IE window sometimes not opening

Pharod · 10-26-2006, 11:06 PM

There are some situations where IE window isn't opening. For instance, when I click on the Mail button of Windows Live Messenger, the screen flashes as if IE opened, but it didn't. It also happens in Windows Live One Care (safety.live.com) when I try to scan my PC, it tries to open a new window but can't. It isn't IE's popup blocker because I deactivated it and the problems still occured.

This is my work laptop, so it isn't the one I had the issues some days ago (thanks again ;)).

I'm assuming it is some sort of browser hijacking problem, but I'm not sure. Here I append my HiJackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 12:54:00 a.m., on 27/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe
C:\Archivos de programa\Gizmo Project\mDNSResponder.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\Archivos de programa\Retrospect\retrorun.exe
C:\ARCHIV~1\RETROS~1\wdsvc.exe
C:\Archivos de programa\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\TEMP\YS556E.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Archivos de programa\Toshiba\Toshiba Applet\thotkey.exe
C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Archivos de programa\Synaptics\SynTP\Toshiba.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Archivos de programa\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Archivos de programa\WDC\SetIcon.exe
C:\Archivos de programa\Mindjet\MindManager 6\MMReminderService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Archivos de programa\Google\Google Talk\googletalk.exe
C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\Archivos de programa\Taskbar Shuffle\taskbarshuffle.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Archivos de programa\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.ve/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibalatino.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibalatino.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.227.0.153:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = update.microsoft.com;windowsupdate.microsoft.com;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Archivos de programa\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: Explorer Breadcrumbs Helper Class - {DB5FC78C-0D12-448B-A0B0-DB0F0E6B67DB} - C:\Archivos de programa\Minimalist\Explorer Breadcrumbs\BCToolbar.dll
O3 - Toolbar: Explorer Breadcrumbs - {A3EB65EC-D9B4-4DC1-88AF-0C7A21EBE5F9} - C:\Archivos de programa\Minimalist\Explorer Breadcrumbs\BCToolbar.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Archivos de programa\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Archivos de programa\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Archivos de programa\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Archivos de programa\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Archivos de programa\WDC\SetIcon.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Archivos de programa\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [googletalk] "C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [XPize Reloader] C:\WINDOWS\XPize\XPizeReloader.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Archivos de programa\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Archivos de programa\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - Startup: Iniciador rápido de Microsoft Office OneNote 2003.lnk = C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Archivos de programa\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibalatino.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...lscbase969.cab
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://escritoriodigital/spps/Portal...ces/msddsc.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...81/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - AppInit_DLLs: C:\ARCHIV~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Archivos de programa\Gizmo Project\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Archivos de programa\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\ARCHIV~1\RETROS~1\wdsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Archivos de programa\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Visual Nexus Update - Unknown owner - C:\Archivos de programa\Visual Nexus\Update\vnupdate.exe

Thanks for all the help you can give, I really appreciate it.

Pharod

**Deckard** · 10-30-2006, 11:19 PM

Hello again, Pharod. I thought I'd help you again! You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

I don't see anything obvious in your log, so let's run a few scans to see if anything turns up.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.

Download CleanUp!
Download and install CleanUp! but do not run it yet.

WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp!

WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it.

Download AVG Anti-Spyware
Please download, install, and update AVG Anti-Spyware.

Load AVG Anti-Spyware and then click the Shield tab at the top
- Click on the word active to change it to inactive.
Click the Update tab at the top:
- Under Manual update, click Start update. After the update finishes, the status bar at the bottom will display "Update successful". If you are having trouble updating, you can also download and run the manual updater.
- Under Automatic update, change the Update interval to something more reasonable like 12 or 24 hours.
Click the Scanner tab at the top and then the Settings sub-tab:
- Under How to act?, click Recommended actions and select Quarantine.
- Under Reports, select Automatically generate report after every scan
Close AVG Anti-Spyware. Do not run a scan with it yet.

Download ComboFix
Download ComboFix from one of the following links:

Double click combofix.exe & follow the prompts. While ComboFix is running, please do not click or move the window, as this may cause the tool to stall. When the tool has finished, it will produce a log for you and save it as C:\ComboFix.txt. Post that log in your next reply.

Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.

Run CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following:
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- Cleanup! All Users
- Click on the "Temporary Files" and make sure the box for "Scan drives for file matching" is unchecked.
Click OK.
Press the CleanUp! button to start the program.

Once it's finished CleanUp! will ask you to logoff/reboot. Please select NO as we will do this later.

Run AVG Anti-Spyware

Run AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on Save Report, then Save Report As. Save the report so that you can find it again (like on the Desktop).
Close AVG Anti-Spyware.

Reboot
Reboot your system to Normal Mode.

Online Scan
Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded, click on NEXT.
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database: extended
- Scan Options: Scan Archives and Scan Mail Bases
Click OK
Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done.
Now under select a target to scan, select My Computer
The program will start and scan your system.
The scan will take a while so be patient and let it run all the way.
Once the scan is complete it will display if your system has been infected.
Click on the Save as Text button and save the file to your desktop.
Copy and paste that information in your next post.

Take note the names and locations of any file it detects but fails to clean.

With Your Next Post...
Please paste the following with your next reply (in this order please):

The contents of C:\ComboFix.txt,
AVG Anti-Spyware scan report,
Kaspersky scan report,
a new HiJackThis log taken after Kaspersky finishes.

Pharod · 10-31-2006, 08:39 PM

Hey! Thanks again :)

Here's what I've found.

ComboFix

Alejandro - 06-10-31 20:29:52.11 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Alejandro\Escritorio\Tech Support"

((((((((((((((((((((((((((((((( Files Created from 2006-09-31 to 2006-10-31 ))))))))))))))))))))))))))))))))))

2006-10-31 17:04 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-26 00:39 <DIR> d-------- C:\WINDOWS\McAfee.com
2006-10-18 23:04 43,520 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 22:47 767,488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 22:47 656,896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 22:47 613,376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 22:47 535,040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 22:47 317,440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 22:47 295,936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 22:47 284,160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 22:47 259,072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 22:47 259,072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 22:47 212,992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 22:47 2,603,008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 22:47 199,168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 22:47 166,912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 22:47 133,632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 22:47 132,096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 22:47 130,048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 22:47 101,888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 22:47 1,574,912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 22:47 1,543,680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 22:47 1,382,912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:00 249,856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 21:00 17,408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 10:52 20,569 --a------ C:\WINDOWS\system32\pxc25pm.dll
2006-10-05 21:13 335,872 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2006-10-02 15:28 312,128 --------- C:\WINDOWS\system32\msdelta.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-31 20:28 -------- d-------- C:\Archivos de programa\Mozilla Firefox
2006-10-31 20:27 -------- d-------- C:\Documents and Settings\Alejandro\Datos de programa\Skype
2006-10-31 17:07 -------- d-------- C:\Archivos de programa\AVG Anti-Spyware 7.5
2006-10-31 17:04 -------- d-------- C:\Archivos de programa\CleanUp!
2006-10-31 14:46 -------- d-------- C:\Archivos de programa\Windows Media Player
2006-10-31 14:46 -------- d-------- C:\Archivos de programa\Windows Media Connect 2
2006-10-30 22:20 -------- d-------- C:\Archivos de programa\Windows Live Safety Center
2006-10-30 22:19 -------- d-------- C:\Archivos de programa\MSN Messenger
2006-10-29 23:26 -------- d-------- C:\Documents and Settings\Alejandro\Datos de programa\U3
2006-10-24 21:05 8287232 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-24 20:29 100352 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-24 20:27 272896 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-24 20:17 7680 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-22 12:18 -------- d-------- C:\Documents and Settings\Alejandro\Datos de programa\Lavasoft
2006-10-22 12:17 -------- d-------- C:\Archivos de programa\Lavasoft
2006-10-20 08:29 -------- d-------- C:\Documents and Settings\Alejandro\Datos de programa\Flock
2006-10-20 08:29 -------- d-------- C:\Archivos de programa\Flock
2006-10-19 11:22 -------- d-------- C:\Archivos de programa\Archivos comunes\Intel
2006-10-19 11:22 -------- d-------- C:\Archivos de programa\Archivos comunes
2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 22:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 22:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 22:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 22:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 22:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 22:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 22:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 22:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 22:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 22:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 22:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 22:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 22:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 22:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 22:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 22:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 22:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 22:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 22:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 22:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 22:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 22:47 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-10-18 22:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 22:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 22:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 22:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 22:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 22:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 22:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 22:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 22:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 22:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 21:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2006-10-17 10:52 -------- d-------- C:\Archivos de programa\Tracker Software
2006-10-17 10:51 -------- d-------- C:\Archivos de programa\Mindjet
2006-10-17 10:48 -------- d-------- C:\Documents and Settings\Alejandro\Datos de programa\uTorrent
2006-10-17 09:07 -------- d-------- C:\Archivos de programa\Taskbar Shuffle
2006-10-11 12:36 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2006-10-11 12:36 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
2006-10-11 12:36 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2006-10-11 12:36 153088 --a------ C:\WINDOWS\system32\p2p.dll
2006-10-11 12:36 115712 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2006-10-11 12:36 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2006-10-09 00:29 -------- d-------- C:\Archivos de programa\Picasa2
2006-10-07 12:02 -------- d-------- C:\Documents and Settings\Alejandro\Datos de programa\Macromedia
2006-10-07 11:36 -------- d-------- C:\Archivos de programa\Archivos comunes\Macromedia Shared
2006-10-07 11:34 -------- d-------- C:\Archivos de programa\Archivos comunes\Macromedia
2006-10-07 11:33 -------- d--h----- C:\Archivos de programa\InstallShield Installation Information
2006-10-07 11:33 -------- d-------- C:\Archivos de programa\Macromedia
2006-10-05 21:14 -------- d-------- C:\Archivos de programa\WDC
2006-10-05 21:13 -------- d-------- C:\Archivos de programa\Retrospect
2006-10-05 21:13 -------- d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2006-10-04 13:04 -------- d---s---- C:\Documents and Settings\Alejandro\Datos de programa\Microsoft
2006-10-02 09:32 -------- d-------- C:\Documents and Settings\Alejandro\Datos de programa\Talkback
2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 19:00 82944 --------- C:\WINDOWS\system32\drivers\WudfRd.sys
2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
2006-09-28 18:55 77568 --------- C:\WINDOWS\system32\drivers\WudfPf.sys
2006-09-27 23:42 -------- d-------- C:\Archivos de programa\DivX
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-24 17:13 -------- d-------- C:\Archivos de programa\Minimalist
2006-09-21 14:45 -------- d-------- C:\Documents and Settings\Alejandro\Datos de programa\AdobeUM
2006-09-19 14:18 -------- d-------- C:\Archivos de programa\Vim
2006-09-18 23:19 -------- d-------- C:\Documents and Settings\Alejandro\Datos de programa\Media Player Classic
2006-09-18 14:11 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-09-18 14:11 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-09-18 14:11 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-09-18 14:11 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-13 01:02 1350656 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 23:22 -------- d-------- C:\Documents and Settings\Alejandro\Datos de programa\ArcSoft
2006-09-12 22:36 -------- d-------- C:\Archivos de programa\SanDisk
2006-09-12 20:27 -------- d-------- C:\Archivos de programa\Archivos comunes\ArcSoft
2006-09-12 10:11 48 --a------ C:\Documents and Settings\Alejandro\Datos de programa\ItDb.enc
2006-09-12 10:09 21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-09-12 10:09 -------- d-------- C:\Archivos de programa\Intel
2006-09-12 10:08 -------- d-------- C:\Documents and Settings\Alejandro\Datos de programa\Intel
2006-09-07 11:09 -------- d-------- C:\Archivos de programa\Microsoft Office
2006-09-07 11:06 0 --a------ C:\Documents and Settings\Alejandro\Datos de programa\wklnhst.dat
2006-09-07 11:06 -------- d-------- C:\Documents and Settings\Alejandro\Datos de programa\Template
2006-09-07 10:03 -------- d-------- C:\Documents and Settings\Alejandro\Datos de programa\Leadertech
2006-09-07 10:03 -------- d-------- C:\Archivos de programa\Diskeeper Corporation
2006-09-06 22:54 -------- d-------- C:\Archivos de programa\Warcraft III
2006-09-05 15:59 -------- d-------- C:\Documents and Settings\Alejandro\Datos de programa\Google
2006-09-05 15:59 -------- d-------- C:\Archivos de programa\Google
2006-09-05 09:44 -------- d-------- C:\Archivos de programa\IrfanView
2006-09-04 11:07 -------- d-------- C:\Archivos de programa\GIMP-2.0
2006-09-04 11:06 -------- d-------- C:\Archivos de programa\Archivos comunes\GTK
2006-09-02 22:01 -------- d-------- C:\Documents and Settings\Alejandro\Datos de programa\Ventrilo
2006-09-02 22:00 -------- d-------- C:\Archivos de programa\Ventrilo
2006-09-02 18:19 -------- d-------- C:\Archivos de programa\DVD Decrypter
2006-08-25 12:08 217088 --a------ C:\WINDOWS\system32\atasnt40.dll
2006-08-25 11:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 08:27 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 07:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-14 16:13 40960 --a------ C:\WINDOWS\system32\InstaCollLaunch.dll
2006-08-11 13:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 13:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 13:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 13:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 13:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 13:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 13:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 13:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 13:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 13:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 13:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11 13:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"TOSCDSPD"="C:\\Archivos de programa\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"googletalk"="\"C:\\Archivos de programa\\Google\\Google Talk\\googletalk.exe\" /autostart"
"TaskSwitchXP"="C:\\Archivos de programa\\TaskSwitchXP\\TaskSwitchXP.exe"
"XPize Reloader"="C:\\WINDOWS\\XPize\\XPizeReloader.exe /S"
"MsnMsgr"="\"C:\\Archivos de programa\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Archivos de programa\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"updateMgr"="\"C:\\Archivos de programa\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"Taskbar Shuffle"="C:\\Archivos de programa\\Taskbar Shuffle\\taskbarshuffle.exe"
"pdfSaver3"="\"C:\\Archivos de programa\\Tracker Software\\PDF-XChange 3\\pdfSaver\\pdfSaver3.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TFncKy"="TFncKy.exe"
"TPSMain"="TPSMain.exe"
"ATIPTA"="\"C:\\Archivos de programa\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"SynTPEnh"="C:\\Archivos de programa\\Synaptics\\SynTP\\SynTPEnh.exe"
"LtMoh"="C:\\Archivos de programa\\ltmoh\\Ltmoh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"THotkey"="C:\\Archivos de programa\\Toshiba\\Toshiba Applet\\thotkey.exe"
"Tvs"="C:\\Archivos de programa\\TOSHIBA\\Tvs\\TvsTray.exe"
"SmoothView"="C:\\Archivos de programa\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Pinger"="c:\\toshiba\\ivp\\ism\\pinger.exe /run"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechCameraAssistant"="C:\\Archivos de programa\\Logitech\\Video\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Archivos de programa\\Logitech\\Video\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"Picasa Media Detector"="C:\\Archivos de programa\\Picasa2\\PicasaMediaDetector.exe"
"OfficeScanNT Monitor"="\"C:\\Archivos de programa\\Trend Micro\\OfficeScan Client\\pccntmon.exe\" -HideWindow"
"Google Desktop Search"="\"C:\\Archivos de programa\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"DiskeeperSystray"="\"C:\\Archivos de programa\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"IntelZeroConfig"="\"C:\\Archivos de programa\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Archivos de programa\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"WD Button Manager"="WDBtnMgr.exe"
"SetIcon"="\\Archivos de programa\\WDC\\SetIcon.exe"
"MMReminderService"="C:\\Archivos de programa\\Mindjet\\MindManager 6\\MMReminderService.exe"
"!AVG Anti-Spyware"="\"C:\\Archivos de programa\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mi página de inicio actual"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,96,00,00,00,00,00,00,00,6a,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precargador Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demonio de caché de las categorías de componente"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oasclnt"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-31 20:31:04.24
C:\ComboFix.txt ... 06-10-31 20:31
C:\ComboFix2.txt ... 06-10-31 20:29
C:\ComboFix3.txt ... 06-10-31 20:16

AVG Anti-Spyware

---------------------------------------------------------
AVG Anti-Spyware - Informe del análisis
---------------------------------------------------------

+ Creado en: 21:51 06-10-31

+ Resultado del análisis:

:mozilla.673:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.2o7 : Limpios.
:mozilla.674:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.2o7 : Limpios.
:mozilla.675:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.2o7 : Limpios.
:mozilla.676:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.2o7 : Limpios.
:mozilla.677:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.2o7 : Limpios.
:mozilla.678:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.2o7 : Limpios.
:mozilla.786:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.2o7 : Limpios.
:mozilla.47:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Atdmt : Limpios.
:mozilla.168:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Com : Limpios.
:mozilla.169:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Com : Limpios.
:mozilla.170:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Com : Limpios.
:mozilla.171:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Com : Limpios.
:mozilla.172:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Com : Limpios.
:mozilla.430:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Com : Limpios.
:mozilla.431:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Com : Limpios.
:mozilla.463:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Coremetrics : Limpios.
:mozilla.803:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Coremetrics : Limpios.
:mozilla.941:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Estat : Limpios.
:mozilla.259:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Falkag : Limpios.
:mozilla.260:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Falkag : Limpios.
:mozilla.261:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Falkag : Limpios.
:mozilla.262:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Falkag : Limpios.
:mozilla.766:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Hitslink : Limpios.
:mozilla.191:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Hotlog : Limpios.
:mozilla.779:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Liveperson : Limpios.
:mozilla.780:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Liveperson : Limpios.
:mozilla.781:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Liveperson : Limpios.
:mozilla.793:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Liveperson : Limpios.
:mozilla.794:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Liveperson : Limpios.
:mozilla.58:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Mediaplex : Limpios.
:mozilla.356:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Qksrv : Limpios.
:mozilla.359:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Qksrv : Limpios.
:mozilla.192:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Spylog : Limpios.
:mozilla.214:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.215:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.216:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.217:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.218:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.219:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.220:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.221:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.222:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.223:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.224:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.225:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.226:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.227:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.228:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.229:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.230:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.231:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.232:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.233:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.234:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.235:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.236:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.237:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.238:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.239:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.240:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.241:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.242:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.243:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.244:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.245:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.246:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.247:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.248:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.249:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.250:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.251:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.252:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Statcounter : Limpios.
:mozilla.354:C:\Documents and Settings\Alejandro\Datos de programa\Flock\Browser\Profiles\w6k2xwhb.default\cookies.txt -> TrackingCookie.Webtrendslive : Limpios.

::Fin del informe

Kaspersky

Note: when I tried to run Kaspersky in IE, the window opened and closed quickly (the problem I'm having). I had to access manually the address by looking at my recent History.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
06-10-31 23:30
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 1/11/2006
Kaspersky Anti-Virus database records: 236813
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 78931
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:07:07

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\Trend Micro\OfficeScan Client\ConnLog\Conn_20061031.log Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\dbdam Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\dbdao Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\dbeam Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\dbeao Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\dbm Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\fii.cf1 Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\hp Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Google\Google Desktop\acc90b25c4a5\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Temp\Perflib_Perfdata_bdc.dat Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Temp\~DF272A.tmp Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Temp\~DFB393.tmp Object is locked skipped
C:\Documents and Settings\Alejandro\Configuración local\Temp\~DFC52F.tmp Object is locked skipped
C:\Documents and Settings\Alejandro\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\call256.dbb Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\chat1024.dbb Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\chat512.dbb Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\index2.dat Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\profile4096.dbb Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\user1024.dbb Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\user16384.dbb Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\user4096.dbb Object is locked skipped
C:\Documents and Settings\Alejandro\Datos de programa\Skype\guainam\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Alejandro\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alejandro\Local Settings\History\History.IE5\MSHist012006103120061101\index.dat Object is locked skipped
C:\Documents and Settings\Alejandro\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alejandro\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Alejandro\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{226636B8-ABAC-4E00-8732-F335FE6F8F34}\RP95\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{DBB12C44-E404-4D89-94DF-9B734050D878}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd4781.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_55c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Thanks again for all the help, I appreciate it.

Pharod

Pharod · 10-31-2006, 08:42 PM

Forgot to paste the HiJackThis log file :)

HiJackThis

Logfile of HijackThis v1.99.1
Scan saved at 23:39, on 06-10-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe
C:\Archivos de programa\AVG Anti-Spyware 7.5\guard.exe
C:\Archivos de programa\Gizmo Project\mDNSResponder.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\Archivos de programa\Retrospect\retrorun.exe
C:\ARCHIV~1\RETROS~1\wdsvc.exe
C:\Archivos de programa\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\TEMP\HJ16C4.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Archivos de programa\Toshiba\Toshiba Applet\thotkey.exe
C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\Archivos de programa\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Archivos de programa\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Archivos de programa\WDC\SetIcon.exe
C:\Archivos de programa\Mindjet\MindManager 6\MMReminderService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Archivos de programa\Google\Google Talk\googletalk.exe
C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
C:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\Archivos de programa\Taskbar Shuffle\taskbarshuffle.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Archivos de programa\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = << Bienvenidos TOSHIBA LatinoamÃ©rica >>
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = << Bienvenidos TOSHIBA LatinoamÃ©rica >>
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.227.0.153:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = update.microsoft.com;windowsupdate.microsoft.com;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Archivos de programa\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: Explorer Breadcrumbs Helper Class - {DB5FC78C-0D12-448B-A0B0-DB0F0E6B67DB} - C:\Archivos de programa\Minimalist\Explorer Breadcrumbs\BCToolbar.dll
O3 - Toolbar: Explorer Breadcrumbs - {A3EB65EC-D9B4-4DC1-88AF-0C7A21EBE5F9} - C:\Archivos de programa\Minimalist\Explorer Breadcrumbs\BCToolbar.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Archivos de programa\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Archivos de programa\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Archivos de programa\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Archivos de programa\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Archivos de programa\WDC\SetIcon.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Archivos de programa\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [googletalk] "C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [XPize Reloader] C:\WINDOWS\XPize\XPizeReloader.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Archivos de programa\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Archivos de programa\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - Startup: Iniciador rápido de Microsoft Office OneNote 2003.lnk = C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Archivos de programa\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibalatino.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...lscbase969.cab
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://escritoriodigital/spps/Portal...ces/msddsc.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...81/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - AppInit_DLLs: C:\ARCHIV~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Archivos de programa\Gizmo Project\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Archivos de programa\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\ARCHIV~1\RETROS~1\wdsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Archivos de programa\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Visual Nexus Update - Unknown owner - C:\Archivos de programa\Visual Nexus\Update\vnupdate.exe

Cheers!

Pharod

**Deckard** · 10-31-2006, 09:23 PM

Clean as a whistle. Let's run more more online scan to rule out any malware, then your best bet may be to post your problem in our Internet Explorer Forum. They'll have a better idea of diagnosing and fixing the problem.

Clear your Flock cookies.

Online Scan
Perform an online scan with Internet Explorer with Panda ActiveScan.

Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker.
Enter your e-mail address, country, and state and click Scan Now.
Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control.
Begin the scan by selecting My Computer. Note:
- Please turn off the real time scanner of any existing antivirus program while performing the online scan.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on See report then click Save report.
- It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report.

Post the Panda report and a new HijackThis log.

Pharod · 11-01-2006, 07:26 AM

Hi. These are the results.

Panda ActiveScan

Note: when I tried to run ActiveScan in IE, the window opened and closed quickly (just like with Kaspersky). I had to access manually the address by looking at my recent History.

Incident Status Location

Possible Virus. Not disinfected C:\Archivos de programa\shizmoo\webgames\uninstall.exe
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alejandro\Datos de programa\Mozilla\Firefox\Profiles\sdi5j2m2.default\cookies.txt[.com.com/]
Potentially unwanted tool:Application/FileProtec.A Not disinfected C:\WINDOWS\XPize\uninst.exe[wfpdisable.exe]

HiJackThis

Logfile of HijackThis v1.99.1
Scan saved at 10:23, on 06-11-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe
C:\Archivos de programa\AVG Anti-Spyware 7.5\guard.exe
C:\Archivos de programa\Gizmo Project\mDNSResponder.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\Archivos de programa\Retrospect\retrorun.exe
C:\ARCHIV~1\RETROS~1\wdsvc.exe
C:\Archivos de programa\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\TEMP\HJ16C4.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Archivos de programa\Toshiba\Toshiba Applet\thotkey.exe
C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\Archivos de programa\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Archivos de programa\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Archivos de programa\WDC\SetIcon.exe
C:\Archivos de programa\Mindjet\MindManager 6\MMReminderService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Archivos de programa\Google\Google Talk\googletalk.exe
C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
C:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\Archivos de programa\Taskbar Shuffle\taskbarshuffle.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Archivos de programa\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\Archivos de programa\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Archivos de programa\Microsoft Office\OFFICE11\WINWORD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = << Bienvenidos TOSHIBA LatinoamÃ©rica >>
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = << Bienvenidos TOSHIBA LatinoamÃ©rica >>
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.227.0.153:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = update.microsoft.com;windowsupdate.microsoft.com;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Archivos de programa\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: Explorer Breadcrumbs Helper Class - {DB5FC78C-0D12-448B-A0B0-DB0F0E6B67DB} - C:\Archivos de programa\Minimalist\Explorer Breadcrumbs\BCToolbar.dll
O3 - Toolbar: Explorer Breadcrumbs - {A3EB65EC-D9B4-4DC1-88AF-0C7A21EBE5F9} - C:\Archivos de programa\Minimalist\Explorer Breadcrumbs\BCToolbar.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Archivos de programa\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Archivos de programa\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Archivos de programa\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Archivos de programa\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Archivos de programa\WDC\SetIcon.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Archivos de programa\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [googletalk] "C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [XPize Reloader] C:\WINDOWS\XPize\XPizeReloader.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Archivos de programa\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Archivos de programa\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - Startup: Iniciador rápido de Microsoft Office OneNote 2003.lnk = C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Archivos de programa\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibalatino.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...lscbase969.cab
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://escritoriodigital/spps/Portal...ces/msddsc.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...81/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - AppInit_DLLs: C:\ARCHIV~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Archivos de programa\Gizmo Project\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Archivos de programa\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\ARCHIV~1\RETROS~1\wdsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Archivos de programa\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Visual Nexus Update - Unknown owner - C:\Archivos de programa\Visual Nexus\Update\vnupdate.exe

Thanks for all the help,

Pharod

**Deckard** · 11-01-2006, 07:35 PM

I'm thinking it might not be malware related. Unfortunately, that also means I don't know what might be causing it. Let's do one more scan just to be on the safe side.

Download GMER
Download GMER and extract it to your desktop.

Double-click gmer.exe to run it and select the Rootkit tab. Press scan. When it has finished, press copy and paste the log back here.

If this comes up clean -- and I'm fairly certain it will -- you may want to post this problem to in our XP forum.

Pharod · 11-02-2006, 05:52 AM

Well, as IE7 just arrived in Spanish last night, I installed it. The problem I was having is gone now.

The good news is that the problem is gone. The bad news is that I wasted your time :P

Thanks for all the help Deckard!

Pharod

**Deckard** · 11-02-2006, 07:01 PM

No problem. Let's close you out, then.

Well done, your logs are clean! Any more issues? If not, you should be good to go but we still have a few items we'd like to address.

Reset System Restore

Go to Start>Run, type SYSDM.CPL and press Enter.
Select the System Restore tab.
Check "Turn off System Restore on all drives" and click Apply.
Now uncheck the same option and click OK.

Re-enable Protection
Turn back on any malware prevention tools we might have had you switch off.

Microsoft Updates
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by malware. Using Internet Explorer, please go to Microsoft's Windows Update and download all of the critical updates to help prevent possible re-infection.

Please ensure that you have already patched your system against these recent critical exploits:

WMF exploit: KB912919
VML exploit: KB925486

Enable Windows Auto Update:

Go to Start>Run, type WUAUCPL.CPL and press Enter.
Make sure "Keep my computer up to date" is checked.
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Update Java
You need to update your Java as it is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without multi-language and save to your desktop.
Close any programs you may have running -- especially your web browser(s).
Go to Start→Control Panel double-click on Add/Remove Programs.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each version of Java.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
After the reboot, go back into the Control Panel and double-click the Java icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL three checked:
- Downloaded Applets
- Downloaded Applications
- Other Files
Click OK on Delete Temporary Files Window. NOTE: This deletes ALL of the Downloaded Applications and Applets from the cache.
Click OK to leave the Java Control Panel.

Malware Prevention
This is a good time to set up protection against further attacks. You might want to read Tony Klein's "How Did I Get Infected In The First Place?". At the minimum, you need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard to prevent spyware intrusions. I also recommend IE-Spyad, which places over 4,000 websites and domains in the IE Restricted list, thus helping prevent attempts to re-infect your system. All of these have no-strings-attached free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use but often have malware in them.

Two more articles you may want to read at your leisure are "KRC Anti-Spyware Tutorial" and "Making Internet Explorer Safer".

The following is a list of free software we recommend:

Antivirus
AV software should be updated at least once a week for optimum protection. Here are some free AV programs available for personal use. NOTE: Do not install more than one AV program because they will conflict with each other. Only pick one.

AOL Active Virus Shield (powered by Kaspersky Antivirus)
BitDefender
Avira PersonalEdition Classic
Avast!
AVG

Firewalls
A good firewall is the first-line of defense for your computer and will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you are unfamiliar with how a firewall works, you can read "Understanding and Using Firewalls". Here are some free firewalls available for personal use:

Realtime Malware Prevention Tools
These programs actively watch your computer for possible malware-related changes and help prevent them. You can run more than one of these at a time.

Passive Malware Prevention Tools
These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.

SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
IE-Spyad - Extract to your desktop and double-click install.bat. Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them. You can read more about it on it's homepage.
MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.

Alternative Web Browsers
Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.

Alternative Miscellaneous
Here are some alternatives that are worth looking into if you use their features:

Trillian - an Instant Messenger client that speaks multiple IM services (AIM, Yahoo!, ICQ, MSN, etc.)
Miranda-IM - another Instant Messenger client with multiple IM capabilities.
Desktop Weather - A taskbar weather program that is free and resource light.

Please respond to this thread one more time so we can mark this thread as resolved.

Pharod · 11-02-2006, 09:11 PM

Thanks again Deckard. I'll be updating Java and other things. You can mark this as resolved. Excelent forum! :)

Pharod

10-26-2006, 11:06 PM	#1 (permalink)
Pharod Registered User Join Date: Oct 2006 Posts: 20 OS: Windows XP	IE window sometimes not opening There are some situations where IE window isn't opening. For instance, when I click on the Mail button of Windows Live Messenger, the screen flashes as if IE opened, but it didn't. It also happens in Windows Live One Care (safety.live.com) when I try to scan my PC, it tries to open a new window but can't. It isn't IE's popup blocker because I deactivated it and the problems still occured. This is my work laptop, so it isn't the one I had the issues some days ago (thanks again ;)). I'm assuming it is some sort of browser hijacking problem, but I'm not sure. Here I append my HiJackThis log. Logfile of HijackThis v1.99.1 Scan saved at 12:54:00 a.m., on 27/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe C:\Archivos de programa\Gizmo Project\mDNSResponder.exe C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe C:\Archivos de programa\Retrospect\retrorun.exe C:\ARCHIV~1\RETROS~1\wdsvc.exe C:\Archivos de programa\SanDisk\Sansa Updater\SansaSvr.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\TEMP\YS556E.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Archivos de programa\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TPSMain.exe C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\TPSBattM.exe C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe C:\Archivos de programa\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Archivos de programa\Toshiba\Toshiba Applet\thotkey.exe C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Archivos de programa\Synaptics\SynTP\Toshiba.exe C:\toshiba\ivp\ism\pinger.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Archivos de programa\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe C:\Archivos de programa\Trend Micro\OfficeScan Client\Pop3Trap.exe C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Archivos de programa\WDC\SetIcon.exe C:\Archivos de programa\Mindjet\MindManager 6\MMReminderService.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Archivos de programa\Google\Google Talk\googletalk.exe C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe C:\Archivos de programa\Skype\Phone\Skype.exe C:\Archivos de programa\Taskbar Shuffle\taskbarshuffle.exe C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Archivos de programa\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\RAMASST.exe C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.ve/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibalatino.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibalatino.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.227.0.153:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = update.microsoft.com;windowsupdate.microsoft.com;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Archivos de programa\Mindjet\MindManager 6\Mm6InternetExplorer.dll O2 - BHO: Explorer Breadcrumbs Helper Class - {DB5FC78C-0D12-448B-A0B0-DB0F0E6B67DB} - C:\Archivos de programa\Minimalist\Explorer Breadcrumbs\BCToolbar.dll O3 - Toolbar: Explorer Breadcrumbs - {A3EB65EC-D9B4-4DC1-88AF-0C7A21EBE5F9} - C:\Archivos de programa\Minimalist\Explorer Breadcrumbs\BCToolbar.dll O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Archivos de programa\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Archivos de programa\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [Tvs] C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Archivos de programa\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Archivos de programa\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [Picasa Media Detector] C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Google Desktop Search] "C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [SetIcon] \Archivos de programa\WDC\SetIcon.exe O4 - HKLM\..\Run: [MMReminderService] C:\Archivos de programa\Mindjet\MindManager 6\MMReminderService.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [googletalk] "C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [TaskSwitchXP] C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [XPize Reloader] C:\WINDOWS\XPize\XPizeReloader.exe /S O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [updateMgr] "C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Archivos de programa\Taskbar Shuffle\taskbarshuffle.exe O4 - HKCU\..\Run: [pdfSaver3] "C:\Archivos de programa\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" O4 - Startup: Iniciador rápido de Microsoft Office OneNote 2003.lnk = C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Archivos de programa\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibalatino.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...lscbase969.cab O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://escritoriodigital/spps/Portal...ces/msddsc.cab O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...81/mcfscan.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file) O20 - AppInit_DLLs: C:\ARCHIV~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Archivos de programa\Gizmo Project\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Archivos de programa\Retrospect\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\ARCHIV~1\RETROS~1\wdsvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Archivos de programa\SanDisk\Sansa Updater\SansaSvr.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: Visual Nexus Update - Unknown owner - C:\Archivos de programa\Visual Nexus\Update\vnupdate.exe Thanks for all the help you can give, I really appreciate it. Pharod

10-30-2006, 11:19 PM	#2 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Hello again, Pharod. I thought I'd help you again! You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. I don't see anything obvious in your log, so let's run a few scans to see if anything turns up. Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any. Download CleanUp! Download and install CleanUp! but do not run it yet. WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp! WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it. Download AVG Anti-Spyware Please download, install, and update AVG Anti-Spyware. Load AVG Anti-Spyware and then click the Shield tab at the top Click on the word active to change it to inactive. Click the Update tab at the top: Under Manual update, click Start update. After the update finishes, the status bar at the bottom will display "Update successful". If you are having trouble updating, you can also download and run the manual updater. Under Automatic update, change the Update interval to something more reasonable like 12 or 24 hours. Click the Scanner tab at the top and then the Settings sub-tab: Under How to act?, click Recommended actions and select Quarantine. Under Reports, select Automatically generate report after every scan Close AVG Anti-Spyware. Do not run a scan with it yet. Download ComboFix Download ComboFix from one of the following links: http://www.techsupportforum.com/sectools/combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe Double click combofix.exe & follow the prompts. While ComboFix is running, please do not click or move the window, as this may cause the tool to stall. When the tool has finished, it will produce a log for you and save it as C:\ComboFix.txt. Post that log in your next reply. Reboot Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows. Run CleanUp! Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click on the "Temporary Files" and make sure the box for "Scan drives for file matching" is unchecked. Click OK. Press the CleanUp! button to start the program. Once it's finished CleanUp! will ask you to logoff/reboot. Please select NO as we will do this later. Run AVG Anti-Spyware Run AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared. AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side. Click on Save Report, then Save Report As. Save the report so that you can find it again (like on the Desktop). Close AVG Anti-Spyware. Reboot Reboot your system to Normal Mode. Online Scan Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files. Once the files have been downloaded, click on NEXT. Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: extended Scan Options: Scan Archives and Scan Mail Bases Click OK Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done. Now under select a target to scan, select My Computer The program will start and scan your system. The scan will take a while so be patient and let it run all the way. Once the scan is complete it will display if your system has been infected. Click on the Save as Text button and save the file to your desktop. Copy and paste that information in your next post. Take note the names and locations of any file it detects but fails to clean. With Your Next Post... Please paste the following with your next reply (in this order please): The contents of C:\ComboFix.txt, AVG Anti-Spyware scan report, Kaspersky scan report, a new HiJackThis log taken after Kaspersky finishes. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

10-31-2006, 09:23 PM	#5 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Clean as a whistle. Let's run more more online scan to rule out any malware, then your best bet may be to post your problem in our Internet Explorer Forum. They'll have a better idea of diagnosing and fixing the problem. Clear your Flock cookies. Online Scan Perform an online scan with Internet Explorer with Panda ActiveScan. Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker. Enter your e-mail address, country, and state and click Scan Now. Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control. Begin the scan by selecting My Computer. Note: Please turn off the real time scanner of any existing antivirus program while performing the online scan. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on See report then click Save report. It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report. Post the Panda report and a new HijackThis log. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

11-01-2006, 07:35 PM	#7 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	I'm thinking it might not be malware related. Unfortunately, that also means I don't know what might be causing it. Let's do one more scan just to be on the safe side. Download GMER Download GMER and extract it to your desktop. Double-click gmer.exe to run it and select the Rootkit tab. Press scan. When it has finished, press copy and paste the log back here. If this comes up clean -- and I'm fairly certain it will -- you may want to post this problem to in our XP forum. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

11-02-2006, 07:01 PM	#9 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	No problem. Let's close you out, then. Well done, your logs are clean! Any more issues? If not, you should be good to go but we still have a few items we'd like to address. Reset System Restore Go to Start>Run, type SYSDM.CPL and press Enter. Select the System Restore tab. Check "Turn off System Restore on all drives" and click Apply. Now uncheck the same option and click OK. Re-enable Protection Turn back on any malware prevention tools we might have had you switch off. Microsoft Updates It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by malware. Using Internet Explorer, please go to Microsoft's Windows Update and download all of the critical updates to help prevent possible re-infection. Please ensure that you have already patched your system against these recent critical exploits: WMF exploit: KB912919 VML exploit: KB925486 Enable Windows Auto Update: Go to Start>Run, type WUAUCPL.CPL and press Enter. Make sure "Keep my computer up to date" is checked. Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Update Java You need to update your Java as it is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without multi-language and save to your desktop. Close any programs you may have running -- especially your web browser(s). Go to Start→Control Panel double-click on Add/Remove Programs. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each version of Java. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version. After the reboot, go back into the Control Panel and double-click the Java icon. Under Temporary Internet Files, click the Delete Files button. There are three options in the window to clear the cache - Leave ALL three checked: Downloaded Applets Downloaded Applications Other Files Click OK on Delete Temporary Files Window. NOTE: This deletes ALL of the Downloaded Applications and Applets from the cache. Click OK to leave the Java Control Panel. Malware Prevention This is a good time to set up protection against further attacks. You might want to read Tony Klein's "How Did I Get Infected In The First Place?". At the minimum, you need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard to prevent spyware intrusions. I also recommend IE-Spyad, which places over 4,000 websites and domains in the IE Restricted list, thus helping prevent attempts to re-infect your system. All of these have no-strings-attached free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use but often have malware in them. Two more articles you may want to read at your leisure are "KRC Anti-Spyware Tutorial" and "Making Internet Explorer Safer". The following is a list of free software we recommend: Antivirus AV software should be updated at least once a week for optimum protection. Here are some free AV programs available for personal use. NOTE: Do not install more than one AV program because they will conflict with each other. Only pick one. AOL Active Virus Shield (powered by Kaspersky Antivirus) BitDefender Avira PersonalEdition Classic Avast! AVG Firewalls A good firewall is the first-line of defense for your computer and will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you are unfamiliar with how a firewall works, you can read "Understanding and Using Firewalls". Here are some free firewalls available for personal use: Sygate Personal Firewall ZoneAlarm Tiny Personal Firewall Sunbelt Kerio Personal Firewall Outpost Firewall PRO Realtime Malware Prevention Tools These programs actively watch your computer for possible malware-related changes and help prevent them. You can run more than one of these at a time. Spyware Guard Spybot Search & Destroy AdAware WinPatrol - with tutorial Passive Malware Prevention Tools These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources. SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates. IE-Spyad - Extract to your desktop and double-click install.bat. Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them. You can read more about it on it's homepage. MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites. McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox. Alternative Web Browsers Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites. Firefox Opera Alternative Miscellaneous Here are some alternatives that are worth looking into if you use their features: Trillian - an Instant Messenger client that speaks multiple IM services (AIM, Yahoo!, ICQ, MSN, etc.) Miranda-IM - another Instant Messenger client with multiple IM capabilities. Desktop Weather - A taskbar weather program that is free and resource light. Please respond to this thread one more time so we can mark this thread as resolved. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

10-31-2006, 08:42 PM	#4 (permalink)
Pharod Registered User Join Date: Oct 2006 Posts: 20 OS: Windows XP	Forgot to paste the HiJackThis log file :) HiJackThis Logfile of HijackThis v1.99.1 Scan saved at 23:39, on 06-10-31 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe C:\Archivos de programa\AVG Anti-Spyware 7.5\guard.exe C:\Archivos de programa\Gizmo Project\mDNSResponder.exe C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe C:\Archivos de programa\Retrospect\retrorun.exe C:\ARCHIV~1\RETROS~1\wdsvc.exe C:\Archivos de programa\SanDisk\Sansa Updater\SansaSvr.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\TEMP\HJ16C4.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Archivos de programa\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TPSMain.exe C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\TPSBattM.exe C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe C:\Archivos de programa\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Archivos de programa\Toshiba\Toshiba Applet\thotkey.exe C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\toshiba\ivp\ism\pinger.exe C:\Archivos de programa\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Archivos de programa\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe C:\Archivos de programa\Trend Micro\OfficeScan Client\Pop3Trap.exe C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Archivos de programa\WDC\SetIcon.exe C:\Archivos de programa\Mindjet\MindManager 6\MMReminderService.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Archivos de programa\Google\Google Talk\googletalk.exe C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe C:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe C:\Archivos de programa\Skype\Phone\Skype.exe C:\Archivos de programa\Taskbar Shuffle\taskbarshuffle.exe C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Archivos de programa\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\RAMASST.exe C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE C:\Archivos de programa\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = << Bienvenidos TOSHIBA LatinoamÃ©rica >> R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = << Bienvenidos TOSHIBA LatinoamÃ©rica >> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.227.0.153:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = update.microsoft.com;windowsupdate.microsoft.com;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Archivos de programa\Mindjet\MindManager 6\Mm6InternetExplorer.dll O2 - BHO: Explorer Breadcrumbs Helper Class - {DB5FC78C-0D12-448B-A0B0-DB0F0E6B67DB} - C:\Archivos de programa\Minimalist\Explorer Breadcrumbs\BCToolbar.dll O3 - Toolbar: Explorer Breadcrumbs - {A3EB65EC-D9B4-4DC1-88AF-0C7A21EBE5F9} - C:\Archivos de programa\Minimalist\Explorer Breadcrumbs\BCToolbar.dll O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Archivos de programa\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Archivos de programa\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [Tvs] C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Archivos de programa\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Archivos de programa\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [Picasa Media Detector] C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Google Desktop Search] "C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [SetIcon] \Archivos de programa\WDC\SetIcon.exe O4 - HKLM\..\Run: [MMReminderService] C:\Archivos de programa\Mindjet\MindManager 6\MMReminderService.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [googletalk] "C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [TaskSwitchXP] C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [XPize Reloader] C:\WINDOWS\XPize\XPizeReloader.exe /S O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [updateMgr] "C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Archivos de programa\Taskbar Shuffle\taskbarshuffle.exe O4 - HKCU\..\Run: [pdfSaver3] "C:\Archivos de programa\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" O4 - Startup: Iniciador rápido de Microsoft Office OneNote 2003.lnk = C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Archivos de programa\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibalatino.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...lscbase969.cab O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://escritoriodigital/spps/Portal...ces/msddsc.cab O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...81/mcfscan.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file) O20 - AppInit_DLLs: C:\ARCHIV~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Archivos de programa\Gizmo Project\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Archivos de programa\Retrospect\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\ARCHIV~1\RETROS~1\wdsvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Archivos de programa\SanDisk\Sansa Updater\SansaSvr.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: Visual Nexus Update - Unknown owner - C:\Archivos de programa\Visual Nexus\Update\vnupdate.exe Cheers! Pharod

11-01-2006, 07:26 AM	#6 (permalink)
Pharod Registered User Join Date: Oct 2006 Posts: 20 OS: Windows XP	Hi. These are the results. Panda ActiveScan Note: when I tried to run ActiveScan in IE, the window opened and closed quickly (just like with Kaspersky). I had to access manually the address by looking at my recent History. Incident Status Location Possible Virus. Not disinfected C:\Archivos de programa\shizmoo\webgames\uninstall.exe Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alejandro\Datos de programa\Mozilla\Firefox\Profiles\sdi5j2m2.default\cookies.txt[.com.com/] Potentially unwanted tool:Application/FileProtec.A Not disinfected C:\WINDOWS\XPize\uninst.exe[wfpdisable.exe] HiJackThis Logfile of HijackThis v1.99.1 Scan saved at 10:23, on 06-11-01 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe C:\Archivos de programa\AVG Anti-Spyware 7.5\guard.exe C:\Archivos de programa\Gizmo Project\mDNSResponder.exe C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe C:\Archivos de programa\Retrospect\retrorun.exe C:\ARCHIV~1\RETROS~1\wdsvc.exe C:\Archivos de programa\SanDisk\Sansa Updater\SansaSvr.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\TEMP\HJ16C4.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Archivos de programa\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TPSMain.exe C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\TPSBattM.exe C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe C:\Archivos de programa\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Archivos de programa\Toshiba\Toshiba Applet\thotkey.exe C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\toshiba\ivp\ism\pinger.exe C:\Archivos de programa\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Archivos de programa\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Archivos de programa\WDC\SetIcon.exe C:\Archivos de programa\Mindjet\MindManager 6\MMReminderService.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Archivos de programa\Google\Google Talk\googletalk.exe C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe C:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe C:\Archivos de programa\Skype\Phone\Skype.exe C:\Archivos de programa\Taskbar Shuffle\taskbarshuffle.exe C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Archivos de programa\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\RAMASST.exe C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE C:\Archivos de programa\Trend Micro\OfficeScan Client\Pop3Trap.exe C:\Archivos de programa\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Archivos de programa\Microsoft Office\OFFICE11\WINWORD.EXE C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = << Bienvenidos TOSHIBA LatinoamÃ©rica >> R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = << Bienvenidos TOSHIBA LatinoamÃ©rica >> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.227.0.153:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = update.microsoft.com;windowsupdate.microsoft.com;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Archivos de programa\Mindjet\MindManager 6\Mm6InternetExplorer.dll O2 - BHO: Explorer Breadcrumbs Helper Class - {DB5FC78C-0D12-448B-A0B0-DB0F0E6B67DB} - C:\Archivos de programa\Minimalist\Explorer Breadcrumbs\BCToolbar.dll O3 - Toolbar: Explorer Breadcrumbs - {A3EB65EC-D9B4-4DC1-88AF-0C7A21EBE5F9} - C:\Archivos de programa\Minimalist\Explorer Breadcrumbs\BCToolbar.dll O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Archivos de programa\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Archivos de programa\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [Tvs] C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Archivos de programa\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Archivos de programa\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [Picasa Media Detector] C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Google Desktop Search] "C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [SetIcon] \Archivos de programa\WDC\SetIcon.exe O4 - HKLM\..\Run: [MMReminderService] C:\Archivos de programa\Mindjet\MindManager 6\MMReminderService.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [googletalk] "C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [TaskSwitchXP] C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [XPize Reloader] C:\WINDOWS\XPize\XPizeReloader.exe /S O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [updateMgr] "C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Archivos de programa\Taskbar Shuffle\taskbarshuffle.exe O4 - HKCU\..\Run: [pdfSaver3] "C:\Archivos de programa\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" O4 - Startup: Iniciador rápido de Microsoft Office OneNote 2003.lnk = C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Archivos de programa\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibalatino.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...lscbase969.cab O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://escritoriodigital/spps/Portal...ces/msddsc.cab O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...81/mcfscan.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file) O20 - AppInit_DLLs: C:\ARCHIV~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Archivos de programa\Gizmo Project\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\archivos de programa\archivos comunes\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Archivos de programa\Retrospect\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\ARCHIV~1\RETROS~1\wdsvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Archivos de programa\SanDisk\Sansa Updater\SansaSvr.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: Visual Nexus Update - Unknown owner - C:\Archivos de programa\Visual Nexus\Update\vnupdate.exe Thanks for all the help, Pharod

11-02-2006, 05:52 AM	#8 (permalink)
Pharod Registered User Join Date: Oct 2006 Posts: 20 OS: Windows XP	Well, as IE7 just arrived in Spanish last night, I installed it. The problem I was having is gone now. The good news is that the problem is gone. The bad news is that I wasted your time :P Thanks for all the help Deckard! Pharod

11-02-2006, 09:11 PM	#10 (permalink)
Pharod Registered User Join Date: Oct 2006 Posts: 20 OS: Windows XP	Thanks again Deckard. I'll be updating Java and other things. You can mark this as resolved. Excelent forum! :) Pharod