Veamos si me podeis echar una mano con mi problema
El ordenador un P3 con 256 MB cada vez actuaba mas lentamente y se colgaba frecuentemente. Tenia solo instalado el antivirus AVAST. Se me ocurrio la mala idea de desconectarle - afin de si era el responsable de tanta lentitud- y entonces si que se organizo el desbarajuste padre.
Reinstale el W/ XP y pase varios antivirus -Kaspersky y Avast- y varios antispys que detectaron centenares de bichos. El Spyware Doctor me detecta 6 infecciones que no es capaz de eliminar. Antes funcionaba con Netscape 7.2 pero actualmente es imposible ya que solo me da paginas en blanco. En cambio el Explorer me permite conexion a Internet. Ultimamente tengo instalados el Kaspersky Suite y el Spyware Doctor. De vez en cuando y en varias ocasiones Kaspersky me da el mensaje que detecta un ataque Helkem¡ Espero vuestra ayuda¡¡




Logfile of HijackThis v1.99.1
Scan saved at 18:32:06, on 25/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest. ExE
C:\Archivos de programa\Spyware Doctor\swdoctor.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
C:\Archivos de programa\AutoCAD R14\acad.exe
C:\Archivos de programa\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\ARCHIV~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest. ExE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Archivos de programa\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Archivos de programa\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\enj6l11s1.dll
O23 - Service: kavsvc - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe

Hola fnm, te doy la bienvenida al Foro de InfoSpyware.

El Kaspersky es uno de los mejores Antivirus, pero el tema que tambien es el que mas recursos consume, yo te recomendaria probar con otro mas liviano.

De todos modos vamos a ver si podemos desinfectar tu equipo:

Descarga la herramienta L2mfix

Guarda el archivo en el escritorio y hacele doble click en l2mfix.exe. Hace click en el botón Install para extraer los archivos y seguí las indicaciones. A continuación abrí la carpeta l2mfix que acaba de crearse en tu escritorio. Hacele doble click en l2mfix.bat y elegí la opción número 1 para ejecutar "Run Find Log" (Crear informe de búsqueda) pulsando 1 y >Enter. A continuación se realizará un análisis de tu sistema aunque puede parecer que no está sucediendo nada.

Sin reiniciar ejecuta HijackThis y dale FIX a esta entrada:

O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\enj6l11s1.dll



Después cerrar cualquier programa que tengas abierto ya que después de realizar estos pasos se va a reiniciar el sistema.

En la carpeta de l2mfix de tu escritorio hacele doble click en l2mfix.bat y selecciona la opción numero 2 (Run Fix) y dale Enter y luego cualquier tecla para que se reinicie el sistema.

Después que reinicie el Pc puede que los iconos y parte del escritorio no se vean (esto es normal). L2mfix continuará explorando el sistema y cuando termine se abre nuevamente el Notepad con un nuevo registro el cual tenes que pegarlo en este mensaje.

Reinicia y contanos como esta funcionado todo ahora.

SAlu2

Transmito el log.txt que me ha dado el l2mfix
Al final del mensaje me indicaba reparar el archivo perdido 020 que no he hecho. Gracias por tu ayuda¡¡
L2mfix 010406
Creating Account.
Se ha completado el comando correctamente.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 440 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 528 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1540 'explorer.exe'
Killing PID 1540 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1068 'rundll32.exe'
Restoring Sedebugprivilege:

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Deleting: C:\WINDOWS\system32\abtodisc.dll
Successfully Deleted: C:\WINDOWS\system32\abtodisc.dll
Deleting: C:\WINDOWS\system32\afivvaxx.dll
Successfully Deleted: C:\WINDOWS\system32\afivvaxx.dll
Deleting: C:\WINDOWS\system32\afpmgr.dll
Successfully Deleted: C:\WINDOWS\system32\afpmgr.dll
Deleting: C:\WINDOWS\system32\ahsnw.dll
Successfully Deleted: C:\WINDOWS\system32\ahsnw.dll
Deleting: C:\WINDOWS\system32\aksmsext.dll
Successfully Deleted: C:\WINDOWS\system32\aksmsext.dll
Deleting: C:\WINDOWS\system32\arivtmxx.dll
Successfully Deleted: C:\WINDOWS\system32\arivtmxx.dll
Deleting: C:\WINDOWS\system32\bfowser.dll
Successfully Deleted: C:\WINDOWS\system32\bfowser.dll
Deleting: C:\WINDOWS\system32\bnowsewm.dll
Successfully Deleted: C:\WINDOWS\system32\bnowsewm.dll
Deleting: C:\WINDOWS\system32\bqpanui.dll
Successfully Deleted: C:\WINDOWS\system32\bqpanui.dll
Deleting: C:\WINDOWS\system32\cfb.dll
Successfully Deleted: C:\WINDOWS\system32\cfb.dll
Deleting: C:\WINDOWS\system32\ckb.dll
Successfully Deleted: C:\WINDOWS\system32\ckb.dll
Deleting: C:\WINDOWS\system32\clcdll.dll
Successfully Deleted: C:\WINDOWS\system32\clcdll.dll
Deleting: C:\WINDOWS\system32\cnutil.dll
Successfully Deleted: C:\WINDOWS\system32\cnutil.dll
Deleting: C:\WINDOWS\system32\ctutil.dll
Successfully Deleted: C:\WINDOWS\system32\ctutil.dll
Deleting: C:\WINDOWS\system32\cwprops.dll
Successfully Deleted: C:\WINDOWS\system32\cwprops.dll
Deleting: C:\WINDOWS\system32\cXbview.dll
Successfully Deleted: C:\WINDOWS\system32\cXbview.dll
Deleting: C:\WINDOWS\system32\cxrpol.dll
Successfully Deleted: C:\WINDOWS\system32\cxrpol.dll
Deleting: C:\WINDOWS\system32\d00m0ad1ed0.dll
Successfully Deleted: C:\WINDOWS\system32\d00m0ad1ed0.dll
Deleting: C:\WINDOWS\system32\ddactfrm.dll
Successfully Deleted: C:\WINDOWS\system32\ddactfrm.dll
Deleting: C:\WINDOWS\system32\de6001jme.dll
Successfully Deleted: C:\WINDOWS\system32\de6001jme.dll
Deleting: C:\WINDOWS\system32\dfmsrpcn.dll
Successfully Deleted: C:\WINDOWS\system32\dfmsrpcn.dll
Deleting: C:\WINDOWS\system32\dfscript.dll
Successfully Deleted: C:\WINDOWS\system32\dfscript.dll
Deleting: C:\WINDOWS\system32\dikquota.dll
Successfully Deleted: C:\WINDOWS\system32\dikquota.dll
Deleting: C:\WINDOWS\system32\djnmodem.dll
Successfully Deleted: C:\WINDOWS\system32\djnmodem.dll
Deleting: C:\WINDOWS\system32\dn6001jme.dll
Successfully Deleted: C:\WINDOWS\system32\dn6001jme.dll
Deleting: C:\WINDOWS\system32\docompos.dll
Successfully Deleted: C:\WINDOWS\system32\docompos.dll
Deleting: C:\WINDOWS\system32\dukquota.dll
Successfully Deleted: C:\WINDOWS\system32\dukquota.dll
Deleting: C:\WINDOWS\system32\dwnetlib.dll
Successfully Deleted: C:\WINDOWS\system32\dwnetlib.dll
Deleting: C:\WINDOWS\system32\dwnwsock.dll
Successfully Deleted: C:\WINDOWS\system32\dwnwsock.dll
Deleting: C:\WINDOWS\system32\en08l1du1.dll
Successfully Deleted: C:\WINDOWS\system32\en08l1du1.dll
Deleting: C:\WINDOWS\system32\en44l1hq1.dll
Successfully Deleted: C:\WINDOWS\system32\en44l1hq1.dll
Deleting: C:\WINDOWS\system32\en4ql1h51.dll
Successfully Deleted: C:\WINDOWS\system32\en4ql1h51.dll
Deleting: C:\WINDOWS\system32\en6ol1j31.dll
Successfully Deleted: C:\WINDOWS\system32\en6ol1j31.dll
Deleting: C:\WINDOWS\system32\enl6l13s1.dll
Successfully Deleted: C:\WINDOWS\system32\enl6l13s1.dll
Deleting: C:\WINDOWS\system32\enpml1711.dll
Successfully Deleted: C:\WINDOWS\system32\enpml1711.dll
Deleting: C:\WINDOWS\system32\fopsapi2.dll
Successfully Deleted: C:\WINDOWS\system32\fopsapi2.dll
Deleting: C:\WINDOWS\system32\fpr2039oe.dll
Successfully Deleted: C:\WINDOWS\system32\fpr2039oe.dll
Deleting: C:\WINDOWS\system32\h6j4lg1q16.dll
Successfully Deleted: C:\WINDOWS\system32\h6j4lg1q16.dll
Deleting: C:\WINDOWS\system32\had.dll
Successfully Deleted: C:\WINDOWS\system32\had.dll
Deleting: C:\WINDOWS\system32\hL23msp.dll
Successfully Deleted: C:\WINDOWS\system32\hL23msp.dll
Deleting: C:\WINDOWS\system32\hmgt53tk.dll
Successfully Deleted: C:\WINDOWS\system32\hmgt53tk.dll
Deleting: C:\WINDOWS\system32\hr2m05f1e.dll
Successfully Deleted: C:\WINDOWS\system32\hr2m05f1e.dll
Deleting: C:\WINDOWS\system32\hr6805jue.dll
Successfully Deleted: C:\WINDOWS\system32\hr6805jue.dll
Deleting: C:\WINDOWS\system32\hrn2055oe.dll
Successfully Deleted: C:\WINDOWS\system32\hrn2055oe.dll
Deleting: C:\WINDOWS\system32\hrnq0555e.dll
Successfully Deleted: C:\WINDOWS\system32\hrnq0555e.dll
Deleting: C:\WINDOWS\system32\hvcoin.dll
Successfully Deleted: C:\WINDOWS\system32\hvcoin.dll
Deleting: C:\WINDOWS\system32\i2240cfqef2e0.dll
Successfully Deleted: C:\WINDOWS\system32\i2240cfqef2e0.dll
Deleting: C:\WINDOWS\system32\ifetmib1.dll
Successfully Deleted: C:\WINDOWS\system32\ifetmib1.dll
Deleting: C:\WINDOWS\system32\ijsrstap.dll
Successfully Deleted: C:\WINDOWS\system32\ijsrstap.dll
Deleting: C:\WINDOWS\system32\iLshlpr.dll
Successfully Deleted: C:\WINDOWS\system32\iLshlpr.dll
Deleting: C:\WINDOWS\system32\imetcplc.dll
Successfully Deleted: C:\WINDOWS\system32\imetcplc.dll
Deleting: C:\WINDOWS\system32\ioagehlp.dll
Successfully Deleted: C:\WINDOWS\system32\ioagehlp.dll
Deleting: C:\WINDOWS\system32\ir80l5lm1.dll
Successfully Deleted: C:\WINDOWS\system32\ir80l5lm1.dll
Deleting: C:\WINDOWS\system32\irjml5111.dll
Successfully Deleted: C:\WINDOWS\system32\irjml5111.dll
Deleting: C:\WINDOWS\system32\irrml5911.dll
Successfully Deleted: C:\WINDOWS\system32\irrml5911.dll
Deleting: C:\WINDOWS\system32\iXsads.dll
Successfully Deleted: C:\WINDOWS\system32\iXsads.dll
Deleting: C:\WINDOWS\system32\jtp6077se.dll
Successfully Deleted: C:\WINDOWS\system32\jtp6077se.dll
Deleting: C:\WINDOWS\system32\kmdsf.dll
Successfully Deleted: C:\WINDOWS\system32\kmdsf.dll
Deleting: C:\WINDOWS\system32\kqdhe.dll
Successfully Deleted: C:\WINDOWS\system32\kqdhe.dll
Deleting: C:\WINDOWS\system32\ktr2l79o1.dll
Successfully Deleted: C:\WINDOWS\system32\ktr2l79o1.dll
Deleting: C:\WINDOWS\system32\kxdmon.dll
Successfully Deleted: C:\WINDOWS\system32\kxdmon.dll
Deleting: C:\WINDOWS\system32\kzdmon.dll
Successfully Deleted: C:\WINDOWS\system32\kzdmon.dll
Deleting: C:\WINDOWS\system32\l08mlal11dq.dll
Successfully Deleted: C:\WINDOWS\system32\l08mlal11dq.dll
Deleting: C:\WINDOWS\system32\l28mlcl11fq.dll
Successfully Deleted: C:\WINDOWS\system32\l28mlcl11fq.dll
Deleting: C:\WINDOWS\system32\l42slef71h2.dll
Successfully Deleted: C:\WINDOWS\system32\l42slef71h2.dll
Deleting: C:\WINDOWS\system32\l6j8lg1u16.dll
Successfully Deleted: C:\WINDOWS\system32\l6j8lg1u16.dll
Deleting: C:\WINDOWS\system32\lcfax70n.dll
Successfully Deleted: C:\WINDOWS\system32\lcfax70n.dll
Deleting: C:\WINDOWS\system32\lcrt.dll
Successfully Deleted: C:\WINDOWS\system32\lcrt.dll
Deleting: C:\WINDOWS\system32\lN8mlcl11fq.dll
Successfully Deleted: C:\WINDOWS\system32\lN8mlcl11fq.dll
Deleting: C:\WINDOWS\system32\lt0027dmg.dll
Successfully Deleted: C:\WINDOWS\system32\lt0027dmg.dll
Deleting: C:\WINDOWS\system32\lv0m09d1e.dll
Successfully Deleted: C:\WINDOWS\system32\lv0m09d1e.dll
Deleting: C:\WINDOWS\system32\lv8m09l1e.dll
Successfully Deleted: C:\WINDOWS\system32\lv8m09l1e.dll
Deleting: C:\WINDOWS\system32\lvj2091oe.dll
Successfully Deleted: C:\WINDOWS\system32\lvj2091oe.dll
Deleting: C:\WINDOWS\system32\lvl0093me.dll
Successfully Deleted: C:\WINDOWS\system32\lvl0093me.dll
Deleting: C:\WINDOWS\system32\lvnu0959e.dll
Successfully Deleted: C:\WINDOWS\system32\lvnu0959e.dll
Deleting: C:\WINDOWS\system32\lvp8097ue.dll
Successfully Deleted: C:\WINDOWS\system32\lvp8097ue.dll
Deleting: C:\WINDOWS\system32\lvpq0975e.dll
Successfully Deleted: C:\WINDOWS\system32\lvpq0975e.dll
Deleting: C:\WINDOWS\system32\m0nqla551d.dll
Successfully Deleted: C:\WINDOWS\system32\m0nqla551d.dll
Deleting: C:\WINDOWS\system32\m0pola731d.dll
Successfully Deleted: C:\WINDOWS\system32\m0pola731d.dll
Deleting: C:\WINDOWS\system32\mac71.dll
Successfully Deleted: C:\WINDOWS\system32\mac71.dll
Deleting: C:\WINDOWS\system32\mavbvm60.dll
Successfully Deleted: C:\WINDOWS\system32\mavbvm60.dll
Deleting: C:\WINDOWS\system32\mesnap.dll
Successfully Deleted: C:\WINDOWS\system32\mesnap.dll
Deleting: C:\WINDOWS\system32\MEWMDM.dll
Successfully Deleted: C:\WINDOWS\system32\MEWMDM.dll
Deleting: C:\WINDOWS\system32\MGREPL35.DLL
Successfully Deleted: C:\WINDOWS\system32\MGREPL35.DLL
Deleting: C:\WINDOWS\system32\mjvcrt20.dll
Successfully Deleted: C:\WINDOWS\system32\mjvcrt20.dll
Deleting: C:\WINDOWS\system32\mnaudite.dll
Successfully Deleted: C:\WINDOWS\system32\mnaudite.dll
Deleting: C:\WINDOWS\system32\mnrmsg.dll
Successfully Deleted: C:\WINDOWS\system32\mnrmsg.dll
Deleting: C:\WINDOWS\system32\mnxdm.dll
Successfully Deleted: C:\WINDOWS\system32\mnxdm.dll
Deleting: C:\WINDOWS\system32\mptlsapi.dll
Successfully Deleted: C:\WINDOWS\system32\mptlsapi.dll
Deleting: C:\WINDOWS\system32\myimg32.dll
Successfully Deleted: C:\WINDOWS\system32\myimg32.dll
Deleting: C:\WINDOWS\system32\mysnap.dll
Successfully Deleted: C:\WINDOWS\system32\mysnap.dll
Deleting: C:\WINDOWS\system32\mzoert2.dll
Successfully Deleted: C:\WINDOWS\system32\mzoert2.dll
Deleting: C:\WINDOWS\system32\mztvgs.dll
Successfully Deleted: C:\WINDOWS\system32\mztvgs.dll
Deleting: C:\WINDOWS\system32\n6l8lg3u16.dll
Successfully Deleted: C:\WINDOWS\system32\n6l8lg3u16.dll
Deleting: C:\WINDOWS\system32\noth.dll
Successfully Deleted: C:\WINDOWS\system32\noth.dll
Deleting: C:\WINDOWS\system32\nrth.dll
Successfully Deleted: C:\WINDOWS\system32\nrth.dll
Deleting: C:\WINDOWS\system32\nyth.dll
Successfully Deleted: C:\WINDOWS\system32\nyth.dll
Deleting: C:\WINDOWS\system32\o2840clqefqe0.dll
Successfully Deleted: C:\WINDOWS\system32\o2840clqefqe0.dll
Deleting: C:\WINDOWS\system32\o4pq0e75eh.dll
Successfully Deleted: C:\WINDOWS\system32\o4pq0e75eh.dll
Deleting: C:\WINDOWS\system32\obbc32.dll
Successfully Deleted: C:\WINDOWS\system32\obbc32.dll
Deleting: C:\WINDOWS\system32\ofeprn.dll
Successfully Deleted: C:\WINDOWS\system32\ofeprn.dll
Deleting: C:\WINDOWS\system32\pbtorsvc.dll
Successfully Deleted: C:\WINDOWS\system32\pbtorsvc.dll
Deleting: C:\WINDOWS\system32\phrfdisk.dll
Successfully Deleted: C:\WINDOWS\system32\phrfdisk.dll
Deleting: C:\WINDOWS\system32\piustab.dll
Successfully Deleted: C:\WINDOWS\system32\piustab.dll
Deleting: C:\WINDOWS\system32\q8ps0i77e8.dll
Successfully Deleted: C:\WINDOWS\system32\q8ps0i77e8.dll
Deleting: C:\WINDOWS\system32\satupdll.dll
Successfully Deleted: C:\WINDOWS\system32\satupdll.dll
Deleting: C:\WINDOWS\system32\sdrmdll.dll
Successfully Deleted: C:\WINDOWS\system32\sdrmdll.dll
Deleting: C:\WINDOWS\system32\sFmsrv.dll
Successfully Deleted: C:\WINDOWS\system32\sFmsrv.dll
Deleting: C:\WINDOWS\system32\sqs.dll
Successfully Deleted: C:\WINDOWS\system32\sqs.dll
Deleting: C:\WINDOWS\system32\sroes.dll
Successfully Deleted: C:\WINDOWS\system32\sroes.dll
Deleting: C:\WINDOWS\system32\uhlmon.dll
Successfully Deleted: C:\WINDOWS\system32\uhlmon.dll
Deleting: C:\WINDOWS\system32\wcdmtpdr.dll
Successfully Deleted: C:\WINDOWS\system32\wcdmtpdr.dll
Deleting: C:\WINDOWS\system32\wjsapi32.dll
Successfully Deleted: C:\WINDOWS\system32\wjsapi32.dll
Deleting: C:\WINDOWS\system32\wkvadvd.dll
Successfully Deleted: C:\WINDOWS\system32\wkvadvd.dll
Deleting: C:\WINDOWS\system32\wpploc.dll
Successfully Deleted: C:\WINDOWS\system32\wpploc.dll
Deleting: C:\WINDOWS\system32\wwhnetbs.dll
Successfully Deleted: C:\WINDOWS\system32\wwhnetbs.dll
Deleting: C:\WINDOWS\system32\wzbcheck.dll
Successfully Deleted: C:\WINDOWS\system32\wzbcheck.dll
Deleting: C:\WINDOWS\system32\xSctsrv.dll
Successfully Deleted: C:\WINDOWS\system32\xSctsrv.dll
Deleting: C:\WINDOWS\system32\zubw.dll
Successfully Deleted: C:\WINDOWS\system32\zubw.dll

msg11?.dll
0 archivos copiados.
Desktop.ini sucessfully removed




Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
************************************************** **************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33, 00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e, 00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\lvl0093me.dl l"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEven t"
"Logoff"="UnregisterTicketExpiredNotificationEvent "
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
************************************************** **************************
C:\WINDOWS\system32\abtodisc.dll
C:\WINDOWS\system32\afivvaxx.dll
C:\WINDOWS\system32\afpmgr.dll
C:\WINDOWS\system32\ahsnw.dll
C:\WINDOWS\system32\aksmsext.dll
C:\WINDOWS\system32\arivtmxx.dll
C:\WINDOWS\system32\bfowser.dll
C:\WINDOWS\system32\bnowsewm.dll
C:\WINDOWS\system32\bqpanui.dll
C:\WINDOWS\system32\cfb.dll
C:\WINDOWS\system32\ckb.dll
C:\WINDOWS\system32\clcdll.dll
C:\WINDOWS\system32\cnutil.dll
C:\WINDOWS\system32\ctutil.dll
C:\WINDOWS\system32\cwprops.dll
C:\WINDOWS\system32\cXbview.dll
C:\WINDOWS\system32\cxrpol.dll
C:\WINDOWS\system32\d00m0ad1ed0.dll
C:\WINDOWS\system32\ddactfrm.dll
C:\WINDOWS\system32\de6001jme.dll
C:\WINDOWS\system32\dfmsrpcn.dll
C:\WINDOWS\system32\dfscript.dll
C:\WINDOWS\system32\dikquota.dll
C:\WINDOWS\system32\djnmodem.dll
C:\WINDOWS\system32\dn6001jme.dll
C:\WINDOWS\system32\docompos.dll
C:\WINDOWS\system32\dukquota.dll
C:\WINDOWS\system32\dwnetlib.dll
C:\WINDOWS\system32\dwnwsock.dll
C:\WINDOWS\system32\en08l1du1.dll
C:\WINDOWS\system32\en44l1hq1.dll
C:\WINDOWS\system32\en4ql1h51.dll
C:\WINDOWS\system32\en6ol1j31.dll
C:\WINDOWS\system32\enl6l13s1.dll
C:\WINDOWS\system32\enpml1711.dll
C:\WINDOWS\system32\fopsapi2.dll
C:\WINDOWS\system32\fpr2039oe.dll
C:\WINDOWS\system32\h6j4lg1q16.dll
C:\WINDOWS\system32\had.dll
C:\WINDOWS\system32\hL23msp.dll
C:\WINDOWS\system32\hmgt53tk.dll
C:\WINDOWS\system32\hr2m05f1e.dll
C:\WINDOWS\system32\hr6805jue.dll
C:\WINDOWS\system32\hrn2055oe.dll
C:\WINDOWS\system32\hrnq0555e.dll
C:\WINDOWS\system32\hvcoin.dll
C:\WINDOWS\system32\i2240cfqef2e0.dll
C:\WINDOWS\system32\ifetmib1.dll
C:\WINDOWS\system32\ijsrstap.dll
C:\WINDOWS\system32\iLshlpr.dll
C:\WINDOWS\system32\imetcplc.dll
C:\WINDOWS\system32\ioagehlp.dll
C:\WINDOWS\system32\ir80l5lm1.dll
C:\WINDOWS\system32\irjml5111.dll
C:\WINDOWS\system32\irrml5911.dll
C:\WINDOWS\system32\iXsads.dll
C:\WINDOWS\system32\jtp6077se.dll
C:\WINDOWS\system32\kmdsf.dll
C:\WINDOWS\system32\kqdhe.dll
C:\WINDOWS\system32\ktr2l79o1.dll
C:\WINDOWS\system32\kxdmon.dll
C:\WINDOWS\system32\kzdmon.dll
C:\WINDOWS\system32\l08mlal11dq.dll
C:\WINDOWS\system32\l28mlcl11fq.dll
C:\WINDOWS\system32\l42slef71h2.dll
C:\WINDOWS\system32\l6j8lg1u16.dll
C:\WINDOWS\system32\lcfax70n.dll
C:\WINDOWS\system32\lcrt.dll
C:\WINDOWS\system32\lN8mlcl11fq.dll
C:\WINDOWS\system32\lt0027dmg.dll
C:\WINDOWS\system32\lv0m09d1e.dll
C:\WINDOWS\system32\lv8m09l1e.dll
C:\WINDOWS\system32\lvj2091oe.dll
C:\WINDOWS\system32\lvl0093me.dll
C:\WINDOWS\system32\lvnu0959e.dll
C:\WINDOWS\system32\lvp8097ue.dll
C:\WINDOWS\system32\lvpq0975e.dll
C:\WINDOWS\system32\m0nqla551d.dll
C:\WINDOWS\system32\m0pola731d.dll
C:\WINDOWS\system32\mac71.dll
C:\WINDOWS\system32\mavbvm60.dll
C:\WINDOWS\system32\mesnap.dll
C:\WINDOWS\system32\MEWMDM.dll
C:\WINDOWS\system32\MGREPL35.DLL
C:\WINDOWS\system32\mjvcrt20.dll
C:\WINDOWS\system32\mnaudite.dll
C:\WINDOWS\system32\mnrmsg.dll
C:\WINDOWS\system32\mnxdm.dll
C:\WINDOWS\system32\mptlsapi.dll
C:\WINDOWS\system32\myimg32.dll
C:\WINDOWS\system32\mysnap.dll
C:\WINDOWS\system32\mzoert2.dll
C:\WINDOWS\system32\mztvgs.dll
C:\WINDOWS\system32\n6l8lg3u16.dll
C:\WINDOWS\system32\noth.dll
C:\WINDOWS\system32\nrth.dll
C:\WINDOWS\system32\nyth.dll
C:\WINDOWS\system32\o2840clqefqe0.dll
C:\WINDOWS\system32\o4pq0e75eh.dll
C:\WINDOWS\system32\obbc32.dll
C:\WINDOWS\system32\ofeprn.dll
C:\WINDOWS\system32\pbtorsvc.dll
C:\WINDOWS\system32\phrfdisk.dll
C:\WINDOWS\system32\piustab.dll
C:\WINDOWS\system32\q8ps0i77e8.dll
C:\WINDOWS\system32\satupdll.dll
C:\WINDOWS\system32\sdrmdll.dll
C:\WINDOWS\system32\sFmsrv.dll
C:\WINDOWS\system32\sqs.dll
C:\WINDOWS\system32\sroes.dll
C:\WINDOWS\system32\uhlmon.dll
C:\WINDOWS\system32\wcdmtpdr.dll
C:\WINDOWS\system32\wjsapi32.dll
C:\WINDOWS\system32\wkvadvd.dll
C:\WINDOWS\system32\wpploc.dll
C:\WINDOWS\system32\wwhnetbs.dll
C:\WINDOWS\system32\wzbcheck.dll
C:\WINDOWS\system32\xSctsrv.dll
C:\WINDOWS\system32\zubw.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
************************************************** **************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{533695F0-F6F6-4907-B86D-F610F0A16AED}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{533695F0-F6F6-4907-B86D-F610F0A16AED}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{533695F0-F6F6-4907-B86D-F610F0A16AED}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{533695F0-F6F6-4907-B86D-F610F0A16AED}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4F966C1A-B1A7-4475-8784-D492E63FCB14}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F966C1A-B1A7-4475-8784-D492E63FCB14}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F966C1A-B1A7-4475-8784-D492E63FCB14}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F966C1A-B1A7-4475-8784-D492E63FCB14}\InprocServer32]
@="C:\\WINDOWS\\system32\\afivvaxx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E7F72A3E-7EC9-4653-9366-CEDCA942C5DC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E7F72A3E-7EC9-4653-9366-CEDCA942C5DC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E7F72A3E-7EC9-4653-9366-CEDCA942C5DC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E7F72A3E-7EC9-4653-9366-CEDCA942C5DC}\InprocServer32]
@="C:\\WINDOWS\\system32\\abtodisc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2503EA54-EBE6-4C7D-ABD7-EF4EFD9052A1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2503EA54-EBE6-4C7D-ABD7-EF4EFD9052A1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2503EA54-EBE6-4C7D-ABD7-EF4EFD9052A1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2503EA54-EBE6-4C7D-ABD7-EF4EFD9052A1}\InprocServer32]
@="C:\\WINDOWS\\system32\\ctutil.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5EAAB41B-246B-4963-AD05-C484025BBEFE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5EAAB41B-246B-4963-AD05-C484025BBEFE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5EAAB41B-246B-4963-AD05-C484025BBEFE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5EAAB41B-246B-4963-AD05-C484025BBEFE}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2B131403-A3E1-4CE1-A683-8E26CF786B37}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B131403-A3E1-4CE1-A683-8E26CF786B37}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B131403-A3E1-4CE1-A683-8E26CF786B37}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B131403-A3E1-4CE1-A683-8E26CF786B37}\InprocServer32]
@="C:\\WINDOWS\\system32\\ddactfrm.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]
"{533695F0-F6F6-4907-B86D-F610F0A16AED}"=-
"{4F966C1A-B1A7-4475-8784-D492E63FCB14}"=-
"{E7F72A3E-7EC9-4653-9366-CEDCA942C5DC}"=-
"{2503EA54-EBE6-4C7D-ABD7-EF4EFD9052A1}"=-
"{5EAAB41B-246B-4963-AD05-C484025BBEFE}"=-
"{2B131403-A3E1-4CE1-A683-8E26CF786B37}"=-
[-HKEY_CLASSES_ROOT\CLSID\{533695F0-F6F6-4907-B86D-F610F0A16AED}]
[-HKEY_CLASSES_ROOT\CLSID\{4F966C1A-B1A7-4475-8784-D492E63FCB14}]
[-HKEY_CLASSES_ROOT\CLSID\{E7F72A3E-7EC9-4653-9366-CEDCA942C5DC}]
[-HKEY_CLASSES_ROOT\CLSID\{2503EA54-EBE6-4C7D-ABD7-EF4EFD9052A1}]
[-HKEY_CLASSES_ROOT\CLSID\{5EAAB41B-246B-4963-AD05-C484025BBEFE}]
[-HKEY_CLASSES_ROOT\CLSID\{2B131403-A3E1-4CE1-A683-8E26CF786B37}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
************************************************** **************************
Desktop.ini Contents:
************************************************** **************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
************************************************** **************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/abtodisc.dll (deflated 5%)
adding: dlls/afivvaxx.dll (deflated 5%)
adding: dlls/afpmgr.dll (deflated 5%)
adding: dlls/ahsnw.dll (deflated 5%)
adding: dlls/aksmsext.dll (deflated 4%)
adding: dlls/arivtmxx.dll (deflated 5%)
adding: dlls/bfowser.dll (deflated 5%)
adding: dlls/bnowsewm.dll (deflated 5%)
adding: dlls/bqpanui.dll (deflated 4%)
adding: dlls/cfb.dll (deflated 5%)
adding: dlls/ckb.dll (deflated 5%)
adding: dlls/clcdll.dll (deflated 5%)
adding: dlls/cnutil.dll (deflated 4%)
adding: dlls/ctutil.dll (deflated 5%)
adding: dlls/cwprops.dll (deflated 5%)
adding: dlls/cXbview.dll (deflated 5%)
adding: dlls/cxrpol.dll (deflated 5%)
adding: dlls/d00m0ad1ed0.dll (deflated 5%)
adding: dlls/ddactfrm.dll (deflated 4%)
adding: dlls/de6001jme.dll (deflated 5%)
adding: dlls/dfmsrpcn.dll (deflated 5%)
adding: dlls/dfscript.dll (deflated 5%)
adding: dlls/dikquota.dll (deflated 5%)
adding: dlls/djnmodem.dll (deflated 5%)
adding: dlls/dn6001jme.dll (deflated 5%)
adding: dlls/docompos.dll (deflated 5%)
adding: dlls/dukquota.dll (deflated 4%)
adding: dlls/dwnetlib.dll (deflated 4%)
adding: dlls/dwnwsock.dll (deflated 5%)
adding: dlls/en08l1du1.dll (deflated 5%)
adding: dlls/en44l1hq1.dll (deflated 4%)
adding: dlls/en4ql1h51.dll (deflated 4%)
adding: dlls/en6ol1j31.dll (deflated 6%)
adding: dlls/enl6l13s1.dll (deflated 5%)
adding: dlls/enpml1711.dll (deflated 5%)
adding: dlls/fopsapi2.dll (deflated 5%)
adding: dlls/fpr2039oe.dll (deflated 4%)
adding: dlls/h6j4lg1q16.dll (deflated 6%)
adding: dlls/had.dll (deflated 5%)
adding: dlls/hL23msp.dll (deflated 5%)
adding: dlls/hmgt53tk.dll (deflated 4%)
adding: dlls/hr2m05f1e.dll (deflated 5%)
adding: dlls/hr6805jue.dll (deflated 5%)
adding: dlls/hrn2055oe.dll (deflated 5%)
adding: dlls/hrnq0555e.dll (deflated 6%)
adding: dlls/hvcoin.dll (deflated 5%)
adding: dlls/i2240cfqef2e0.dll (deflated 5%)
adding: dlls/ifetmib1.dll (deflated 5%)
adding: dlls/ijsrstap.dll (deflated 5%)
adding: dlls/iLshlpr.dll (deflated 6%)
adding: dlls/imetcplc.dll (deflated 5%)
adding: dlls/ioagehlp.dll (deflated 4%)
adding: dlls/ir80l5lm1.dll (deflated 5%)
adding: dlls/irjml5111.dll (deflated 5%)
adding: dlls/irrml5911.dll (deflated 6%)
adding: dlls/iXsads.dll (deflated 4%)
adding: dlls/jtp6077se.dll (deflated 4%)
adding: dlls/kmdsf.dll (deflated 5%)
adding: dlls/kqdhe.dll (deflated 5%)
adding: dlls/ktr2l79o1.dll (deflated 6%)
adding: dlls/kxdmon.dll (deflated 5%)
adding: dlls/kzdmon.dll (deflated 4%)
adding: dlls/l08mlal11dq.dll (deflated 5%)
adding: dlls/l28mlcl11fq.dll (deflated 5%)
adding: dlls/l42slef71h2.dll (deflated 5%)
adding: dlls/l6j8lg1u16.dll (deflated 4%)
adding: dlls/lcfax70n.dll (deflated 4%)
adding: dlls/lcrt.dll (deflated 5%)
adding: dlls/lN8mlcl11fq.dll (deflated 5%)
adding: dlls/lt0027dmg.dll (deflated 5%)
adding: dlls/lv0m09d1e.dll (deflated 5%)
adding: dlls/lv8m09l1e.dll (deflated 4%)
adding: dlls/lvj2091oe.dll (deflated 5%)
adding: dlls/lvl0093me.dll (deflated 5%)
adding: dlls/lvnu0959e.dll (deflated 5%)
adding: dlls/lvp8097ue.dll (deflated 5%)
adding: dlls/lvpq0975e.dll (deflated 4%)
adding: dlls/m0nqla551d.dll (deflated 6%)
adding: dlls/m0pola731d.dll (deflated 5%)
adding: dlls/mac71.dll (deflated 6%)
adding: dlls/mavbvm60.dll (deflated 5%)
adding: dlls/mesnap.dll (deflated 4%)
adding: dlls/MEWMDM.dll (deflated 5%)
adding: dlls/MGREPL35.DLL (deflated 5%)
adding: dlls/mjvcrt20.dll (deflated 5%)
adding: dlls/mnaudite.dll (deflated 5%)
adding: dlls/mnrmsg.dll (deflated 5%)
adding: dlls/mnxdm.dll (deflated 5%)
adding: dlls/mptlsapi.dll (deflated 5%)
adding: dlls/myimg32.dll (deflated 4%)
adding: dlls/mysnap.dll (deflated 5%)
adding: dlls/mzoert2.dll (deflated 4%)
adding: dlls/mztvgs.dll (deflated 4%)
adding: dlls/n6l8lg3u16.dll (deflated 5%)
adding: dlls/noth.dll (deflated 4%)
adding: dlls/nrth.dll (deflated 5%)
adding: dlls/nyth.dll (deflated 5%)
adding: dlls/o2840clqefqe0.dll (deflated 4%)
adding: dlls/o4pq0e75eh.dll (deflated 5%)
adding: dlls/obbc32.dll (deflated 5%)
adding: dlls/ofeprn.dll (deflated 5%)
adding: dlls/pbtorsvc.dll (deflated 5%)
adding: dlls/phrfdisk.dll (deflated 5%)
adding: dlls/piustab.dll (deflated 5%)
adding: dlls/q8ps0i77e8.dll (deflated 5%)
adding: dlls/satupdll.dll (deflated 4%)
adding: dlls/sdrmdll.dll (deflated 5%)
adding: dlls/sFmsrv.dll (deflated 5%)
adding: dlls/sqs.dll (deflated 4%)
adding: dlls/sroes.dll (deflated 5%)
adding: dlls/uhlmon.dll (deflated 5%)
adding: dlls/wcdmtpdr.dll (deflated 4%)
adding: dlls/wjsapi32.dll (deflated 5%)
adding: dlls/wkvadvd.dll (deflated 4%)
adding: dlls/wpploc.dll (deflated 5%)
adding: dlls/wwhnetbs.dll (deflated 4%)
adding: dlls/wzbcheck.dll (deflated 5%)
adding: dlls/xSctsrv.dll (deflated 5%)
adding: dlls/zubw.dll (deflated 5%)
adding: backregs/notibac.reg (deflated 72%)
adding: backregs/shell.reg (deflated 73%)
adding: backregs/533695F0-F6F6-4907-B86D-F610F0A16AED.reg (deflated 70%)
adding: backregs/4F966C1A-B1A7-4475-8784-D492E63FCB14.reg (deflated 70%)
adding: backregs/E7F72A3E-7EC9-4653-9366-CEDCA942C5DC.reg (deflated 70%)
adding: backregs/2503EA54-EBE6-4C7D-ABD7-EF4EFD9052A1.reg (deflated 70%)
adding: backregs/5EAAB41B-246B-4963-AD05-C484025BBEFE.reg (deflated 70%)
adding: backregs/2B131403-A3E1-4CE1-A683-8E26CF786B37.reg (deflated 70%)

A continuacion transmito el resultado del hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 13:13:28, on 28/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\ARCHIV~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest. ExE
C:\Archivos de programa\Spyware Doctor\swdoctor.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
C:\WINDOWS\System32\alg.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARCHIV~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\ARCHIV~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest. ExE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Archivos de programa\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Archivos de programa\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\lvl0093me.dll (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe

Descarga, actualiza y ejecuta el programa Spy Sweeper 4.5 primero en modo normal y luego "Modo a prueba de fallos" (modo seguro)

Hacele un escaneo online con "Ewido Scanner Online"

Usa el Disk Cleaner para limpiar cookies y temporales y RegSeeker para limpiar el registro de Win.

Reinicia y nos contas los resultados.

Salu2

Despues de aplicar vuestras ultima sugerencia el ordenador parece que se ha normalizado . Ewido encontro un monton de bichos y el Spysweeper tambien.
No he aplicado el Regseeker por temor de estropear algo.
Ahora tengo instalados el Kaspersky, el Spywaredoctor y el Spysweeper. No se
si esta combinacion puede ocasionar colisiones o graves abusos del tiempo de CPU. Os agradeceria vuestro consejo sobre este punto y tambien cual seria la combinacion mas adecuada y equilibrada para poder estar tranquilo contra esta maldita plaga de spyware y malware que nos invade.
Gracias por todo.
Vuestra ayuda ha sido muy efectiva y valiosa.