Pop ups not stopping [Archive] - Safer-Networking Forums

View Full Version : Pop ups not stopping

francg25

2006-01-17, 23:02

Pls. Help me with this, I've tried everything but nothings seems to work, here is my Hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 03:59:19 p.m., on 17/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
C:\Archivos de programa\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Archivos de programa\Microsoft Office Communicator\Communicator.exe
C:\Archivos de programa\Google\Google Talk\googletalk.exe
C:\Archivos de programa\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Archivos de programa\Stardock\ObjectDock\ObjectDock.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\ARCHIV~1\ARCHIV~1\PCSuite\Services\SERVIC~1.EXE
C:\ARCHIV~1\ARCHIV~1\Nokia\MPAPI\MPAPI3s.exe
C:\ARCHIV~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Archivos de programa\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\regedit.exe
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\DOCUME~1\fgomezq\CONFIG~1\Temp\Directorio temporal 2 para hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.condumex.com.mx/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.condumex.com.mx/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Prodigy Infinitum
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.254.3.213:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=
O1 - Hosts: 172.16.13.21 grupo-w9ewuosad.imcdx
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Archivos de programa\Microsoft Office Communicator\Communicator.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [PcSync] C:\Archivos de programa\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Stardock ObjectDock.lnk = C:\Archivos de programa\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: @C:\Archivos de programa\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Archivos de programa\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://conga.condumex.com.mx/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3D03AEAF-38CC-4DB5-9FA1-1C3538B1CA85} (Crystal Reports Print Control 11.0) - http://ebiz2/crystalreportviewers11/ActiveXControls/PrintControl.cab
O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://stdemo3.dfw.ibm.com/sametime/STMeetingRoomClient/STJNILoader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = condumex.com.mx
O17 - HKLM\Software\..\Telephony: DomainName = condumex.com.mx
O17 - HKLM\System\CCS\Services\Tcpip\..\{369E97B2-AB99-4BF8-B913-B258A235334E}: NameServer = 10.68.1.108,10.68.1.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AB9BA88-4564-4F41-82CB-7122665A9F08}: NameServer = 10.68.1.108,10.68.1.111
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = condumex.com.mx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = condumex.com.mx,imcdx
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = condumex.com.mx
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = condumex.com.mx,imcdx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = condumex.com.mx,imcdx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\ktl0l73m1.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Archivos de programa\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Archivos de programa\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Archivos de programa\Symantec AntiVirus\Rtvscan.exe

steamwiz

2006-01-17, 23:27

Hi

You have a VX2 infection....

Download http://www.downloads.subratam.org/l2mfix.exe by ShadowWar.

1. Save the file to your desktop

2. Double click l2mfix.exe

3. Click the Install button to extract the files and follow the prompts

4. Open the newly added l2mfix folder on your desktop

5. Double click l2mfix.bat

6. Select option #1 for Run Find Log by typing 1 and then pressing enter

7. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.

8. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

steam

francg25

2006-01-18, 02:02

Hi Steam!

First, thx for the help, as you asked me, I'm pasting the report You asked me for:

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\ktl0l73m1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C05B4FCC-1320-89BE-B3C4-0D837FF8376E}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Hoja de propiedades de archivos multimedia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Administraci¢n de esc*ner ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="P*gina de seguridad NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="P*gina de propiedades del archivo de documentos OLE"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del adaptador de pantalla"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del monitor de pantalla"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n de paneo de pantalla del Panel de control"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="P*gina de seguridad DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="P*gina de compatibilidad"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extensi¢n de copia de discos"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensiones del shell para objetos de la red de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Administraci¢n de monitor ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Administraci¢n de impresora ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensiones del shell para compresi¢n de archivos"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extensi¢n del shell de impresora en Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Men£ de contexto de cifrado"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Malet¡n"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extensi¢n de icono de HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fuentes"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Perfil de ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="P*gina de seguridad de impresoras"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n PKO cifrada"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n de firma cifrada"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Conexiones de red"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Conexiones de red"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&C*maras y esc*neres"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&C*maras y esc*neres"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&C*maras y esc*neres"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&C*maras y esc*neres"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&C*maras y esc*neres"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensiones del shell para Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="V¡nculos a datos de Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tareas programadas"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra de tareas y men£ Inicio"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Buscar"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ejecutar..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Correo electr¢nico"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fuentes"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Herramientas administrativas"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra de herramientas de Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Estado de la descarga"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Carpeta Shell aumentada"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Carpeta 2 Shell aumentada"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Banda del explorador de Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Banda de b£squeda"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="B£squeda en panel"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="B£squeda Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilidad de opciones del *rbol de Registro"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Direcci¢n"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Cuadro de la direcci¢n"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autocompletar de Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autocompleta MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Lista autocompleta MRU personalizada"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barra de progreso emergente"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autocompleta de la historia de Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autocompleta de la carpeta Shell de Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Contenedor de la Lista m£ltiple de Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Men£ de sitio de bandas Shell"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barra de escritorio Shell"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Asistencia al usuario"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Configuraci¢n de carpeta global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Servicio de Historial de las direcciones URL de Microsoft"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historial"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Hook de b£squeda de direcciones URL de Microsoft"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Pantalla de bienvenida de IE4 Suite"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Banda de Explorador"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Carpeta del cach‚ de ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Carpeta de suscripciones"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Administrador de aplicaciones de Shell"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerador de aplicaciones instaladas"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extractor de vistas en miniatura de archivos GDI+"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Controlador de la informaci¢n de resumen para vistas en miniatura (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extractor de vistas en miniatura HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Asistente para la publicaci¢n en Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Pedido de impresiones v¡a web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objeto de Asistente de publicaci¢n de shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Asistente para obtener pasaporte"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Cuentas de usuario"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Archivo de canal"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Acceso directo al canal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Objeto de control de canal"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Carpeta de archivos sin conexi¢n"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personas..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
"{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-3FB6980118CF}"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{5a61f7a0-cde1-11cf-9113-00aa00425c62}"="IIS Shell Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{518EB350-3E34-4628-AA7A-4C4F0E9A87AB}"=""
"{6974D247-3C3E-4765-9159-45B0C3B1D51E}"=""
"{AD90340A-BB06-4D32-8C74-B0E76E355802}"=""
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"="PhoneBrowser"
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AD90340A-BB06-4D32-8C74-B0E76E355802}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AD90340A-BB06-4D32-8C74-B0E76E355802}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AD90340A-BB06-4D32-8C74-B0E76E355802}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AD90340A-BB06-4D32-8C74-B0E76E355802}\InprocServer32]
@="C:\\WINDOWS\\system32\\mgvcrt20.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Wed 23 Nov 2005 6:01:52p A.... 1,022,464 998.50 K
cddbco~1.dll Wed 7 Dec 2005 11:29:18a A.... 643,072 628.00 K
cddbui~1.dll Wed 7 Dec 2005 11:30:34a A.... 770,048 752.00 K
cdfview.dll Thu 20 Oct 2005 9:41:04p A.... 151,552 148.00 K
connapi.dll Tue 29 Nov 2005 12:49:54p A.... 246,272 240.50 K
daapi.dll Mon 28 Nov 2005 9:08:32a A.... 115,712 113.00 K
danim.dll Fri 4 Nov 2005 9:17:26p A.... 1,056,256 1.00 M
dxtrans.dll Thu 20 Oct 2005 9:41:04p A.... 205,312 200.50 K
esent.dll Thu 20 Oct 2005 4:26:00p A.... 1,095,168 1.04 M
extmgr.dll Thu 20 Oct 2005 9:41:04p A.... 55,808 54.50 K
gccoll~1.dll Tue 15 Nov 2005 12:12:08p A.... 126,680 123.71 K
gcunco~1.dll Tue 15 Nov 2005 12:12:06p A.... 95,448 93.21 K
gdi32.dll Wed 28 Dec 2005 8:56:04p A.... 280,064 273.50 K
hashlib.dll Tue 15 Nov 2005 12:12:08p A.... 117,976 115.21 K
iepeers.dll Thu 20 Oct 2005 9:41:04p A.... 251,392 245.50 K
inseng.dll Thu 20 Oct 2005 9:41:06p A.... 96,768 94.50 K
ir8ql5~1.dll Mon 16 Jan 2006 11:05:00a ..S.R 235,137 229.63 K
ktl0l7~1.dll Mon 16 Jan 2006 8:23:02p ..S.R 236,288 230.75 K
lv8u09~1.dll Tue 17 Jan 2006 1:00:46p ..S.R 237,277 231.71 K
lvn209~1.dll Tue 17 Jan 2006 12:43:22p ..S.R 236,547 231.00 K
mgvcrt20.dll Tue 17 Jan 2006 1:00:46p ..S.R 236,288 230.75 K
mshtml.dll Wed 23 Nov 2005 6:01:54p A.... 3,013,632 2.87 M
mshtmled.dll Thu 20 Oct 2005 9:41:06p A.... 448,512 438.00 K
msrating.dll Thu 20 Oct 2005 9:41:08p A.... 146,432 143.00 K
mstime.dll Thu 20 Oct 2005 9:41:08p A.... 530,944 518.50 K
nclapi.dll Thu 24 Nov 2005 10:53:20a A.... 110,592 108.00 K
ncltools.dll Fri 28 Oct 2005 1:51:32p A.... 26,624 26.00 K
pngfilt.dll Thu 20 Oct 2005 9:41:08p A.... 39,424 38.50 K
shdocvw.dll Wed 30 Nov 2005 10:01:16p A.... 1,492,992 1.42 M
shlwapi.dll Thu 20 Oct 2005 9:41:08p A.... 474,112 463.00 K
srpcsr~1.dll Thu 5 Jan 2006 12:49:30a A.... 12,288 12.00 K
txfdb32.dll Thu 5 Jan 2006 12:49:30a A.... 12,288 12.00 K
urlmon.dll Fri 4 Nov 2005 9:17:30p A.... 605,184 591.00 K
wininet.dll Thu 20 Oct 2005 9:41:08p A.... 660,992 645.50 K
wnaspi32.dll Sun 20 Nov 2005 11:48:22p A.... 45,056 44.00 K

35 items found: 35 files (5 H/S), 0 directories.
Total of file sizes: 15,130,601 bytes 14.43 M
Locate .tmp files:

steamwiz

2006-01-18, 18:37

Hi

Close any programs you have open since this step requires a reboot.

1. From the l2mfix folder on your desktop, double click l2mfix.bat

2. Select option #2 for Run Fix by typing 2 and then pressing enter

3. Press any key to reboot your computer.

4. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log.

5. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

steam

francg25

2006-01-18, 19:42

Hi Steam, I´m pasting the 2 reports You asked me for!!

L2mfix 010406
Creating Account.
Se ha completado el comando correctamente.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1596 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1672 'winlogon.exe'
Killing PID 1672 'winlogon.exe'
Killing PID 1672 'winlogon.exe'
Killing PID 1672 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1532 'explorer.exe'
Killing PID 1532 'explorer.exe'
Killing PID 1532 'explorer.exe'
Killing PID 1532 'explorer.exe'
Killing PID 1532 'explorer.exe'
Killing PID 1532 'explorer.exe'
Killing PID 1532 'explorer.exe'
Killing PID 1532 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 356 'rundll32.exe'
Killing PID 356 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 archivos copiados.
1 archivos copiados.
1 archivos copiados.
1 archivos copiados.
1 archivos copiados.
1 archivos copiados.
Deleting: C:\WINDOWS\system32\csvfat.dll
Successfully Deleted: C:\WINDOWS\system32\csvfat.dll
Deleting: C:\WINDOWS\system32\fp6203joe.dll
Successfully Deleted: C:\WINDOWS\system32\fp6203joe.dll
Deleting: C:\WINDOWS\system32\ir8ql5l51.dll
Successfully Deleted: C:\WINDOWS\system32\ir8ql5l51.dll
Deleting: C:\WINDOWS\system32\lvn2095oe.dll
Successfully Deleted: C:\WINDOWS\system32\lvn2095oe.dll
Deleting: C:\WINDOWS\system32\lybmplayer.dll
Successfully Deleted: C:\WINDOWS\system32\lybmplayer.dll
Deleting: C:\WINDOWS\system32\o6pqlg7516.dll
Successfully Deleted: C:\WINDOWS\system32\o6pqlg7516.dll

msg11?.dll
0 archivos copiados.

Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Run]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\o6pqlg7516.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

The following are the files found:
****************************************************************************
C:\WINDOWS\system32\csvfat.dll
C:\WINDOWS\system32\fp6203joe.dll
C:\WINDOWS\system32\ir8ql5l51.dll
C:\WINDOWS\system32\lvn2095oe.dll
C:\WINDOWS\system32\lybmplayer.dll
C:\WINDOWS\system32\o6pqlg7516.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AD90340A-BB06-4D32-8C74-B0E76E355802}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AD90340A-BB06-4D32-8C74-B0E76E355802}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AD90340A-BB06-4D32-8C74-B0E76E355802}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AD90340A-BB06-4D32-8C74-B0E76E355802}\InprocServer32]
@="C:\\WINDOWS\\system32\\lybmplayer.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D0317ABD-30D4-45F3-B950-A6D6C372D3FA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D0317ABD-30D4-45F3-B950-A6D6C372D3FA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D0317ABD-30D4-45F3-B950-A6D6C372D3FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D0317ABD-30D4-45F3-B950-A6D6C372D3FA}\InprocServer32]
@="C:\\WINDOWS\\system32\\csvfat.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{518EB350-3E34-4628-AA7A-4C4F0E9A87AB}"=-
"{6974D247-3C3E-4765-9159-45B0C3B1D51E}"=-
"{AD90340A-BB06-4D32-8C74-B0E76E355802}"=-
"{D0317ABD-30D4-45F3-B950-A6D6C372D3FA}"=-
[-HKEY_CLASSES_ROOT\CLSID\{518EB350-3E34-4628-AA7A-4C4F0E9A87AB}]
[-HKEY_CLASSES_ROOT\CLSID\{6974D247-3C3E-4765-9159-45B0C3B1D51E}]
[-HKEY_CLASSES_ROOT\CLSID\{AD90340A-BB06-4D32-8C74-B0E76E355802}]
[-HKEY_CLASSES_ROOT\CLSID\{D0317ABD-30D4-45F3-B950-A6D6C372D3FA}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/csvfat.dll (164 bytes security) (deflated 5%)
adding: dlls/fp6203joe.dll (164 bytes security) (deflated 6%)
adding: dlls/ir8ql5l51.dll (164 bytes security) (deflated 5%)
adding: dlls/lvn2095oe.dll (164 bytes security) (deflated 5%)
adding: dlls/lybmplayer.dll (164 bytes security) (deflated 6%)
adding: dlls/o6pqlg7516.dll (164 bytes security) (deflated 5%)
adding: backregs/AD90340A-BB06-4D32-8C74-B0E76E355802.reg (212 bytes security) (deflated 70%)
adding: backregs/D0317ABD-30D4-45F3-B950-A6D6C372D3FA.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 62%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

francg25

2006-01-18, 19:43

Logfile of HijackThis v1.99.1
Scan saved at 12:39:52 p.m., on 18/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
C:\Archivos de programa\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Symantec AntiVirus\Rtvscan.exe
C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Archivos de programa\Microsoft Office Communicator\Communicator.exe
C:\Archivos de programa\Google\Google Talk\googletalk.exe
C:\Archivos de programa\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\ARCHIV~1\ARCHIV~1\PCSuite\Services\SERVIC~1.EXE
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Archivos de programa\Stardock\ObjectDock\ObjectDock.exe
C:\ARCHIV~1\ARCHIV~1\Nokia\MPAPI\MPAPI3s.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\DOCUME~1\fgomezq\CONFIG~1\Temp\Directorio temporal 3 para hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.condumex.com.mx/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.condumex.com.mx/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Prodigy Infinitum
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.254.3.213:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=
O1 - Hosts: 172.16.13.21 grupo-w9ewuosad.imcdx
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Archivos de programa\Microsoft Office Communicator\Communicator.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [PcSync] C:\Archivos de programa\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Stardock ObjectDock.lnk = C:\Archivos de programa\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: @C:\Archivos de programa\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Archivos de programa\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://conga.condumex.com.mx/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3D03AEAF-38CC-4DB5-9FA1-1C3538B1CA85} (Crystal Reports Print Control 11.0) - http://ebiz2/crystalreportviewers11/ActiveXControls/PrintControl.cab
O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://stdemo3.dfw.ibm.com/sametime/STMeetingRoomClient/STJNILoader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = condumex.com.mx
O17 - HKLM\Software\..\Telephony: DomainName = condumex.com.mx
O17 - HKLM\System\CCS\Services\Tcpip\..\{369E97B2-AB99-4BF8-B913-B258A235334E}: NameServer = 10.68.1.108,10.68.1.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AB9BA88-4564-4F41-82CB-7122665A9F08}: NameServer = 10.68.1.108,10.68.1.111
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = condumex.com.mx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = condumex.com.mx,imcdx
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = condumex.com.mx
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = condumex.com.mx,imcdx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = condumex.com.mx,imcdx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\o6pqlg7516.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Archivos de programa\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Archivos de programa\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Archivos de programa\Symantec AntiVirus\Rtvscan.exe

steamwiz

2006-01-18, 23:45

Hi

Looking good

Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

O20 - Winlogon Notify: Run - C:\WINDOWS\system32\o6pqlg7516.dll (file missing)

Do you know what this redirect in your hosts file is for ?

I can't find anything specifically good or bad about it... is it related to your proxy server ?

O1 - Hosts: 172.16.13.21 grupo-w9ewuosad.imcdx

--
Please do this :-

1. Download the zip file here :-

http://www.help2go.com/index2.php?option=com_forum&Itemid=32&page=download&id=673

2. Save it to your desktop...

3. Unzip the file to reveal a reg file...

4. Close Internet explorer and all open windows...

5. double click the reg file and say yes to merge with the registry...

6. reboot and post a new hijackthis log

cheers

steam

francg25

2006-01-19, 00:32

Hi Steam!!

Well the entry in the hosts files is indeed a entry to a live communication server here at my office, jejeje nothing worng with that line!

I'm pasting you the Hijackthis log

Greetings!!

Logfile of HijackThis v1.99.1
Scan saved at 05:28:08 p.m., on 18/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
C:\Archivos de programa\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Archivos de programa\Microsoft Office Communicator\Communicator.exe
C:\Archivos de programa\Google\Google Talk\googletalk.exe
C:\Archivos de programa\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\ARCHIV~1\ARCHIV~1\Nokia\MPAPI\MPAPI3s.exe
C:\ARCHIV~1\ARCHIV~1\PCSuite\Services\SERVIC~1.EXE
C:\Archivos de programa\Stardock\ObjectDock\ObjectDock.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\fgomezq\CONFIG~1\Temp\Directorio temporal 4 para hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.condumex.com.mx/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.condumex.com.mx/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Prodigy Infinitum
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.254.3.213:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=
O1 - Hosts: 172.16.13.21 grupo-w9ewuosad.imcdx
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Archivos de programa\Microsoft Office Communicator\Communicator.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [PcSync] C:\Archivos de programa\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Stardock ObjectDock.lnk = C:\Archivos de programa\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: @C:\Archivos de programa\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Archivos de programa\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://conga.condumex.com.mx/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3D03AEAF-38CC-4DB5-9FA1-1C3538B1CA85} (Crystal Reports Print Control 11.0) - http://ebiz2/crystalreportviewers11/ActiveXControls/PrintControl.cab
O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://stdemo3.dfw.ibm.com/sametime/STMeetingRoomClient/STJNILoader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = condumex.com.mx
O17 - HKLM\Software\..\Telephony: DomainName = condumex.com.mx
O17 - HKLM\System\CCS\Services\Tcpip\..\{369E97B2-AB99-4BF8-B913-B258A235334E}: NameServer = 10.68.1.108,10.68.1.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AB9BA88-4564-4F41-82CB-7122665A9F08}: NameServer = 10.68.1.108,10.68.1.111
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = condumex.com.mx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = condumex.com.mx,imcdx
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = condumex.com.mx
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = condumex.com.mx,imcdx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = condumex.com.mx,imcdx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Archivos de programa\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Archivos de programa\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Archivos de programa\Symantec AntiVirus\Rtvscan.exe

steamwiz

2006-01-19, 23:38

Hi

Your log's clean now :bigthumb:

is your problem resolved ?

steam

francg25

2006-01-20, 02:26

Yeah Steam!!

Thx a lot for your help, You´re the man!!! or like we would say here at Mexico "eres un chingon"

steamwiz

2006-01-20, 19:50

Hi

You're very welcome :bigthumb:

happy surfing

steam

tashi

2006-01-24, 21:04

As the problem appears to be resolved this topic will be archived.
If you need it re-opened please pm me.

Glad we could help. :) Thank you steam.