Dear Tampabelle,
Find below both logs.
Again, many thanks for your time and fast replies.
Rgds,
Zuluguen
L2Mfix 1.03
Running From:
C:\Documents and Settings\Kuervo\Escritorio\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Read BUILTIN\Usuarios avanzados
(ID-IO) ALLOW Read BUILTIN\Usuarios avanzados
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administradores
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Read BUILTIN\Usuarios avanzados
(ID-IO) ALLOW Read BUILTIN\Usuarios avanzados
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
C:\Documents and Settings\Kuervo\Escritorio\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\Kuervo\Escritorio\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 1328 'explorer.exe'
Killing PID 1328 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 1412 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINDOWS\system32\irsecsnp.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\ndrshe.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\kt82l7lo1.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\omeacc.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\mrrating.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\kadmlt47.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\maang.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\mkfutil.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\wjnnls.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\wthip6.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\jHvaprxy.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\myxml2.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\mfxml2.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\mwxbse35.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\OrMidi32.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\nfrshe.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\nnrshe.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\j20s0cd7ef0.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\vkr.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\FKWPP.DLL
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\mv04l9dq1.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\m2ju0c19ef.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\kt42l7ho1.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\g0220afoed2c0.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\jt0m07d1e.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\i8jq0i15e8.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\ktr8l79u1.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\vubsub.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\srell32.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\pugfilt.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 archivos copiados.
deleting: C:\WINDOWS\system32\irsecsnp.dll
Successfully Deleted: C:\WINDOWS\system32\irsecsnp.dll
deleting: C:\WINDOWS\system32\ndrshe.dll
Successfully Deleted: C:\WINDOWS\system32\ndrshe.dll
deleting: C:\WINDOWS\system32\kt82l7lo1.dll
Successfully Deleted: C:\WINDOWS\system32\kt82l7lo1.dll
deleting: C:\WINDOWS\system32\omeacc.dll
Successfully Deleted: C:\WINDOWS\system32\omeacc.dll
deleting: C:\WINDOWS\system32\mrrating.dll
Successfully Deleted: C:\WINDOWS\system32\mrrating.dll
deleting: C:\WINDOWS\system32\kadmlt47.dll
Successfully Deleted: C:\WINDOWS\system32\kadmlt47.dll
deleting: C:\WINDOWS\system32\maang.dll
Successfully Deleted: C:\WINDOWS\system32\maang.dll
deleting: C:\WINDOWS\system32\mkfutil.dll
Successfully Deleted: C:\WINDOWS\system32\mkfutil.dll
deleting: C:\WINDOWS\system32\wjnnls.dll
Successfully Deleted: C:\WINDOWS\system32\wjnnls.dll
deleting: C:\WINDOWS\system32\wthip6.dll
Successfully Deleted: C:\WINDOWS\system32\wthip6.dll
deleting: C:\WINDOWS\system32\jHvaprxy.dll
Successfully Deleted: C:\WINDOWS\system32\jHvaprxy.dll
deleting: C:\WINDOWS\system32\myxml2.dll
Successfully Deleted: C:\WINDOWS\system32\myxml2.dll
deleting: C:\WINDOWS\system32\mfxml2.dll
Successfully Deleted: C:\WINDOWS\system32\mfxml2.dll
deleting: C:\WINDOWS\system32\mwxbse35.dll
Successfully Deleted: C:\WINDOWS\system32\mwxbse35.dll
deleting: C:\WINDOWS\system32\OrMidi32.dll
Successfully Deleted: C:\WINDOWS\system32\OrMidi32.dll
deleting: C:\WINDOWS\system32\nfrshe.dll
Successfully Deleted: C:\WINDOWS\system32\nfrshe.dll
deleting: C:\WINDOWS\system32\nnrshe.dll
Successfully Deleted: C:\WINDOWS\system32\nnrshe.dll
deleting: C:\WINDOWS\system32\j20s0cd7ef0.dll
Successfully Deleted: C:\WINDOWS\system32\j20s0cd7ef0.dll
deleting: C:\WINDOWS\system32\vkr.dll
Successfully Deleted: C:\WINDOWS\system32\vkr.dll
deleting: C:\WINDOWS\system32\FKWPP.DLL
Successfully Deleted: C:\WINDOWS\system32\FKWPP.DLL
deleting: C:\WINDOWS\system32\mv04l9dq1.dll
Successfully Deleted: C:\WINDOWS\system32\mv04l9dq1.dll
deleting: C:\WINDOWS\system32\m2ju0c19ef.dll
Successfully Deleted: C:\WINDOWS\system32\m2ju0c19ef.dll
deleting: C:\WINDOWS\system32\kt42l7ho1.dll
Successfully Deleted: C:\WINDOWS\system32\kt42l7ho1.dll
deleting: C:\WINDOWS\system32\g0220afoed2c0.dll
Successfully Deleted: C:\WINDOWS\system32\g0220afoed2c0.dll
deleting: C:\WINDOWS\system32\jt0m07d1e.dll
Successfully Deleted: C:\WINDOWS\system32\jt0m07d1e.dll
deleting: C:\WINDOWS\system32\i8jq0i15e8.dll
Successfully Deleted: C:\WINDOWS\system32\i8jq0i15e8.dll
deleting: C:\WINDOWS\system32\ktr8l79u1.dll
Successfully Deleted: C:\WINDOWS\system32\ktr8l79u1.dll
deleting: C:\WINDOWS\system32\vubsub.dll
Successfully Deleted: C:\WINDOWS\system32\vubsub.dll
deleting: C:\WINDOWS\system32\srell32.dll
Successfully Deleted: C:\WINDOWS\system32\srell32.dll
deleting: C:\WINDOWS\system32\pugfilt.dll
Successfully Deleted: C:\WINDOWS\system32\pugfilt.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
Desktop.ini sucessfully removed
Zipping up files for submission:
adding: irsecsnp.dll (deflated 5%)
adding: ndrshe.dll (deflated 4%)
adding: kt82l7lo1.dll (deflated 5%)
adding: omeacc.dll (deflated 4%)
adding: mrrating.dll (deflated 4%)
adding: kadmlt47.dll (deflated 4%)
adding: maang.dll (deflated 4%)
adding: mkfutil.dll (deflated 4%)
adding: wjnnls.dll (deflated 4%)
adding: wthip6.dll (deflated 4%)
adding: jHvaprxy.dll (deflated 4%)
adding: myxml2.dll (deflated 4%)
adding: mfxml2.dll (deflated 4%)
adding: mwxbse35.dll (deflated 4%)
adding: OrMidi32.dll (deflated 4%)
adding: nfrshe.dll (deflated 4%)
adding: nnrshe.dll (deflated 4%)
adding: j20s0cd7ef0.dll (deflated 4%)
adding: vkr.dll (deflated 4%)
adding: FKWPP.DLL (deflated 4%)
adding: mv04l9dq1.dll (deflated 4%)
adding: m2ju0c19ef.dll (deflated 4%)
adding: kt42l7ho1.dll (deflated 5%)
adding: g0220afoed2c0.dll (deflated 5%)
adding: jt0m07d1e.dll (deflated 5%)
adding: i8jq0i15e8.dll (deflated 4%)
adding: ktr8l79u1.dll (deflated 4%)
adding: vubsub.dll (deflated 5%)
adding: srell32.dll (deflated 5%)
adding: pugfilt.dll (deflated 5%)
adding: guard.tmp (deflated 5%)
adding: echo.reg (deflated 9%)
adding: clear.reg (deflated 37%)
adding: desktop.ini (stored 0%)
adding: readme.txt (deflated 49%)
adding: direct.txt (stored 0%)
adding: report.txt (deflated 66%)
adding: lo2.txt (deflated 84%)
adding: test2.txt (deflated 16%)
adding: test3.txt (deflated 16%)
adding: test5.txt (deflated 16%)
adding: test.txt (deflated 81%)
adding: xfind.txt (deflated 75%)
adding: backregs/shell.reg (deflated 74%)
adding: backregs/35C0AC3F-4CCE-415F-BF54-A825FC25ECF6.reg (deflated 70%)
adding: backregs/4DFB2E34-40E1-4B78-896F-AD662CC1D2A7.reg (deflated 70%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Read BUILTIN\Usuarios avanzados
(ID-IO) ALLOW Read BUILTIN\Usuarios avanzados
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332
deleting local copy: irsecsnp.dll
deleting local copy: ndrshe.dll
deleting local copy: kt82l7lo1.dll
deleting local copy: omeacc.dll
deleting local copy: mrrating.dll
deleting local copy: kadmlt47.dll
deleting local copy: maang.dll
deleting local copy: mkfutil.dll
deleting local copy: wjnnls.dll
deleting local copy: wthip6.dll
deleting local copy: jHvaprxy.dll
deleting local copy: myxml2.dll
deleting local copy: mfxml2.dll
deleting local copy: mwxbse35.dll
deleting local copy: OrMidi32.dll
deleting local copy: nfrshe.dll
deleting local copy: nnrshe.dll
deleting local copy: j20s0cd7ef0.dll
deleting local copy: vkr.dll
deleting local copy: FKWPP.DLL
deleting local copy: mv04l9dq1.dll
deleting local copy: m2ju0c19ef.dll
deleting local copy: kt42l7ho1.dll
deleting local copy: g0220afoed2c0.dll
deleting local copy: jt0m07d1e.dll
deleting local copy: i8jq0i15e8.dll
deleting local copy: ktr8l79u1.dll
deleting local copy: vubsub.dll
deleting local copy: srell32.dll
deleting local copy: pugfilt.dll
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\irsecsnp.dll
C:\WINDOWS\system32\ndrshe.dll
C:\WINDOWS\system32\kt82l7lo1.dll
C:\WINDOWS\system32\omeacc.dll
C:\WINDOWS\system32\mrrating.dll
C:\WINDOWS\system32\kadmlt47.dll
C:\WINDOWS\system32\maang.dll
C:\WINDOWS\system32\mkfutil.dll
C:\WINDOWS\system32\wjnnls.dll
C:\WINDOWS\system32\wthip6.dll
C:\WINDOWS\system32\jHvaprxy.dll
C:\WINDOWS\system32\myxml2.dll
C:\WINDOWS\system32\mfxml2.dll
C:\WINDOWS\system32\mwxbse35.dll
C:\WINDOWS\system32\OrMidi32.dll
C:\WINDOWS\system32\nfrshe.dll
C:\WINDOWS\system32\nnrshe.dll
C:\WINDOWS\system32\j20s0cd7ef0.dll
C:\WINDOWS\system32\vkr.dll
C:\WINDOWS\system32\FKWPP.DLL
C:\WINDOWS\system32\mv04l9dq1.dll
C:\WINDOWS\system32\m2ju0c19ef.dll
C:\WINDOWS\system32\kt42l7ho1.dll
C:\WINDOWS\system32\g0220afoed2c0.dll
C:\WINDOWS\system32\jt0m07d1e.dll
C:\WINDOWS\system32\i8jq0i15e8.dll
C:\WINDOWS\system32\ktr8l79u1.dll
C:\WINDOWS\system32\vubsub.dll
C:\WINDOWS\system32\srell32.dll
C:\WINDOWS\system32\pugfilt.dll
C:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{35C0AC3F-4CCE-415F-BF54-A825FC25ECF6}"=-
"{4DFB2E34-40E1-4B78-896F-AD662CC1D2A7}"=-
[-HKEY_CLASSES_ROOT\CLSID\{35C0AC3F-4CCE-415F-BF54-A825FC25ECF6}]
[-HKEY_CLASSES_ROOT\CLSID\{4DFB2E34-40E1-4B78-896F-AD662CC1D2A7}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 2:51:40, on 06/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Archivos de programa\Ahead\InCD\InCD.exe
C:\WINDOWS\crnz32.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
C:\Archivos de programa\WinZip\Wzqkpick.exe
C:\WINDOWS\system32\oodag.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Kuervo\Mis documentos\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\phbgz.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\phbgz.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\phbgz.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\phbgz.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\phbgz.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\phbgz.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\phbgz.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Telefónica Net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {D54F6CB9-5429-9A95-7B59-D291228E70B8} - C:\WINDOWS\apiyk.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AgenteADSL_15] C:\Archivos de programa\Telefonica\KitAIM\AimExDll.exe AimGestA.dll 8
O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Explorer.EXE] C:\WINDOWS\explorer.exe
O4 - HKLM\..\Run: [crnz32.exe] C:\WINDOWS\crnz32.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Archivos de programa\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Archivos de programa\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [ntsd.exe] C:\WINDOWS\system32\ntsd.exe
O4 - HKLM\..\RunOnce: [syssf.exe] C:\WINDOWS\system32\syssf.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [spywatch] C:\Archivos de programa\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Archivos de programa\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\archivos de programa\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\archivos de programa\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\archivos de programa\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\archivos de programa\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\archivos de programa\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) -
http://www.20x2p.com...01e78/enter.cabO16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) -
http://advnt01.com/d...onale_ver11.CABO17 - HKLM\System\CCS\Services\Tcpip\..\{9D8FBFC1-4DBC-4077-8ADD-FC122A81FBE5}: NameServer = 80.58.0.33,80.58.32.97
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\syssf.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Shell32 - Unknown owner - C:\WINDOWS\system32\com\oboe32\shell32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Winlogon - Unknown owner - C:\WINDOWS\system32\com\oboe32\rundmc.exe (file missing)