Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Logfile of HijackThis v1.99.1
Scan saved at 06:41:24 p.m., on 10/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\Archivos de programa\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\ARCHIV~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\ARCHIV~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Windows\System32\NMSSvc.exe
C:\Archivos de programa\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\ARCHIV~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Windows\System32\svchost.exe
C:\Archivos de programa\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
C:\ARCHIV~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Windows\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe
C:\Windows\system32\ctfmon.exe
C:\Archivos de programa\Microsoft AntiSpyware\gcasDtServ.exe
C:\Windows\system32\rundll32.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.t1msn.com.mx/0SEESMX/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [Network] C:\Archivos de programa\Network\network.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SmartShopper - Compare product prices - {679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0} - C:\Windows\System32\shdocvw.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: SmartShopper - Compare travel rates - {9E4DF170-217F-4658-A11F-590664542B73} - C:\Windows\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avpe32 - C:\Windows\SYSTEM32\avpe32.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MS-DOS Emulation - C:\Windows\system32\fppm0371e.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\Windows\IA\command.exe (file missing)
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Archivos de programa\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\ARCHIV~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\ARCHIV~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Archivos de programa\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\ARCHIV~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Archivos de programa\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

Y MIL GRACIAS PRO LA AYUDA
ATTE
MAURICIO MTZ.

Hola y bienvenido al foro.

Atencion!! Lea las políticas antes de pegar su log de HijackThis.

Por lo pronto descarga las herramientas DelPSGuard.zip y Spy Sweeper y ejecútalas primero en Modo Normal y luego en Modo a Prueba de Fallos.

Reinicia la máquina en Modo Normal, pega otro log de Hijackthis y coméntanos con detalles los problemas de tu PC.

Saludos

BUENO PUE SMI PROBLEMA ES QUE MI PC SE VOLVIO LENTA, QUE L AMEMORAI AVIRTUAL EST ASATURADA Y SE ABREN MUCHA SVENTANAS DEINTERNET SPY SWEEPER

********
11:16 a.m.: | Start of Session, Lunes, 13 de Febrero de 2006 |
11:16 a.m.: Spy Sweeper started
11:16 a.m.: Sweep initiated using definitions version 613
11:16 a.m.: Starting Memory Sweep
11:18 a.m.: Memory Sweep Complete, Elapsed Time: 00:01:16
11:18 a.m.: Starting Registry Sweep
11:18 a.m.: Registry Sweep Complete, Elapsed Time:00:00:17
11:18 a.m.: Starting Cookie Sweep
11:18 a.m.: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:18 a.m.: Starting File Sweep
11:38 a.m.: Found Adware: command
11:38 a.m.: 00292549.exe (ID = 231443)
11:48 a.m.: File Sweep Complete, Elapsed Time: 00:29:42
11:48 a.m.: Full Sweep has completed. Elapsed time 00:31:25
11:48 a.m.: Traces Found: 1
12:01 p.m.: Removal process initiated
12:01 p.m.: Quarantining All Traces: command
12:01 p.m.: Removal process completed. Elapsed time 00:00:01
12:02 p.m.: Deletion from quarantine initiated
12:02 p.m.: Processing: dollarrevenue
12:02 p.m.: Processing: spysheriff fakealert
12:02 p.m.: Processing: cws_secure32.html hijack
12:02 p.m.: Processing: belnk cookie
12:02 p.m.: Processing: yieldmanager cookie
12:02 p.m.: Processing: findthewebsiteyouneed hijack
12:02 p.m.: Processing: hotbar
12:02 p.m.: Processing: www.maxifiles cookie
12:02 p.m.: Processing: maxifiles
12:02 p.m.: Processing: command
12:02 p.m.: Processing: spysheriff
12:02 p.m.: Processing: syswebtelecom
12:02 p.m.: Processing: trojan-backdoor-haxdoor
12:02 p.m.: Deletion from quarantine completed. Elapsed time 00:00:00
********
10:21 a.m.: | Start of Session, Lunes, 13 de Febrero de 2006 |
10:21 a.m.: Spy Sweeper started
10:21 a.m.: Sweep initiated using definitions version 613
10:21 a.m.: Found Trojan Horse: trojan-backdoor-haxdoor
10:21 a.m.: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\avpe32\ || dllname (ID = 1036014)
10:21 a.m.: avpe32.dll (ID = 1036014)
10:21 a.m.: Starting Memory Sweep
10:22 a.m.: Detected running threat: C:\WINDOWS\system32\avpe32.dll (ID = 240721)
10:24 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:24 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:24 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:24 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:24 a.m.: Memory Sweep Complete, Elapsed Time: 00:03:09
10:24 a.m.: Starting Registry Sweep
10:24 a.m.: Found Adware: hotbar
10:24 a.m.: HKCR\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 subtraces) (ID = 127325)
10:24 a.m.: HKCR\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 subtraces) (ID = 127339)
10:24 a.m.: HKCR\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 subtraces) (ID = 127353)
10:24 a.m.: HKLM\software\classes\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 subtraces) (ID = 127490)
10:24 a.m.: HKLM\software\classes\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 subtraces) (ID = 127503)
10:24 a.m.: HKLM\software\classes\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 subtraces) (ID = 127514)
10:24 a.m.: HKLM\software\classes\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\ (9 subtraces) (ID = 127543)
10:24 a.m.: HKLM\software\classes\typelib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}\ (9 subtraces) (ID = 127555)
10:24 a.m.: HKLM\software\classes\typelib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}\ (9 subtraces) (ID = 127557)
10:24 a.m.: HKCR\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\ (9 subtraces) (ID = 127641)
10:24 a.m.: HKCR\typelib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}\ (9 subtraces) (ID = 127654)
10:24 a.m.: HKCR\typelib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}\ (9 subtraces) (ID = 127656)
10:24 a.m.: Found Adware: syswebtelecom
10:24 a.m.: HKLM\software\classes\typelib\{273773ea-e96d-49f8-9ab1-eaec34a97347}\1.0\ (8 subtraces) (ID = 143574)
10:24 a.m.: HKCR\typelib\{273773ea-e96d-49f8-9ab1-eaec34a97347}\ (9 subtraces) (ID = 143581)
10:24 a.m.: HKCR\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (8 subtraces) (ID = 774223)
10:24 a.m.: HKCR\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (8 subtraces) (ID = 774241)
10:24 a.m.: HKCR\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (8 subtraces) (ID = 774358)
10:24 a.m.: HKCR\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (8 subtraces) (ID = 774394)
10:24 a.m.: HKCR\interface\{b671426c-5c1a-48ac-9652-bc9402b1c404}\ (8 subtraces) (ID = 774403)
10:24 a.m.: HKCR\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (8 subtraces) (ID = 774412)
10:24 a.m.: HKCR\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (8 subtraces) (ID = 774457)
10:24 a.m.: HKLM\software\classes\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (8 subtraces) (ID = 774499)
10:24 a.m.: HKLM\software\classes\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (8 subtraces) (ID = 774517)
10:24 a.m.: HKLM\software\classes\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (8 subtraces) (ID = 774634)
10:24 a.m.: HKLM\software\classes\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (8 subtraces) (ID = 774670)
10:24 a.m.: HKLM\software\classes\interface\{b671426c-5c1a-48ac-9652-bc9402b1c404}\ (8 subtraces) (ID = 774679)
10:24 a.m.: HKLM\software\classes\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (8 subtraces) (ID = 774688)
10:24 a.m.: HKLM\software\classes\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (8 subtraces) (ID = 774733)
10:24 a.m.: Found Adware: cws_secure32.html hijack
10:24 a.m.: HKLM\software\microsoft\internet explorer\main\ || start page (ID = 946025)
10:24 a.m.: Found Adware: command
10:24 a.m.: HKLM\system\currentcontrolset\services\cmdservice\ (12 subtraces) (ID = 958670)
10:24 a.m.: HKLM\system\currentcontrolset\enum\root\legacy_cmd service\0000\ (6 subtraces) (ID = 1016064)
10:24 a.m.: HKLM\system\currentcontrolset\enum\root\legacy_cmd service\ (8 subtraces) (ID = 1016072)
10:24 a.m.: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\avpe32\ (6 subtraces) (ID = 1035850)
10:24 a.m.: HKLM\system\currentcontrolset\control\safeboot\min imal\avpe32.sys\ (1 subtraces) (ID = 1035876)
10:24 a.m.: HKLM\system\currentcontrolset\control\safeboot\min imal\avpe64.sys\ (1 subtraces) (ID = 1035878)
10:24 a.m.: HKLM\system\currentcontrolset\control\safeboot\net work\avpe32.sys\ (1 subtraces) (ID = 1035880)
10:24 a.m.: HKLM\system\currentcontrolset\control\safeboot\net work\avpe64.sys\ (1 subtraces) (ID = 1035882)
10:24 a.m.: HKLM\system\currentcontrolset\services\avpe32\ (12 subtraces) (ID = 1035884)
10:24 a.m.: HKLM\system\currentcontrolset\services\avpe64\ (7 subtraces) (ID = 1035896)
10:24 a.m.: Found Adware: dollarrevenue
10:24 a.m.: HKLM\software\microsoft\drsmartload2\ (1 subtraces) (ID = 1134137)
10:24 a.m.: Found Adware: spysheriff
10:24 a.m.: HKLM\software\microsoft\internet explorer\main\ || start page (ID = 1140862)
10:24 a.m.: HKLM\software\microsoft\windows\currentversion\run \ || gimmygames (ID = 1146099)
10:24 a.m.: HKU\S-1-5-21-538525854-4179051517-1260927497-500\software\sponsoradulto2\ (106 subtraces) (ID = 143576)
10:24 a.m.: Found Adware: findthewebsiteyouneed hijack
10:24 a.m.: HKU\S-1-5-21-538525854-4179051517-1260927497-500\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
10:24 a.m.: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575)
10:24 a.m.: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576)
10:24 a.m.: Found Adware: maxifiles
10:24 a.m.: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (ID = 1021025)
10:24 a.m.: Registry Sweep Complete, Elapsed Time:00:00:18
10:24 a.m.: Starting Cookie Sweep
10:24 a.m.: Found Spy Cookie: yieldmanager cookie
10:24 a.m.: administrador@ad.yieldmanager[2].txt (ID = 3751)
10:24 a.m.: Found Spy Cookie: belnk cookie
10:24 a.m.: administrador@belnk[1].txt (ID = 2292)
10:24 a.m.: administrador@dist.belnk[2].txt (ID = 2293)
10:24 a.m.: Found Spy Cookie: www.maxifiles cookie
10:24 a.m.: administrador@www.maxifiles[1].txt (ID = 3707)
10:24 a.m.: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:24 a.m.: Starting File Sweep
10:25 a.m.: c:\archivos de programa\network monitor (1 subtraces) (ID = -2147459771)
10:25 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:25 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:25 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:25 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:25 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:25 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:25 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:25 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:26 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:26 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:26 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:26 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:26 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:26 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:26 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:26 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:27 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:27 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:27 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:27 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:28 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:28 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:28 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:28 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:29 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:29 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:29 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:29 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:29 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:29 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:29 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:29 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:29 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:29 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:29 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:29 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:30 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:30 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:30 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:30 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:30 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:30 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:30 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:30 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:30 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:30 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:30 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:30 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:31 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:31 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:31 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:31 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:31 a.m.: Found Adware: azsearch toolbar
10:31 a.m.: azesearch.bmp (ID = 50322)
10:31 a.m.: uninstall_nmon.vbs (ID = 231442)
10:31 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:31 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:31 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:31 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:32 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:32 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:32 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:32 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:32 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:32 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:32 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:32 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:32 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:32 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:32 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:32 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:33 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:33 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:33 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:33 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:33 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:33 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:33 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:33 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:34 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:34 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:34 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:34 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:34 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:34 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:34 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:34 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:35 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:35 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:35 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:35 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:35 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:35 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:35 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:35 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:35 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:35 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:35 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:35 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:36 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\uninst.exe". El sistema no puede hallar la ruta especificada
10:36 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:36 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:36 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:36 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:36 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\vs_setup.dll". El sistema no puede hallar la ruta especificada
10:36 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:36 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:36 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:36 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:37 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:37 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:37 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:37 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:37 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\vs70pgui.dll". El sistema no puede hallar la ruta especificada
10:37 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:37 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:37 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:37 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:37 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:37 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:37 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:37 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:38 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\sitsetup.dll". El sistema no puede hallar la ruta especificada
10:38 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:38 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:38 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:38 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:38 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\_istmp1.dir\_istmp0.dir\isuninst.exe". El sistema no puede hallar la ruta especificada
10:38 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:38 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:38 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:38 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:39 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:39 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:39 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:39 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:39 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\40comupd.exe". El sistema no puede hallar la ruta especificada
10:39 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:39 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:39 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:39 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:40 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:40 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:40 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:40 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:40 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\defdependencyui.dll". El sistema no puede hallar la ruta especificada
10:40 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\_istmp4.dir\_istmp0.dir\filegrp\regopt. dll". El sistema no puede hallar la ruta especificada
10:40 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:40 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:40 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:40 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:40 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\vs70uimgr.dll". El sistema no puede hallar la ruta especificada
10:41 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\msvcr70.dll". El sistema no puede hallar la ruta especificada
10:41 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:41 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:41 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:41 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:41 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:41 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:41 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:41 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:41 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:41 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:41 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:41 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:42 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\_istmp2.dir\_istmp0.dir\isuninst.exe". El sistema no puede hallar la ruta especificada
10:42 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:42 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:42 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:42 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:42 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:42 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:42 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:42 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:42 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:42 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:42 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:42 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:43 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:43 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:43 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:43 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:44 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:44 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:44 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:44 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:44 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:44 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:44 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:44 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:44 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43zzz.ic_". El sistema no puede hallar la ruta especificada
10:44 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:44 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:44 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:44 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:44 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\setup.ins". El sistema no puede hallar la ruta especificada
10:44 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\_istmp2.dir\_istmp0.dir\135da4.dll". El sistema no puede hallar la ruta especificada
10:45 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:45 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:45 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:45 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:45 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:45 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:45 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:45 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43gs3.ic_". El sistema no puede hallar la ruta especificada
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43hd3.ic_". El sistema no puede hallar la ruta especificada
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43hs3.ic_". El sistema no puede hallar la ruta especificada
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43pd3.ic_". El sistema no puede hallar la ruta especificada
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43pfa.ic_". El sistema no puede hallar la ruta especificada
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43ps3.ic_". El sistema no puede hallar la ruta especificada
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43gd3.ic_". El sistema no puede hallar la ruta especificada
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43hf3.ic_". El sistema no puede hallar la ruta especificada
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43ge3.ic_". El sistema no puede hallar la ruta especificada
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43he3.ic_". El sistema no puede hallar la ruta especificada
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43gf3.ic_". El sistema no puede hallar la ruta especificada
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43pea.ic_". El sistema no puede hallar la ruta especificada
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43pp3.ic_". El sistema no puede hallar la ruta especificada
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43gp3.ic_". El sistema no puede hallar la ruta especificada

10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43pf3.ic_". El sistema no puede hallar la ruta especificada
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43pe3.ic_". El sistema no puede hallar la ruta especificada
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\defhelp.dll". El sistema no puede hallar la ruta especificada
10:45 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cnf43hp3.ic_". El sistema no puede hallar la ruta especificada
10:46 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\deffactory.dll". El sistema no puede hallar la ruta especificada
10:46 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\setup.exe". El sistema no puede hallar la ruta especificada
10:46 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\validation.dll". El sistema no puede hallar la ruta especificada
10:46 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\setuplog.dll". El sistema no puede hallar la ruta especificada
10:46 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:46 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:46 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:46 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:46 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\accountmgr.dll". El sistema no puede hallar la ruta especificada
10:46 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\diskinfomgr.dll". El sistema no puede hallar la ruta especificada
10:46 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\cdinfomgr.dll". El sistema no puede hallar la ruta especificada
10:46 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:46 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:46 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:46 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:46 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:46 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:46 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:46 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:46 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\setupdb.dll". El sistema no puede hallar la ruta especificada
10:46 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\mpmasdll.dll". El sistema no puede hallar la ruta especificada
10:46 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\cltscen.dll". El sistema no puede hallar la ruta especificada
10:46 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\defchangefolder.dll". El sistema no puede hallar la ruta especificada
10:46 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\canonbj.hl_". El sistema no puede hallar la ruta especificada
10:47 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\customrio.dll". El sistema no puede hallar la ruta especificada
10:47 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\templmgr.dll". El sistema no puede hallar la ruta especificada
10:47 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\dependmgr.dll". El sistema no puede hallar la ruta especificada
10:47 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\vssetupreqs.dll". El sistema no puede hallar la ruta especificada
10:47 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\svrgrpmgr.dll". El sistema no puede hallar la ruta especificada
10:47 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:47 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:47 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:47 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:47 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\corebj.dl_". El sistema no puede hallar la ruta especificada
10:47 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:47 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:47 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:47 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:47 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:47 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:47 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:47 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:47 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\ucs16.dl_". El sistema no puede hallar la ruta especificada
10:48 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:48 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:48 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:48 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:48 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\_setup.dll". El sistema no puede hallar la ruta especificada
10:48 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:48 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:48 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:48 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:48 a.m.: avpe32.dll (ID = 240721)
10:49 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\deletetemp.exe". El sistema no puede hallar la ruta especificada
10:49 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\commonres.dll". El sistema no puede hallar la ruta especificada
10:49 a.m.: Found Adware: spysheriff fakealert
10:49 a.m.: secure32.html (ID = 184319)
10:49 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cbjui.dl_". El sistema no puede hallar la ruta especificada
10:49 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:49 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:49 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:49 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:49 a.m.: netmon.exe (ID = 231443)
10:49 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:49 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:49 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:49 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:49 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\usrstrc.dl_". El sistema no puede hallar la ruta especificada
10:50 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\setup.exe". El sistema no puede hallar la ruta especificada
10:50 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:50 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:50 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:50 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:50 a.m.: 00291500.exe (ID = 185254)
10:50 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:50 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:50 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:50 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:50 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\canonde.dl_". El sistema no puede hallar la ruta especificada
10:51 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:51 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:51 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:51 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:51 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:51 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:51 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:51 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:51 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\data.4". El sistema no puede hallar la ruta especificada
10:51 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\_inst16.ex_". El sistema no puede hallar la ruta especificada
10:52 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\_inst32i.ex_". El sistema no puede hallar la ruta especificada
10:52 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\_setup.lib". El sistema no puede hallar la ruta especificada
10:52 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:52 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:52 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:52 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:52 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:52 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:52 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:52 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:52 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\prereq.htm". El sistema no puede hallar la ruta especificada
10:52 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\readme.htm". El sistema no puede hallar la ruta especificada
10:52 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:52 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:52 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:52 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:52 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\mpmaster.ex_". El sistema no puede hallar la ruta especificada
10:53 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\data.1". El sistema no puede hallar la ruta especificada
10:53 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\install1.htm". El sistema no puede hallar la ruta especificada
10:53 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:53 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:53 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:53 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:53 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\contents.htm". El sistema no puede hallar la ruta especificada
10:53 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\install2.htm". El sistema no puede hallar la ruta especificada
10:53 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\toc.htm". El sistema no puede hallar la ruta especificada
10:53 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\usercancelled.htm". El sistema no puede hallar la ruta especificada
10:53 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:53 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:53 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:53 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:53 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\maint_ban.bmp". El sistema no puede hallar la ruta especificada
10:53 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\txtsetup.inf". El sistema no puede hallar la ruta especificada
10:53 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\setup.sdb". El sistema no puede hallar la ruta especificada
10:53 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:53 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:53 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:53 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:54 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\canonbj.inf". El sistema no puede hallar la ruta especificada
10:54 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\setup.pkg". El sistema no puede hallar la ruta especificada
10:54 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\adminmode.htm". El sistema no puede hallar la ruta especificada
10:54 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\adminmodeinfo.htm". El sistema no puede hallar la ruta especificada
10:54 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\baseline.dat". El sistema no puede hallar la ruta especificada
10:54 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\failed.htm". El sistema no puede hallar la ruta especificada
10:54 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\suiteinfo.dll". El sistema no puede hallar la ruta especificada
10:54 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\banner.bmp". El sistema no puede hallar la ruta especificada
10:54 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\readme.wri". El sistema no puede hallar la ruta especificada
10:54 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\_isdel.exe". El sistema no puede hallar la ruta especificada
10:54 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:54 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:54 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:54 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:54 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:54 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:54 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:54 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:54 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\adminreadme.htm". El sistema no puede hallar la ruta especificada
10:55 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:55 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:55 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:55 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:55 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\bjchain.dl_". El sistema no puede hallar la ruta especificada
10:55 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\icmapi16.dl_". El sistema no puede hallar la ruta especificada
10:55 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\admin_ban.bmp". El sistema no puede hallar la ruta especificada
10:55 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\_istmp2.dir\_istmp0.dir\corecomp.ini". El sistema no puede hallar la ruta especificada
10:55 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\eula.txt". El sistema no puede hallar la ruta especificada
10:55 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cbjsetup.dll". El sistema no puede hallar la ruta especificada
10:55 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:55 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:55 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\ussmooth.dl_". El sistema no puede hallar la ruta especificada
10:55 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:55 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:55 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:55 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:55 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:55 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:55 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\_istmp1.dir\_istmp0.dir\corecomp.ini". El sistema no puede hallar la ruta especificada
10:56 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:56 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:56 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:56 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:56 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\sit10713.tmp\pidgen.dll". El sistema no puede hallar la ruta especificada
10:56 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\canonbj.dr_". El sistema no puede hallar la ruta especificada
10:56 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\setup.bmp". El sistema no puede hallar la ruta especificada
10:56 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\ushtmgr.dl_". El sistema no puede hallar la ruta especificada
10:56 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:56 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:56 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:56 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:56 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:56 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:56 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:56 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:57 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\_istmp4.dir\_istmp0.dir\filegrp\ue32.hl p". El sistema no puede hallar la ruta especificada
10:57 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\_istmp1.dir\_istmp0.dir\ctl3d32.dll". El sistema no puede hallar la ruta especificada
10:57 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\_istmp2.dir\_istmp0.dir\ctl3d32.dll". El sistema no puede hallar la ruta especificada
10:57 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:57 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:57 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:57 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:58 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\bjvrt16.dl_". El sistema no puede hallar la ruta especificada
10:58 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\_istmp1.dir\_istmp0.dir\707ed.dll". El sistema no puede hallar la ruta especificada
10:58 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:58 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:58 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:58 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:58 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:58 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:58 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:58 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:58 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\bj3bit.dl_". El sistema no puede hallar la ruta especificada
10:58 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\cispmon.dl_". El sistema no puede hallar la ruta especificada
10:59 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\data.2". El sistema no puede hallar la ruta especificada
10:59 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:59 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:59 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:59 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:59 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:59 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:59 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:59 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:59 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:59 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:59 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
10:59 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:00 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:00 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:00 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:00 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:00 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:00 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:00 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:00 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:00 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:00 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:00 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:00 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:01 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:01 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:01 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:01 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:01 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:01 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:01 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:01 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:02 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:02 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:02 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:02 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:02 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:02 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:02 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:02 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:03 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:03 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:03 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:03 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:03 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:03 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:03 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:03 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:03 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:03 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:03 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:03 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:04 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:04 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:04 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:04 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:04 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:04 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:04 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:04 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:04 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:04 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:04 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:04 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:05 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:05 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:05 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:05 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:05 a.m.: Warning: Failed to open file "c:\documents and settings\administrador\configuración local\temp\~~adtmp~\data.3". El sistema no puede hallar la ruta especificada
11:05 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:05 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:05 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:05 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:06 a.m.: ps.a3d (ID = 233118)
11:06 a.m.: File Sweep Complete, Elapsed Time: 00:41:10
11:06 a.m.: Full Sweep has completed. Elapsed time 00:44:44
11:06 a.m.: Traces Found: 456
11:06 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:06 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:06 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:06 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:06 a.m.: Removal process initiated
11:06 a.m.: Quarantining All Traces: spysheriff fakealert
11:06 a.m.: Quarantining All Traces: trojan-backdoor-haxdoor
11:06 a.m.: trojan-backdoor-haxdoor is in use. It will be removed on reboot.
11:06 a.m.: avpe32.dll is in use. It will be removed on reboot.
11:06 a.m.: C:\WINDOWS\system32\avpe32.dll is in use. It will be removed on reboot.
11:06 a.m.: Quarantining All Traces: azsearch toolbar
11:06 a.m.: Quarantining All Traces: dollarrevenue
11:06 a.m.: Quarantining All Traces: hotbar
11:06 a.m.: Quarantining All Traces: maxifiles
11:06 a.m.: Quarantining All Traces: spysheriff
11:06 a.m.: Quarantining All Traces: command
11:06 a.m.: Quarantining All Traces: cws_secure32.html hijack
11:06 a.m.: Quarantining All Traces: findthewebsiteyouneed hijack
11:06 a.m.: Quarantining All Traces: syswebtelecom
11:06 a.m.: Quarantining All Traces: belnk cookie
11:06 a.m.: Quarantining All Traces: www.maxifiles cookie
11:06 a.m.: Quarantining All Traces: yieldmanager cookie
11:07 a.m.: Preparing to restart your computer. Please wait...
11:07 a.m.: Removal process completed. Elapsed time 00:00:34
11:07 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:07 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:07 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:07 a.m.: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:16 a.m.: Program Version 4.5.9 (Build 709) Using Spyware Definitions 613
11:16 a.m.: | End of Session, Lunes, 13 de Febrero de 2006 |
********
10:20 a.m.: | Start of Session, Lunes, 13 de Febrero de 2006 |
10:20 a.m.: Spy Sweeper started
10:20 a.m.: Your spyware definitions have been updated.
10:21 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:21 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:21 a.m.: Updating spyware definitions
10:21 a.m.: Your definitions are up to date.
10:21 a.m.: | End of Session, Lunes, 13 de Febrero de 2006 |
DE ANTEMANO GRACIAS

¿Y el log de Hijackthis?

Saludos

BUENO AUN ME SIGUEN ABRIENEO UNA QUE OTRA VENTANITA Y UN POCO LENTA MI PC

Logfile of HijackThis v1.99.1
Scan saved at 04:13:25 p.m., on 13/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\Archivos de programa\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\ARCHIV~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\ARCHIV~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\NMSSvc.exe
C:\Archivos de programa\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\ARCHIV~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Windows\System32\svchost.exe
C:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Network\network.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe
C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\system32\ctfmon.exe
C:\Archivos de programa\Microsoft AntiSpyware\gcasDtServ.exe
C:\Archivos de programa\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
C:\ARCHIV~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.t1msn.com.mx/0SEESMX/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Network] C:\Archivos de programa\Network\network.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SmartShopper - Compare product prices - {679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0} - C:\Windows\System32\shdocvw.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: SmartShopper - Compare travel rates - {9E4DF170-217F-4658-A11F-590664542B73} - C:\Windows\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Paths - C:\Windows\
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Telephony - C:\Windows\system32\dn6601jse.dll
O20 - Winlogon Notify: WRNotifier - C:\Windows\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Archivos de programa\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\ARCHIV~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\ARCHIV~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Archivos de programa\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\ARCHIV~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Archivos de programa\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

Aún no está limpio ese log, lo que pasa es que tienes una variante de Vundo/Look2me y la puedes ver en la entrada 020:

O20 - Winlogon Notify: Telephony - C:\Windows\system32\dn6601jse.dll

Este bicho tiene como característica cambiar de nombre en cada reinicio y el Spy Sweeper puede eliminarlo de manera automática, aunque como todo software no es infalible.

Realiza nuevamente un escaneo con Spy Sweeper, primero en Modo Normal y luego en Modo a Prueba de Fallos y verifica los resultados.


Solo si el problema persiste sigue estos pasos:

Descarga la herramienta L2mfix

Guarda el archivo en el escritorio y dale doble click en l2mfix.exe. Dale click en el botón Install para extraer los archivos y sigue las indicaciones. A continuación abre la carpeta l2mfix que acaba de crearse en tu escritorio. Dale doble click en l2mfix.bat y elige la opción número 1 para ejecutar "Run Find Log" (Crear informe de búsqueda) pulsando 1 y >Enter. A continuación se realizará un análisis de tu sistema aunque puede parecer que no está sucediendo nada.

Transcurridos unos minutos se abrirá el bloc de notas con un informe. Copia el contenido de ese informe y pégalo aca.

¡IMPORTANTE: NO ejecutes la opción número 2 o ningún otro archivo de la carpeta l2mfix hasta que te lo indique!

Saludos

¿Leiste mi mensaje anterior? ¿te pedí en algún momento el reporte de Spy Sweeper?

Por favor sigue las indicaciones que te dí con la heramienta L2mfix y comentas los resultados.

Saludos

L2MFIX find log 010406
These are the registry keys present
************************************************** ********************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Paths]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33, 00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e, 00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\policies]
"Asynchronous"=dword:00000000
"DllName"="C:\\Windows\\system32\\dn6201joe.dl l"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEven t"
"Logoff"="UnregisterTicketExpiredNotificationEvent "
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

************************************************** ********************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
"{BBA24A28-02B8-436B-FEED-654413D9D617}"=""

************************************************** ********************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Hoja de propiedades de archivos multimedia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Administraci¢n de esc*ner ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="P*gina de seguridad NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="P*gina de propiedades del archivo de documentos OLE"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del adaptador de pantalla"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del monitor de pantalla"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n de paneo de pantalla del Panel de control"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="P*gina de seguridad DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="P*gina de compatibilidad"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extensi¢n de copia de discos"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensiones del shell para objetos de la red de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Administraci¢n de monitor ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Administraci¢n de impresora ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensiones del shell para compresi¢n de archivos"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extensi¢n del shell de impresora en Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Men£ de contexto de cifrado"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Malet¡n"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extensi¢n de icono de HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fuentes"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Perfil de ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="P*gina de seguridad de impresoras"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n PKO cifrada"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n de firma cifrada"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Conexiones de red"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Conexiones de red"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&C*maras y esc*neres"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&C*maras y esc*neres"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&C*maras y esc*neres"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&C*maras y esc*neres"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&C*maras y esc*neres"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensiones del shell para Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="V¡nculos a datos de Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tareas programadas"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra de tareas y men£ Inicio"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Buscar"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ejecutar..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Correo electr¢nico"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fuentes"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Herramientas administrativas"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra de herramientas de Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Estado de la descarga"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Carpeta Shell aumentada"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Carpeta 2 Shell aumentada"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Banda del explorador de Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Banda de b£squeda"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Banda multimedia"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="B£squeda en panel"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="B£squeda Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilidad de opciones del *rbol de Registro"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Direcci¢n"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Cuadro de la direcci¢n"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autocompletar de Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autocompleta MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Lista autocompleta MRU personalizada"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barra de progreso emergente"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizador de Barra de direcciones"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autocompleta de la historia de Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autocompleta de la carpeta Shell de Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Contenedor de la Lista m£ltiple de Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Men£ de sitio de bandas Shell"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barra de escritorio Shell"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Asistencia al usuario"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Configuraci¢n de carpeta global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Servicio de Historial de las direcciones URL de Microsoft"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historial"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Hook de b£squeda de direcciones URL de Microsoft"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Pantalla de bienvenida de IE4 Suite"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Banda de Explorador"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Carpeta del cach‚ de ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Carpeta de suscripciones"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Administrador de aplicaciones de Shell"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerador de aplicaciones instaladas"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extractor de vistas en miniatura de archivos GDI+"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Controlador de la informaci¢n de resumen para vistas en miniatura (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extractor de vistas en miniatura HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Asistente para la publicaci¢n en Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Pedido de impresiones v¡a web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objeto de Asistente de publicaci¢n de shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Asistente para obtener pasaporte"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Cuentas de usuario"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Archivo de canal"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Acceso directo al canal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Objeto de control de canal"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Carpeta de archivos sin conexi¢n"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personas..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Carpetas Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{239BC42B-E035-4952-9BFD-05EF6D71B029}"=""
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{B84980D5-1424-4B31-9D2A-067706C4D102}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{18CDA28B-718A-4366-839A-FD51D30418B4}"=""
"{4E9E8974-D194-4202-9DCB-5FBC4AA41ACE}"=""

************************************************** ********************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{239BC42B-E035-4952-9BFD-05EF6D71B029}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{239BC42B-E035-4952-9BFD-05EF6D71B029}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{239BC42B-E035-4952-9BFD-05EF6D71B029}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{239BC42B-E035-4952-9BFD-05EF6D71B029}\InprocServer32]
@="C:\\Windows\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B84980D5-1424-4B31-9D2A-067706C4D102}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B84980D5-1424-4B31-9D2A-067706C4D102}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B84980D5-1424-4B31-9D2A-067706C4D102}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B84980D5-1424-4B31-9D2A-067706C4D102}\InprocServer32]
@="C:\\Windows\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{18CDA28B-718A-4366-839A-FD51D30418B4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{18CDA28B-718A-4366-839A-FD51D30418B4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{18CDA28B-718A-4366-839A-FD51D30418B4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{18CDA28B-718A-4366-839A-FD51D30418B4}\InprocServer32]
@="C:\\Windows\\system32\\plchdprf.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4E9E8974-D194-4202-9DCB-5FBC4AA41ACE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4E9E8974-D194-4202-9DCB-5FBC4AA41ACE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4E9E8974-D194-4202-9DCB-5FBC4AA41ACE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4E9E8974-D194-4202-9DCB-5FBC4AA41ACE}\InprocServer32]
@="C:\\Windows\\system32\\ofbccp32.dll"
"ThreadingModel"="Apartment"

************************************************** ********************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Wed 23 Nov 2005 6:01:52p A.... 1,022,464 998.50 K
dn6201~1.dll Tue 14 Feb 2006 5:59:06p ..S.R 233,635 228.16 K
e8200i~1.dll Wed 15 Feb 2006 11:26:56a ..S.R 237,238 231.68 K
gdi32.dll Wed 28 Dec 2005 8:56:04p A.... 280,064 273.50 K
k4lq0e~1.dll Fri 10 Feb 2006 5:33:30p ..S.R 237,065 231.51 K
livesnth.dll Thu 22 Dec 2005 3:29:30p A.... 278,528 272.00 K
mshtml.dll Wed 23 Nov 2005 6:01:54p A.... 3,013,632 2.87 M
ofbccp32.dll Wed 15 Feb 2006 11:29:00a ..S.R 233,635 228.16 K
plchdprf.dll Mon 13 Feb 2006 12:06:20p ..S.R 237,238 231.68 K
pncrt.dll Tue 31 Jan 2006 5:00:22p A.... 278,528 272.00 K
pndx5016.dll Tue 31 Jan 2006 5:00:26p A.... 6,656 6.50 K
pndx5032.dll Tue 31 Jan 2006 5:00:26p A.... 5,632 5.50 K
rmoc3260.dll Tue 31 Jan 2006 5:00:48p A.... 176,167 172.04 K
s32evnt1.dll Tue 3 Jan 2006 3:31:44p A.... 91,904 89.75 K
shdocvw.dll Wed 30 Nov 2005 10:01:16p A.... 1,492,992 1.42 M
sirenacm.dll Tue 24 Jan 2006 9:34:24p A.... 118,784 116.00 K
sngen.dll Tue 14 Feb 2006 4:37:30p ..S.R 237,238 231.68 K
wrlogo~1.dll Wed 25 Jan 2006 11:06:02a A.... 492,544 481.00 K
wrlzma.dll Wed 25 Jan 2006 11:05:58a A.... 17,920 17.50 K

19 items found: 19 files (6 H/S), 0 directories.
Total of file sizes: 8,691,864 bytes 8.29 M
Locate .tmp files:

No matches found.
************************************************** ********************************
Directory Listing of system files:
El volumen de la unidad C no tiene etiqueta.
El n£mero de serie del volumen es: C0CD-D276

Directorio de C:\Windows\System32

15/02/2006 11:28 a.m. 233,635 ofbccp32.dll
15/02/2006 11:26 a.m. 237,238 e8200ifme82a0.dll
15/02/2006 08:02 a.m. <DIR> dllcache
14/02/2006 05:59 p.m. 233,635 dn6201joe.dll
14/02/2006 04:37 p.m. 237,238 sngen.dll
13/02/2006 12:06 p.m. 237,238 plchdprf.dll
10/02/2006 05:33 p.m. 237,065 k4lq0e35eh.dll
10/02/2006 02:40 p.m. 5,632 Thumbs.db
05/05/2005 10:27 a.m. 32 {E395BC96-E02E-4915-A418-063BE05B77DB}.dat
05/05/2005 10:26 a.m. 32 {DCC517DE-A58C-45EB-B26F-3218252312F1}.dat
05/05/2005 10:25 a.m. 32 {B77C646F-4DEC-4D1E-8723-4E1FD46AFD16}.dat
05/05/2005 10:24 a.m. 32 {5E3A1A61-B5BC-4F0A-BA99-5C12DBF83D69}.dat
05/05/2005 10:24 a.m. 32 {4DD62BF4-4A2C-4ADC-8DFA-8A035CB4AD4C}.dat
05/05/2005 10:24 a.m. 32 {F017112C-1579-4E79-A155-4D65D7D2B1C3}.dat
26/04/2003 07:17 a.m. <DIR> Microsoft
26/04/2003 07:17 a.m. 32 {EE5857E5-2557-41B7-9A01-56284629C32E}.dat
14 archivos 1,421,905 bytes
2 dirs 14,694,547,456 bytes libres

Bien antes de seguir este paso, te recomiendo hacer una copia de seguridad de tu sistema por si hay algún inconveniente.

Después cerrar cualquier programa que tengas abierto ya que después de realizar estos pasos se va a reiniciar el sistema.

En la carpeta de l2mfix de tu escritorio dale doble click en l2mfix.bat y selecciona la opción numero 2 (Run Fix) y dale Enter y luego cualquier tecla para que se reinicie el sistema.

Después que reinicie el Pc puede que los iconos y parte del escritorio no se vean (esto es normal). L2mfix continuará explorando el sistema y cuando termine se abre nuevamente el Notepad con un nuevo registro el cual tienes que pegarlo en este mensaje a ver como quedo la cosa junto con un nuevo log de HijackThis.

¡IMPORTANTE: NO ejecutes ninguna otra opción u otro archivo de la carpeta l2mfix hasta que te lo indique!

Reinicia un par de veces y nos cuentas como esta trabajando el sistema.

Saludos