto estándar mundial; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\ARCHIV~1\AVG\AVG8\avgemc.exe [2009-07-24 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe [2009-07-01 298776]
R2 Bonjour Service;Servicio Bonjour; C:\Archivos de programa\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 fsssvc;Windows Live Family Safety; C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Archivos de programa\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
R2 LVPrcSrv;Logitech Process Monitor; c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe [2006-06-26 99888]
R2 MDM;Machine Debug Manager; C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;Servicio del iPod; C:\Archivos de programa\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 LVSrvLauncher;LVSrvLauncher; C:\Archivos de programa\Archivos comunes\Logitech\SrvLnch\SrvLnch.exe [2006-06-26 91696]
S3 aspnet_state;Servicio de estado de ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Servicio de uso compartido de puertos Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-08-13 18:42:18

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actualización de seguridad para el Reproductor de Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Actualización de seguridad para el Reproductor de Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Actualización de seguridad para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Actualización de seguridad para Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Actualización de seguridad para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Actualización de seguridad para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Actualización de seguridad para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Actualización de seguridad para Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Actualización de seguridad para Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Actualización de seguridad para Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Actualización para Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Actualización para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Actualización para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Actualización para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Actualización para Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Actualización para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Actualización para Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.5-->C:\Archivos de programa\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon iP1300-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1300 /L0x000a
Canon Utilities Easy-PhotoPrint-->C:\Archivos de programa\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Combined Community Codec Pack 2008-01-24-->"C:\Archivos de programa\Combined Community Codec Pack\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Controlador de Logitech® Camera-->"C:\Archivos de programa\Archivos comunes\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
DivX Web Player-->C:\Archivos de programa\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ERUNT 1.1j-->"C:\Archivos de programa\ERUNT\unins000.exe"
ESET Online Scanner v3-->C:\Archivos de programa\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Free DWG Viewer 6.2-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}\setup.exe" -l0x9 -removeonly
Freez FLV to MP3 Converter-->"C:\Archivos de programa\Smallvideosoft\Freez FLV to MP3 Converter\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Archivos de programa\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iPod for Windows 2005-09-06-->C:\Archivos de programa\Archivos comunes\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1} /l1033
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Lexmark Z600 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Desktop Messenger-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0xa UNINSTALL
Logitech QuickCam-->MsiExec.exe /X{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Malwarebytes' Anti-Malware-->"C:\Archivos de programa\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.0 Spanish Language Pack-->MsiExec.exe /X{EBDFE185-7DDD-4687-9EBA-1B24FF7FF496}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110C0A-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
Mozilla Firefox (3.0.13)-->C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero OEM-->C:\Archivos de programa\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Paquete de idioma de Microsoft .NET Framework 2.0 - ESN-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ESN\install.exe
Paquete de idioma para español de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Spanish Language Pack\setup.exe
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0xa -removeonly
Revisión para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Revisión para Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
UMVPLStandalone-->MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
VIA Administrador de dispositivos de plataforma-->C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA/S3G Display Driver 6.14.10.0086-->C:\ARCHIV~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Winamp Remote-->"C:\Archivos de programa\Winamp Remote\uninstall.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Archivos de programa\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format Runtime-->"C:\Archivos de programa\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation Language Pack (ESN)-->MsiExec.exe /X{5668914A-431C-4910-94E7-F6673615B538}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation ES Language Pack-->MsiExec.exe /I{AB588DC0-FC95-42D2-908F-BCAD99596282}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Archivos de programa\WinRAR\uninstall.exe
XAimer-->"C:\Archivos de programa\XAimer\unins000.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: PC
Event Code: 10010
Message: El servidor {DC0C2640-1415-4644-875C-6F4D769839BA} no se registró con DCOM dentro del tiempo de espera requerido.

Record Number: 9938
Source Name: DCOM
Time Written: 20090612000255.000000-240
Event Type: error
User: PC\Felipe

Computer Name: PC
Event Code: 10010
Message: El servidor {DC0C2640-1415-4644-875C-6F4D769839BA} no se registró con DCOM dentro del tiempo de espera requerido.

Record Number: 9937
Source Name: DCOM
Time Written: 20090612000219.000000-240
Event Type: error
User: PC\Felipe

Computer Name: PC
Event Code: 10010
Message: El servidor {DC0C2640-1415-4644-875C-6F4D769839BA} no se registró con DCOM dentro del tiempo de espera requerido.

Record Number: 9936
Source Name: DCOM
Time Written: 20090612000144.000000-240
Event Type: error
User: PC\Felipe

Computer Name: PC
Event Code: 10010
Message: El servidor {DC0C2640-1415-4644-875C-6F4D769839BA} no se registró con DCOM dentro del tiempo de espera requerido.

Record Number: 9935
Source Name: DCOM
Time Written: 20090612000109.000000-240
Event Type: error
User: PC\Felipe

Computer Name: PC
Event Code: 4226
Message: TCP/IP alcanzó el límite de seguridad impuesto sobre el número de intentos de conexión TCP simultáneas.

Record Number: 9932
Source Name: Tcpip
Time Written: 20090611173618.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: PC
Event Code: 20
Message:
Record Number: 4817
Source Name: Google Update
Time Written: 20090628005627.000000-240
Event Type: error
User: PC\Felipe

Computer Name: PC
Event Code: 20
Message:
Record Number: 4816
Source Name: Google Update
Time Written: 20090627235628.000000-240
Event Type: error
User: PC\Felipe

Computer Name: PC
Event Code: 20
Message:
Record Number: 4815
Source Name: Google Update
Time Written: 20090627225627.000000-240
Event Type: error
User: PC\Felipe

Computer Name: PC
Event Code: 20
Message:
Record Number: 4814
Source Name: Google Update
Time Written: 20090627215628.000000-240
Event Type: error
User: PC\Felipe

Computer Name: PC
Event Code: 20
Message:
Record Number: 4808
Source Name: Google Update
Time Written: 20090627195319.000000-240
Event Type: error
User: PC\Felipe

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Archivos de programa\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Archivos de programa\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Archivos de programa\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#8
SpySentinel

Posted 13 August 2009 - 04:53 PM

R.I.P.

Retired Staff
5,152 posts

How is your computer running?

Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack.

Please go to the link below to update.

http://www.adobe.com.../readstep2.html

Posted Image

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u14-windows-i586.exe and select "Run as an Administrator.")

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it. (If you are using Vista, please right-click and select run as administartor)
A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
Copy and Paste the content of the following codebox into the main textfield under "File":
```
:dir
C:\Documents and Settings\All Users\Datos de programa\~0
```
Please Confirm everything is copied and Pasted as I have provided above
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan.
Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task

#9
jocacobe

Posted 13 August 2009 - 05:32 PM

Member

Topic Starter
Member
12 posts

Hi SpySentinel,

Ok, my computer is running normally (it has been this way even with the spam thing), lately none of my friends have received any spam (i think), but I'm not sure if this is completely gone. The popup tab of thenewspedia hasn't appeared in a while. I guess it may be fixed but I still wanna be REALLY SURE!

Ok, the log:

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 19:27 on 13/08/2009 by Felipe (Administrator - Elevation successful)

========== dir ==========

C:\Documents and Settings\All Users\Datos de programa\~0 - Unable to find folder.

-=End Of File=-

Thanks

-Joseph

#10
SpySentinel

Posted 13 August 2009 - 05:37 PM

R.I.P.

Retired Staff
5,152 posts

Glad to here the popups are gone.

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

You can refer to this animation by neomage if needed.

#11
jocacobe

Posted 13 August 2009 - 09:46 PM

Member

Topic Starter
Member
12 posts

Hi SpySentinel,

The scans came out clean (finally!). I guess that the problem is gone. I will post the SUPERAntiSpyware log only because the ESET didn't come up with anything. Here is the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/13/2009 at 10:04 PM

Application Version : 4.27.1002

Core Rules Database Version : 4054
Trace Rules Database Version: 1994

Scan type : Complete Scan
Total Scan Time : 02:24:25

Memory items scanned : 590
Memory threats detected : 0
Registry items scanned : 5505
Registry threats detected : 0
File items scanned : 45970
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][1].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt
C:\Documents and Settings\Felipe\Cookies\[email protected][2].txt

Thanks a lot dude! You are the best!

- Joseph

#12
SpySentinel

Posted 14 August 2009 - 03:26 PM

R.I.P.

Retired Staff
5,152 posts

You're welcome, glad I could help.

Your log looks clean, Great Job

Now for some cleanup..
Please download OTC and save it to Desktop.

Please make sure you are connecting to the Internet
Double-click OTC.exe
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

Go to Start > Programs > Accessories > System Tools and click "System Restore".
Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Then go to Start > Run and type: Cleanmgr
Click "OK".
Click the "More Options" Tab.
Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

No Firewall Onboard

You don't seem to have a firewall program installed. Using a firewall will allow you to allow/deny access for applications that want to go online. Select one of these, or another of your choice:
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

McAfee Site Advisor <= McAfee Site Advisor protects your browser against malicious sites and warns you when you go to one.
MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software