OK, here we go...
I think things are better now but maybe still something there...
Whes I log on to WinXP I get an error message
RUNDLL
Error loading c:\WINDOWS\cfgmgr52.dll
The specified module cannot be found
Here are the logs you've requested:
L2Mfix 1.03a
Running From:
C:\files by nacho\l2mfix\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administradores
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
C:\files by nacho\l2mfix\l2mfix
System Rebooted!
Running From:
C:\files by nacho\l2mfix\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Killing PID 1980 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 260 'rundll32.exe'
Killing PID 2256 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINDOWS\system32\odengl32.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\odengl32.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\damodemx.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\damodemx.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\nxdll.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\nxdll.dll
1 archivos copiados.
deleting: C:\WINDOWS\system32\odengl32.dll
Successfully Deleted: C:\WINDOWS\system32\odengl32.dll
deleting: C:\WINDOWS\system32\odengl32.dll
Successfully Deleted: C:\WINDOWS\system32\odengl32.dll
deleting: C:\WINDOWS\system32\damodemx.dll
Successfully Deleted: C:\WINDOWS\system32\damodemx.dll
deleting: C:\WINDOWS\system32\damodemx.dll
Successfully Deleted: C:\WINDOWS\system32\damodemx.dll
deleting: C:\WINDOWS\system32\nxdll.dll
Successfully Deleted: C:\WINDOWS\system32\nxdll.dll
deleting: C:\WINDOWS\system32\nxdll.dll
Successfully Deleted: C:\WINDOWS\system32\nxdll.dll
Desktop.ini sucessfully removed
Zipping up files for submission:
adding: odengl32.dll (deflated 48%)
adding: damodemx.dll (deflated 48%)
adding: nxdll.dll (deflated 48%)
adding: echo.reg (deflated 10%)
adding: clear.reg (deflated 46%)
adding: desktop.ini (stored 0%)
adding: readme.txt (deflated 49%)
adding: direct.txt (deflated 12%)
adding: lo2.txt (deflated 89%)
adding: test2.txt (deflated 27%)
adding: test3.txt (deflated 27%)
adding: test5.txt (deflated 27%)
adding: test.txt (deflated 75%)
adding: xfind.txt (deflated 73%)
adding: backregs/shell.reg (deflated 74%)
adding: backregs/85F99478-8405-4E32-B187-8DE60549B1C0.reg (deflated 70%)
adding: backregs/AC5DEFAF-5EB9-4BD3-9BCB-D2B2F30608E6.reg (deflated 70%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332
deleting local copy: odengl32.dll
deleting local copy: odengl32.dll
deleting local copy: damodemx.dll
deleting local copy: damodemx.dll
deleting local copy: nxdll.dll
deleting local copy: nxdll.dll
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\odengl32.dll
C:\WINDOWS\system32\odengl32.dll
C:\WINDOWS\system32\damodemx.dll
C:\WINDOWS\system32\damodemx.dll
C:\WINDOWS\system32\nxdll.dll
C:\WINDOWS\system32\nxdll.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{85F99478-8405-4E32-B187-8DE60549B1C0}"=-
"{AC5DEFAF-5EB9-4BD3-9BCB-D2B2F30608E6}"=-
"{9D3BFFEE-1C1C-4228-A462-C9418D861021}"=-
[-HKEY_CLASSES_ROOT\CLSID\{85F99478-8405-4E32-B187-8DE60549B1C0}]
[-HKEY_CLASSES_ROOT\CLSID\{AC5DEFAF-5EB9-4BD3-9BCB-D2B2F30608E6}]
[-HKEY_CLASSES_ROOT\CLSID\{9D3BFFEE-1C1C-4228-A462-C9418D861021}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
Incident Status Location
Adware:adware/purityscan No disinfected C:\WINDOWS\SYSTEM32\wnscpcc.exe
Adware:adware/powersearch No disinfected C:\WINDOWS\SYSTEM32\stlb2.xml
Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM32\winupdt.bin
Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\SYSTEM32\exclean.exe
Adware:adware/sqwire No disinfected C:\WINDOWS\SYSTEM32\tsuninst.exe
Adware:adware/iedriver No disinfected C:\WINDOWS\SYSTEM32\Searchx.htm
Adware:adware/afaenhance No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/searchtheweb No disinfected C:\WINDOWS\SYSTEM32\CACHE\mswinstall.exe
Adware:adware/weirdontheweb No disinfected C:\DOCUMENTS AND SETTINGS\ADMIN\FAVORITOS\WeirdOnTheWeb.url
Adware:adware/pacimedia No disinfected C:\DOCUMENTS AND SETTINGS\ADMIN\FAVORITOS\1111\1111.url
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Adware:adware/addestroyer No disinfected C:\DOCUMENTS AND SETTINGS\ADMIN\MEN INICIO\PROGRAMAS\AdDestroyer
Adware:adware/virtualbouncer No disinfected C:\DOCUMENTS AND SETTINGS\ADMIN\MEN INICIO\PROGRAMAS\Virtual Bouncer
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/apropos No disinfected C:\ARCHIVOS DE PROGRAMA\Aprps
Adware:adware/consumeralertsystemNo disinfected C:\ARCHIVOS DE PROGRAMA\CasStub
Adware:adware/elitebar No disinfected C:\DOCUMENTS AND SETTINGS\ADMIN\FAVORITOS\Casino & Carrers
Adware:adware/sidefind No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TSL INSTALLER
Spyware:spyware/betterinet No disinfected HKEY_CURRENT_USER\SOFTWARE\IN3RD
Adware:adware/exactsearch No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\NLS.URLCATCHER.1
Adware:adware/exact.cashback No disinfected HKEY_CLASSES_ROOT\ADP.URLCATCHER.1
Adware:adware/wupd No disinfected HKEY_CLASSES_ROOT\ADTOOLSX.INSTALLER
Adware:adware/bigtrafficnet No disinfected HKEY_CLASSES_ROOT\BTNETW.AMO
Adware:adware/wintools No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\DDATE
Spyware:spyware/media-motor No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\REVISIONS
Spyware:spyware/safesurf No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\RICHED
Spyware:spyware/surfsidekick No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\SURFSIDEKICK3
Spyware:spyware/istbar No disinfected HKEY_CLASSES_ROOT\CLSID\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
Adware:adware/ucmore No disinfected HKEY_CLASSES_ROOT\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E}
Adware:adware/ncase No disinfected HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42CE-9D49-3807F78F0287}
Adware:adware/mediatickets No disinfected HKEY_CLASSES_ROOT\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A}
Adware:adware/powerscan No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\BANDREST
Adware:adware/cws No disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{10e42047-deb9-4535-a118-b3f6ec39b807}
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\DAML7NPY\drugs-ico[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\WE3TQGQN\drugs[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\WE3TQGQN\casino[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\WE3TQGQN\casino-ico[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\71KJXOW7\virus[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\71KJXOW7\fav-ico[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\A3EZACCF\fav[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\A3EZACCF\dating[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\A3EZACCF\dating-ico[1].bmp
Virus:Trj/Qoologic.G Disinfected C:\WINDOWS\system32\avuqq.dat
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\Shex.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\system\QBUninstaller.exe
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1100.dll
Adware:Adware/SearchTheWeb No disinfected C:\Documents and Settings\All Users\Datos de programa\msw\MSW.exe
********************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 3:15:34, on 26/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Archivos de programa\TightVNC\WinVNC.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\Acer\Notebook Manager\almxptray.exe
C:\Archivos de programa\Lexmark X6100 Series\lxbfbmgr.exe
C:\Archivos de programa\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es-us\msnappau.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Archivos de programa\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Archivos de programa\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Archivos de programa\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msnappau] "C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es-us\msnappau.exe"
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Archivos de programa\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Rlts] C:\Archivos de programa\mhcn\obba.exe
O4 - HKCU\..\Run: [Jgu] C:\WINDOWS\System32\w?wexec.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by103fd.bay10...es/MsnPUpld.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
http://www.bitdefend...bitdefender.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {AC2CD8BB-8E60-45B4-B415-1EB1C04E7753} (SAFELAYER FormSign Control) -
https://www.sabadell...formSign001.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pdownloader.cabO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Archivos de programa\TightVNC\WinVNC.exe" -service (file missing)