Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My hjt log


  • Please log in to reply

#1
joaquin.cruz

joaquin.cruz

    New Member

  • Member
  • Pip
  • 5 posts
There are some problems I'm having with my computer.
For example, if I want to open regedit, Windows opens an MSDOS window with nothing on. (I clicked START>Run> "regedit")
I've tried to open the task manager window, and it never opens.
(I use CTRL+ALT+Del, and then "Task manager").
My windows is Windows XP professional (Spanish version)

I have Zone Alarm installed in my PC, and I noticed that some strange programs were requesting por Internet Access, one of them is mc-18-12-0000137.exe.
I denied it of course.
I just don't know how to fix the problem. I really hope someone helps me.

Thank you in advance.

Here's my hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 04:35:30 p.m., on 28/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\Archivos de programa\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Archivos de programa\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Apoint2K\Apoint.exe
C:\Archivos de programa\EzButton\EzButton.EXE
C:\Archivos de programa\TOSHIBA\E-KEY\CeEKey.exe
C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
C:\Archivos de programa\TOSHIBA\Power Management\CePMTray.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\iRiver\iRiver Manager\Updater\Updater.exe
C:\Archivos de programa\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Archivos de programa\Apoint2K\Apntex.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\NDSTray.exe
C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Archivos de programa\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Archivos de programa\Babylon\Babylon.exe
C:\Archivos de programa\MsUpdate\MsUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\30018.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\sybase\Sybase Central 3.2\win32\scview.exe
c:\sybase\ASE-12_5\bin\sqlsrvr.exe
c:\sybase\ASE-12_5\bin\bcksrvr.exe
C:\Archivos de programa\Sybase\PowerBuilder 9.0\pb90.exe
C:\ARCHIV~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibalatino.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibalatino.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Archivos de programa\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Archivos de programa\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Archivos de programa\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Archivos de programa\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] "C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iRiver Updater] C:\Archivos de programa\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [LtMoh] C:\Archivos de programa\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Real Alternative\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Archivos de programa\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RegKillTray] "C:\Archivos de programa\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Archivos de programa\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [MsUpdate] C:\Archivos de programa\MsUpdate\MsUpdate.exe /auto
O4 - HKLM\..\Run: [ms-update] scvhost.exe
O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Iniciador rápido de Microsoft Office OneNote 2003.lnk = C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: neoDVDplus5.lnk = C:\Archivos de programa\Mediostream\neoDVDplus5\neoTasks.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} (HLiveRobotWeb Control) - https://update3.glob...iveRobotWeb.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -
O16 - DPF: {DA908A29-C179-4844-8EFD-500EFC02C9BB} (Login Class) - http://www.monterrey...KIEPlugin40.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = phimustech.local
O17 - HKLM\Software\..\Telephony: DomainName = phimustech.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB42CA30-3A10-442C-A4E8-85C42CADB848}: NameServer = 172.100.100.160,172.100.100.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{F19580CF-F3A2-4714-AD93-F6E1DD50AA56}: NameServer = 200.33.148.196,175.150.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = phimustech.local
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Archivos de programa\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Sybase BCKServer _ MOBILE_PHIMUS03_BS (SYBBCK_MOBILE_PHIMUS03_BS) - Unknown owner - c:\sybase\ASE-12_5\bin\bcksrvr.exe
O23 - Service: Sybase MONServer _ MOBILE_PHIMUS03_MS (SYBMON_MOBILE_PHIMUS03_MS) - Unknown owner - c:\sybase\ASE-12_5\bin\monsrvr.exe
O23 - Service: Sybase SQLServer _ MOBILE_PHIMUS03 (SYBSQL_MOBILE_PHIMUS03) - Unknown owner - c:\sybase\ASE-12_5\bin\sqlsrvr.exe
O23 - Service: Sybase XPServer _ MOBILE_PHIMUS03_XP (SYBXPS_MOBILE_PHIMUS03_XP) - Unknown owner - c:\sybase\ASE-12_5\bin\xpserver.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Download and unzip BFUzip from here
http://computercops..../Merijn/bfu.zip

Right Click the Zip folder and select "Extract All"

Locate and double click BFU.exe

Now locate and click the Greenish Blue globe with the chord plugged into it!

When the next small window pops up-> Copy&Paste this URL into it and click OK!
http://webpages.char.../p2pnetwork.bfu

Now click the execute button and let the script run!

Reboot into SAFE MODE(F5 or F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

Once in Safe Mode-> From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> Type in MSCONFIG -> click OK.

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Select the tab labeled Startup and put a Check by every box there!! Once everything is enabled, run "Hijack This!" and post a new log to this thread!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates!

Post back with a fresh HijackThis log and the reports from WinPFind and Panda!
  • 0

#3
joaquin.cruz

joaquin.cruz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Yes. It worked.
Thank you very much.

I now can run regedit without problems. And I'm also able to see the tasks running by the task manager.

Thank you again :tazz:

------
This is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 01:32:41 p.m., on 01/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\Archivos de programa\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Archivos de programa\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Apoint2K\Apoint.exe
C:\Archivos de programa\EzButton\EzButton.EXE
C:\Archivos de programa\TOSHIBA\E-KEY\CeEKey.exe
C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
C:\Archivos de programa\TOSHIBA\Power Management\CePMTray.exe
C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Apoint2K\Apntex.exe
C:\Archivos de programa\iRiver\iRiver Manager\Updater\Updater.exe
C:\Archivos de programa\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\NDSTray.exe
C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Archivos de programa\Babylon\Babylon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE
C:\sybase\Sybase Central 3.2\win32\scview.exe
c:\sybase\ASE-12_5\bin\sqlsrvr.exe
c:\sybase\ASE-12_5\bin\bcksrvr.exe
C:\ARCHIV~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibalatino.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibalatino.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Archivos de programa\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Archivos de programa\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Archivos de programa\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Archivos de programa\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] "C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iRiver Updater] C:\Archivos de programa\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [LtMoh] C:\Archivos de programa\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Real Alternative\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Archivos de programa\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RegKillTray] "C:\Archivos de programa\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Archivos de programa\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [WhenUSave] "C:\Archivos de programa\Save\Save.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Iniciador rápido de Microsoft Office OneNote 2003.lnk = C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: neoDVDplus5.lnk = C:\Archivos de programa\Mediostream\neoDVDplus5\neoTasks.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} (HLiveRobotWeb Control) - https://update3.glob...iveRobotWeb.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -
O16 - DPF: {DA908A29-C179-4844-8EFD-500EFC02C9BB} (Login Class) - http://www.monterrey...KIEPlugin40.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = phimustech.local
O17 - HKLM\Software\..\Telephony: DomainName = phimustech.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB42CA30-3A10-442C-A4E8-85C42CADB848}: NameServer = 172.100.100.160,172.100.100.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{F19580CF-F3A2-4714-AD93-F6E1DD50AA56}: NameServer = 200.33.148.196,175.150.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = phimustech.local
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Archivos de programa\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Sybase BCKServer _ MOBILE_PHIMUS03_BS (SYBBCK_MOBILE_PHIMUS03_BS) - Unknown owner - c:\sybase\ASE-12_5\bin\bcksrvr.exe
O23 - Service: Sybase MONServer _ MOBILE_PHIMUS03_MS (SYBMON_MOBILE_PHIMUS03_MS) - Unknown owner - c:\sybase\ASE-12_5\bin\monsrvr.exe
O23 - Service: Sybase SQLServer _ MOBILE_PHIMUS03 (SYBSQL_MOBILE_PHIMUS03) - Unknown owner - c:\sybase\ASE-12_5\bin\sqlsrvr.exe
O23 - Service: Sybase XPServer _ MOBILE_PHIMUS03_XP (SYBXPS_MOBILE_PHIMUS03_XP) - Unknown owner - c:\sybase\ASE-12_5\bin\xpserver.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This is the WinPFind log:

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
aspack 02/07/2005 02:27:56 p.m. 535040 C:\WINDOWS\flashax.exe
PTech 15/04/2005 06:25:44 p.m. 1120051 C:\WINDOWS\setupapi.log.0.old

Checking %System% folder...
UPX! 28/09/2005 04:01:00 p.m. 189691 C:\WINDOWS\SYSTEM32\a.exe
UPX! 17/09/2001 02:20:02 p.m. 9216 C:\WINDOWS\SYSTEM32\cpuinf32.dll
PEC2 24/04/2003 07:00:00 a.m. 41129 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 26/10/2004 05:38:24 p.m. 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 26/10/2004 05:38:24 p.m. 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 29/08/2005 01:27:12 p.m. 520968 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
UPX! 20/11/2003 04:42:36 p.m. 74240 C:\WINDOWS\SYSTEM32\MACDec.dll
UPX! 07/01/2004 12:02:06 a.m. 183296 C:\WINDOWS\SYSTEM32\MonkeySource.ax
PECompact2 08/09/2005 10:08:48 p.m. 2002784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 08/09/2005 10:08:48 p.m. 2002784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 19/08/2004 05:41:32 p.m. 732672 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 19/08/2004 05:42:22 p.m. 677376 C:\WINDOWS\SYSTEM32\rasdlg.dll
aspack 12/05/2005 05:32:06 p.m. 194560 C:\WINDOWS\SYSTEM32\Tots TV.scr
winsync 24/04/2003 07:00:00 a.m. 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 04/08/2004 12:41:38 a.m. 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
01/10/2005 11:14:54 a.m. S 2048 C:\WINDOWS\bootstat.dat
30/09/2005 12:06:02 a.m. H 54156 C:\WINDOWS\QTFont.qfn
01/10/2005 11:14:56 a.m. S 64 C:\WINDOWS\CSC\00000001
30/09/2005 03:02:42 p.m. S 64 C:\WINDOWS\CSC\00000002
24/09/2005 11:47:10 p.m. S 64 C:\WINDOWS\CSC\csc1.tmp
01/10/2005 11:25:48 a.m. H 527 C:\WINDOWS\system32\vsconfig.xml
01/10/2005 01:41:58 p.m. H 1024 C:\WINDOWS\system32\config\default.LOG
01/10/2005 11:15:00 a.m. H 1024 C:\WINDOWS\system32\config\SAM.LOG
01/10/2005 11:15:50 a.m. H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
01/10/2005 01:42:08 p.m. H 1024 C:\WINDOWS\system32\config\software.LOG
01/10/2005 01:37:56 p.m. H 1024 C:\WINDOWS\system32\config\system.LOG
14/09/2005 10:46:46 a.m. H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
07/09/2005 04:13:18 p.m. S 7652 C:\WINDOWS\system32\config\systemprofile\Datos de programa\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
07/09/2005 04:13:18 p.m. S 134 C:\WINDOWS\system32\config\systemprofile\Datos de programa\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
21/09/2005 04:52:08 p.m. HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\6559980c-f9ac-4b4d-b0a5-b1c6a9402b3b
21/09/2005 04:52:08 p.m. HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
28/09/2005 01:07:56 p.m. HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\39c151ac-3c12-461d-a9b4-78f82abebfcd
28/09/2005 01:07:58 p.m. HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
01/10/2005 11:14:56 a.m. H 6 C:\WINDOWS\Tasks\SA.DAT
30/09/2005 01:22:54 p.m. H 412 C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_PHIMUSTECH_joaquin.cruz.job

Checking for CPL files...
19/08/2003 10:20:04 a.m. 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 19/08/2004 05:43:18 p.m. 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 19/08/2004 05:43:18 p.m. 553472 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 19/08/2004 05:43:18 p.m. 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
COMPAL ELECTRONIC INC. 19/08/2004 07:46:34 p.m. 917504 C:\WINDOWS\SYSTEM32\CoPM.cpl
Microsoft Corporation 19/08/2004 05:43:18 p.m. 137216 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 19/08/2004 05:43:18 p.m. 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 19/08/2004 05:43:18 p.m. 156672 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 18/11/2003 02:19:24 a.m. 98304 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Ahead Software AG 15/09/2003 03:56:02 p.m. R 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 19/08/2004 05:43:18 p.m. 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 19/08/2004 05:43:20 p.m. 133120 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 19/08/2004 05:43:20 p.m. 380928 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 19/08/2004 05:43:20 p.m. 70144 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 03/06/2005 03:52:54 a.m. 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 24/04/2003 07:00:00 a.m. 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 19/08/2004 05:43:22 p.m. 626688 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 24/04/2003 07:00:00 a.m. 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 19/08/2004 05:43:22 p.m. 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 19/08/2004 05:43:22 p.m. 259584 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 24/04/2003 07:00:00 a.m. 38400 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 19/08/2004 05:43:22 p.m. 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Intel® Corporation 10/12/2003 03:26:02 a.m. 77824 C:\WINDOWS\SYSTEM32\PRAppltW.cpl
Apple Computer, Inc. 08/04/2004 03:12:42 p.m. 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 19/08/2004 05:43:22 p.m. 302592 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 24/04/2003 07:00:00 a.m. 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 19/08/2004 05:43:22 p.m. 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
15/09/2003 05:41:12 p.m. 495616 C:\WINDOWS\SYSTEM32\TOSCDSPD.cpl
Microsoft Corporation 19/08/2004 05:43:22 p.m. 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 04:16:30 a.m. 175384 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 19/08/2004 05:43:18 p.m. 359936 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 24/04/2003 07:00:00 a.m. 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 24/04/2003 07:00:00 a.m. 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 24/04/2003 07:00:00 a.m. 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 24/04/2003 07:00:00 a.m. 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 26/05/2005 04:16:30 a.m. 175384 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
31/12/2004 01:24:26 p.m. HS 84 C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\desktop.ini
03/01/2005 01:01:06 p.m. 1497 C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\RAMASST.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
31/12/2004 02:37:24 a.m. HS 62 C:\Documents and Settings\All Users\Datos de programa\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
31/12/2004 01:24:26 p.m. HS 84 C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio\desktop.ini
25/07/2005 04:37:22 p.m. 910 C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio\Iniciador rápido de Microsoft Office OneNote 2003.lnk
25/06/2005 12:13:40 a.m. 1802 C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio\neoDVDplus5.lnk

Checking files in %USERPROFILE%\Application Data folder...
31/12/2004 02:37:24 a.m. HS 62 C:\Documents and Settings\Administrador\Datos de programa\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Archivos de programa\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Elemento anclado al menú Inicio = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Archivos de programa\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Archivos de programa\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\archivos de programa\google\googletoolbar1.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Archivos de programa\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Sugerencia del día = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\archivos de programa\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Consola de Sun Java : C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Referencia :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Archivos de programa\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
Banda del explorador para búsqueda de archivos = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Banda de Explorador = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Dirección : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\archivos de programa\google\googletoolbar1.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Dirección : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Vínculos : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\archivos de programa\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint C:\Archivos de programa\Apoint2K\Apoint.exe
EzButton C:\Archivos de programa\EzButton\EzButton.EXE
CeEKEY C:\Archivos de programa\TOSHIBA\E-KEY\CeEKey.exe
PRONoMgr.exe C:\Archivos de programa\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
SunJavaUpdateSched C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
CeEPOWER C:\Archivos de programa\TOSHIBA\Power Management\CePMTray.exe
PINGER C:\TOSHIBA\IVP\ISM\pinger.exe /run
PadTouch "C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
SmoothView C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
ccApp "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
ccRegVfy "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe"
NeroCheck C:\WINDOWS\system32\NeroCheck.exe
iRiver Updater C:\Archivos de programa\iRiver\iRiver Manager\Updater\Updater.exe
LtMoh C:\Archivos de programa\ltmoh\Ltmoh.exe
AGRSMMSG AGRSMMSG.exe
NDSTray.exe NDSTray.exe
Zone Labs Client C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
TkBellExe "C:\Archivos de programa\Real Alternative\Update_OB\realsched.exe" -osboot
Synchronization Manager %SystemRoot%\system32\mobsync.exe /logon
MessengerPlus3 "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
dla C:\WINDOWS\system32\dla\tfswctrl.exe
RegKillElbyCheck "C:\Archivos de programa\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
RegKillTray "C:\Archivos de programa\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
Babylon Client C:\Archivos de programa\Babylon\Babylon.exe -AutoStart
WhenUSave "C:\Archivos de programa\Save\Save.exe"
IgfxTray C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
TOSCDSPD C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe
MSMSGS "C:\Archivos de programa\Messenger\msmsgs.exe" /background
msnmsgr "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\ARCHIV~1\ARCHIV~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoCDBurning 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring
= C:\WINDOWS\System32\LgNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs MsgPlusLoader.dll


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 01/10/2005 01:42:51 p.m.

---------------------

The Panda Online detected 1 virus (and it was disinfected), and 13 spyware.
---------------------
  • 0

#4
joaquin.cruz

joaquin.cruz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
By the way.
I would like to make a donation but I don't have a paypal account.
Is there any other way I can donate?..
I live in Mexico.

Thank you very much.
  • 0

#5
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
You dont worry yourself none about that donation,Im not! :tazz:

Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/...p2002/hosts.htm

Made Easy
http://www.mvps.org/...2002/hosts2.htm

Disable System Restore
http://service1.syma...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup!

Go ahead and remove any of the tools downloaded that are of no use anymore!

Post back and let me know how things are?

Let me know if either of those 2 utilities give you any problems installing or browsing!
  • 0

#6
joaquin.cruz

joaquin.cruz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you very much Cretemonster!
You rock man!

I installed the spywareBlaster, and the Hosts.
I've definitely learnt a lot these days with you. For example, I now know that if I don't know what a program is doing running on my pc I can go to CastleCops to see if that file is listed there... that's very helpful.
I also know about HiJackThis which I didn't know before.
And that Panda online scan (very helpful).
That HOSTS file... that's another one I didn't know about. I feel more safe with my PC by now, I think I have now some very good tools at hand.

But most of all I know some good people I can count on (people like you).

Thank you for your time :tazz:

PS: I wish I could give you a hand in anything you need. This is my email: joaquin.cruz@gmx.co.uk

Best Regards,
  • 0

#7
joaquin.cruz

joaquin.cruz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I've run and configured the Spybaster
Everything is working OK :tazz:

Thank you. You were very helpful and very kind.
  • 0

#8
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Excellent!

You ought to look into joining GeekU and what you can learn there,will pay us all back!

Lets see if I can find that link!
http://www.geekstogo...ek-U-t4817.html

You can always find me around here somewhere if ever ya need!


Now,Go ahead and Renable System Restore and Restart the PC!

This will purge the System Volume Folder and Create a nice new clean one for ya!

Look through those little black links in my signature for more good Info and look at what Metallicas Spyware Page has to offer
http://metallica.geekstogo.com/
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP