1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

How do I delete trojanSPM/LX???

Discussion in 'Virus & Other Malware Removal' started by Protoss, Jul 13, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Protoss

    Protoss Thread Starter

    Joined:
    Jul 13, 2006
    Messages:
    14
    A lot of antispyware software are installing in my computer!
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)

    I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread".
    It gets too confusing trying to address two different people's problem in the same thread and you may get overlooked.

    Please continue in this thread.
     
  3. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download HJTsetup.exe.
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  4. Protoss

    Protoss Thread Starter

    Joined:
    Jul 13, 2006
    Messages:
    14
    Thanks!! Sorry, it's my first time here...
    :)
    Logfile of HijackThis v1.99.1
    Scan saved at 0:42:15, on 14/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE
    C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe
    C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\TBMon.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
    C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
    C:\Archivos de programa\Winamp\winampa.exe
    C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
    C:\Archivos de programa\iTunes\iTunesHelper.exe
    C:\Archivos de programa\QuickTime\qttask.exe
    C:\ARCHIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Archivos de programa\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\Spyware Doctor\swdoctor.exe
    C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
    C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
    C:\Archivos de programa\Network Associates\VirusScan\Mcshield.exe
    C:\ARCHIV~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    C:\Archivos de programa\Network Associates\VirusScan\VsTskMgr.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Archivos de programa\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Archivos de programa\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\Network Associates\VirusScan\mcconsol.exe
    C:\WINDOWS\explorer.exe
    C:\Archivos de programa\MSN Messenger\msnmsgr.exe
    C:\Archivos de programa\Opera\Opera.exe
    C:\Archivos de programa\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Archivos de programa\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Archivos de programa\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Archivos de programa\MyWebSearch\bar\2.bin\MWSBAR.DLL
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARCHIV~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SetRefresh] C:\Archivos de programa\COMPAQ\SetRefresh\\SetRefresh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
    O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\ARCHIV~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARCHIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Archivos de programa\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Free Download Manager] C:\Archivos de programa\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARCHIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Archivos de programa\Spyware Doctor\swdoctor.exe" /Q
    O4 - Startup: Webshots.lnk = C:\Archivos de programa\Webshots\Launcher.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Hot Flash - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\ARCHIV~1\HOTFLA~1\save.htm
    O9 - Extra 'Tools' menuitem: &Search SWF Files - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\ARCHIV~1\HOTFLA~1\save.htm
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (file missing)
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Archivos de programa\Spyware Doctor\sdhelp.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
     
  5. Protoss

    Protoss Thread Starter

    Joined:
    Jul 13, 2006
    Messages:
    14
    bump!
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download Webroot SpySweeper.

    (It's a 2 week trial.)

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  7. Protoss

    Protoss Thread Starter

    Joined:
    Jul 13, 2006
    Messages:
    14
    Do I have to check then "System Restore Folder"?
     
  8. Protoss

    Protoss Thread Starter

    Joined:
    Jul 13, 2006
    Messages:
    14
    23:31: Removal process completed. Elapsed time 00:00:02
    23:31: Quarantining All Traces: atlas dmt cookie
    23:31: Removal process initiated
    23:28: Traces Found: 1
    23:28: Full Sweep has completed. Elapsed time 00:41:33
    23:28: File Sweep Complete, Elapsed Time: 00:37:35
    23:20: Warning: Stream read error
    23:19: Warning: Stream read error
    23:15: Warning: Failed to access drive E:
    23:15: Warning: Failed to access drive D:
    23:14: Warning: Failed to open file "c:\documents and settings\pc\configuración local\datos de programa\microsoft\messenger\[email protected]\sharingmetadata\pending.dat". La operación se ha completado correctamente
    23:14: Warning: Failed to open file "c:\documents and settings\pc\configuración local\datos de programa\microsoft\messenger\[email protected]\sharingmetadata\infected.dat". La operación se ha completado correctamente
    23:14: Warning: Failed to open file "c:\documents and settings\pc\configuración local\datos de programa\microsoft\messenger\[email protected]\sharingmetadata\working\database_c658_4f83_584f_70eb\$db_clean$". La operación se ha completado correctamente
    23:14: Warning: Failed to open file "c:\documents and settings\pc\datos de programa\opera\opera\profile\cache4\opr0133u.gif". La operación se ha completado correctamente
    23:14: Warning: Failed to open file "c:\documents and settings\pc\datos de programa\opera\opera\profile\cache4\opr0133t.gif". La operación se ha completado correctamente
    23:14: Warning: Failed to open file "c:\documents and settings\pc\datos de programa\opera\opera\profile\cache4\opr0133q.gif". La operación se ha completado correctamente
    23:13: Warning: Failed to open file "c:\documents and settings\pc\cookies\[email protected][1].txt". La operación se ha completado correctamente
    22:51: Starting File Sweep
    22:51: Warning: Failed to access drive A:
    22:51: Cookie Sweep Complete, Elapsed Time: 00:00:00
    22:51: c:\documents and settings\pc\cookies\[email protected][1].txt (ID = 2253)
    22:51: Found Spy Cookie: atlas dmt cookie
    22:51: Starting Cookie Sweep
    22:51: Registry Sweep Complete, Elapsed Time:00:00:28
    22:50: Starting Registry Sweep
    22:50: Memory Sweep Complete, Elapsed Time: 00:03:17
    22:47: Starting Memory Sweep
    22:47: Sweep initiated using definitions version 719
    22:47: Spy Sweeper 5.0.5.1286 started
    22:47: | Start of Session, viernes, 14 de julio de 2006 |
    ********
    22:47: | End of Session, viernes, 14 de julio de 2006 |
    22:46: Your spyware definitions have been updated.
    Operation: File Access
    Target:
    Source: C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\MCSHIELD.EXE
    22:46: Tamper Detection
    22:37: BHO Shield: found: -- BHO installation allowed at user request
    22:37: BHO Shield: found: -- BHO installation denied at user request
    22:37: BHO Shield: found: -- BHO installation denied at user request
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    22:34: Shield States
    22:34: Spyware Definitions: 691
    22:34: Spy Sweeper 5.0.5.1286 started
    22:34: Spy Sweeper 5.0.5.1286 started
    22:34: | Start of Session, viernes, 14 de julio de 2006 |
    ********
     
  9. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please post a new Hijack This log.
     
  10. Protoss

    Protoss Thread Starter

    Joined:
    Jul 13, 2006
    Messages:
    14
    Logfile of HijackThis v1.99.1
    Scan saved at 21:36:43, on 17/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
    C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe
    C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
    C:\Archivos de programa\Winamp\winampa.exe
    C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
    C:\Archivos de programa\iTunes\iTunesHelper.exe
    C:\Archivos de programa\QuickTime\qttask.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE
    C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\iPod\bin\iPodService.exe
    C:\Archivos de programa\Windows Media Player\wmplayer.exe
    C:\Archivos de programa\Opera\Opera.exe
    C:\Archivos de programa\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll (file missing)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SetRefresh] "C:\Archivos de programa\COMPAQ\SetRefresh\\SetRefresh.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [EPSON Stylus C42 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE" /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
    O4 - HKLM\..\Run: [Ink Monitor] "C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\PC\CONFIG~1\Temp\DELDIR0.EXE" "C:\Archivos de programa\McAfee\McAfee Shared Components\Central"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Free Download Manager] C:\Archivos de programa\Free Download Manager\fdm.exe -autorun
    O4 - Startup: Webshots.lnk = C:\Archivos de programa\Webshots\Launcher.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Hot Flash - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\ARCHIV~1\HOTFLA~1\save.htm
    O9 - Extra 'Tools' menuitem: &Search SWF Files - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\ARCHIV~1\HOTFLA~1\save.htm
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (file missing)
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll (file missing)

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZCfox000


    Reboot, post a new log
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/483062

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice