Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spymaster Virus, Control Panel Disabled,desktop Icons Functions Disappeared


  • Please log in to reply
7 replies to this topic

#1 bcnfun

bcnfun

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 17 May 2008 - 06:16 PM

First post and yes I have a problem, the Spymaster software was accidently loaded the other day and after many pop ups and the like finally my desktop is a screen of flowers at the moment and nothing else - I access this via ctrl-alt-del as the control panel does not function.

I need help to restore some sanity to the situation. I attach the hijacklog. Can you help, even better is my spanish keyboard is adopting uk configuration, so the typing is a bit tricky.

-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:52:21, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\user\Escritorio\dss.exe
C:\ARCHIV~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Archivos de programa\syscmd\mscmp32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Archivos de programa\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [LtMoh] C:\Archivos de programa\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Telefonica] "C:\Archivos de programa\Telefonica\bin\sprtcmd.exe" /P Telefonica
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Archivos de programa\AntiSpywareMaster\asm.exe
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Archivos de programa\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Archivos de programa\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170797521452
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe

--
End of file - 8791 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 TVALZ (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalz.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Common Modules>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R3 tsdhd (TOSHIBA SD Card Host Controller Driver) - c:\windows\system32\drivers\tsdhd.sys <Not Verified; TOSHIBA Corporation; SD Card Driver Set>

S3 ATMELFVNETusb(AR)® (ATMEL FVNETusb(AR)® Service for ATMEL USB FastVNET (AR)) - c:\windows\system32\drivers\vnetusbr.sys (file missing)
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\archivos de programa\archivos comunes\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\archivos de programa\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CFSvcs (ConfigFree Service) - c:\archivos de programa\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-17 23:41:19 438 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-05-10 11:41:01 298 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-25 20:00:39 552 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Analizar el equipo - user.job


-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-18 00:52:08 0 d-------- C:\Archivos de programa\Trend Micro
2008-05-17 23:44:05 86016 --a------ C:\WINDOWS\system32\18497.exe
2008-05-15 08:13:32 0 d-------- C:\Archivos de programa\McDonaldsDragons
2008-05-15 08:06:35 0 d-------- C:\Archivos de programa\McDonaldsFairies
2008-05-15 08:05:52 0 d--hs---- C:\WINDOWS\ftpcache
2008-05-15 00:13:15 18944 --a------ C:\WINDOWS\system32\wowfx.dll
2008-05-13 19:25:49 19968 --a------ C:\WINDOWS\system32\xlibgfl254.dll
2008-05-10 14:10:30 0 d-------- C:\Archivos de programa\Enigma Software Group
2008-05-10 13:05:55 0 d-------- C:\Archivos de programa\AntiSpywareMaster
2008-05-10 12:56:05 0 d-------- C:\Archivos de programa\syscmd


-- Find3M Report ---------------------------------------------------------------

2008-05-17 23:59:04 69120 --a------ C:\Documents and Settings\user\Datos de programa\temp.dll <Not Verified; ; MsCmp1 Module>
2008-05-16 21:11:21 0 d-------- C:\Archivos de programa\Magic Vines
2008-05-16 20:50:06 94251 --a------ C:\logfile
2008-05-16 20:49:51 0 d-------- C:\Archivos de programa\Archivos comunes
2008-05-15 22:10:21 0 d-------- C:\Documents and Settings\user\Datos de programa\ultra
2008-05-13 22:23:21 0 d-------- C:\Archivos de programa\Google
2008-05-10 14:05:00 0 d-------- C:\Archivos de programa\Norton AntiVirus
2008-05-07 22:58:29 0 d-------- C:\Documents and Settings\user\Datos de programa\Adobe
2008-04-15 14:26:02 0 d-------- C:\Documents and Settings\user\Datos de programa\AdobeUM
2008-03-30 09:31:34 443182 --a------ C:\WINDOWS\system32\perfh00A.dat
2008-03-30 09:31:34 69956 --a------ C:\WINDOWS\system32\perfc00A.dat
2008-03-21 00:37:51 0 d-------- C:\Archivos de programa\Exact Audio Copy
2008-03-21 00:37:48 0 d-------- C:\Documents and Settings\user\Datos de programa\AccurateRip
2008-03-21 00:37:42 0 d-------- C:\Documents and Settings\user\Datos de programa\AD ON Multimedia
2008-03-20 23:52:00 0 d-------- C:\Archivos de programa\Windows Media Connect 2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}]
17/05/2008 23:59 69120 --a------ C:\Archivos de programa\syscmd\mscmp32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5E5C1E6-78DB-49F0-A137-8D594F342FD6}]
14/12/2007 05:44 570136 --a------ C:\Archivos de programa\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [24/09/2003 18:00]
"nwiz"="nwiz.exe" [24/09/2003 18:00 C:\WINDOWS\system32\nwiz.exe]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [23/05/2003 14:39]
"000StTHK"="000StTHK.exe" [23/06/2001 20:28 C:\WINDOWS\system32\000StTHK.exe]
"TFNF5"="TFNF5.exe" [18/07/2003 17:41 C:\WINDOWS\system32\TFNF5.exe]
"SigmaTel StacMon"="C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe" [03/08/2003 16:01]
"SynTPLpr"="C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe" [30/05/2003 19:25]
"SynTPEnh"="C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [30/05/2003 19:23]
"TouchED"="C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe" [11/03/2003 14:08]
"TPSMain"="TPSMain.exe" [02/10/2003 14:09 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" []
"LtMoh"="C:\Archivos de programa\ltmoh\Ltmoh.exe" [02/01/2003 16:16]
"AGRSMMSG"="AGRSMMSG.exe" [18/04/2003 11:20 C:\WINDOWS\agrsmmsg.exe]
"ccApp"="C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe" [12/12/2003 16:10]
"Symantec NetDriver Monitor"="C:\ARCHIV~1\SYMNET~1\SNDMon.exe" [24/03/2007 16:21]
"QuickTime Task"="C:\Archivos de programa\QuickTime\QTTask.exe" [01/02/2008 00:13]
"NDSTray.exe"="NDSTray.exe" []
"Telefonica"="C:\Archivos de programa\Telefonica\bin\sprtcmd.exe" [06/10/2005 17:44]
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"AntiSpywareMaster"="C:\Archivos de programa\AntiSpywareMaster\asm.exe" [15/05/2008 08:32]
"MRT"="C:\WINDOWS\system32\MRT.exe" [09/05/2008 23:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 16:42]
"TOSCDSPD"="C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe" [15/09/2003 16:33]
"MSMSGS"="C:\Archivos de programa\Messenger\msmsgs.exe" [13/10/2004 18:24]
"swg"="C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [13/07/2007 00:04]
"updateMgr"="C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [22/11/2004 09:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\wowfx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- Hosts -----------------------------------------------------------------------

10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net

90 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-18 00:54:30 ------------

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:57 AM

Posted 18 May 2008 - 10:44 PM

Hello bcnfun and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 bcnfun

bcnfun
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 19 May 2008 - 12:03 PM

Hello Old Timer,

Please find attached the file as requested. Having looked at the Tutorials I have used the malwarebytes anti malware to get rid (so I believe) the Antispyware master. One step forward. But my Control Panel is still locked and is asking for me to contact the Administrator. Seeing as this a home, stand alone PC, somehow I don't think so. See what you think anyway

Attached Files



#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:57 AM

Posted 19 May 2008 - 01:09 PM

Hi bcnfun. There's a few items still in there so let's take care of those. Follow the steps below in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%allusersprofile%\menú inicio\programas\inicio\.protected
%appdata%\temp.dll
%programfiles%\syscmd\mscmp32.dll
%systemroot%\system32\tmp3af01.fot
%systemroot%\system32\tmp61112.fot
%systemroot%\system32\tmpa2112.fot
%systemroot%\system32\tmpf8f01.fot
%systemroot%\system32\wowfx.dll
%userprofile%\menú inicio\programas\inicio\.protected
c:\documents and settings\all users\datos de programa\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users\datos de programa\microsoft\network\downloader\qmgr1.dat
Folders to delete:
%programfiles%\syscmd

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> AntiSpywareMaster -> %ProgramFiles%\AntiSpywareMaster\asm.exe [C:\Archivos de programa\AntiSpywareMaster\asm.exe]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
YN -> ~EmptyValue -> %AllUsersProfile%\Menú Inicio\Programas\Inicio\.pro
< user Startup Folder > -> C:\Documents and Settings\user\Menú Inicio\Programas\Inicio
YN -> ~EmptyValue -> %UserProfile%\Menú Inicio\Programas\Inicio\.pro
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> C:\WINDOWS\system32\wowfx.dll -> %SystemRoot%\system32\wowfx.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
YN -> ~EmptyValue -> 
YN -> ~EmptyValue -> 
YY ->  wowfx.dll -> %SystemRoot%\system32\wowfx.dll
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 1
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 1
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 1
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0
< HOSTS File > (3195 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
YN -> 10.18.250.4	ad.doubleclick.net -> 
YN -> 10.18.250.4	ad.fastclick.net -> 
YN -> 10.18.250.4	ads.fastclick.net -> 
YN -> 10.18.250.4	ar.atwola.com -> 
YN -> 10.18.250.4	atdmt.com -> 
YN -> 10.18.250.4	avp.ch -> 
YN -> 10.18.250.4	avp.com -> 
YN -> 10.18.250.4	avp.ru -> 
YN -> 10.18.250.4	awaps.net -> 
YN -> 10.18.250.4	banner.fastclick.net -> 
YN -> 10.18.250.4	banners.fastclick.net -> 
YN -> 10.18.250.4	ca.com -> 
YN -> 10.18.250.4	click.atdmt.com -> 
YN -> 10.18.250.4	clicks.atdmt.com -> 
YN -> 10.18.250.4	customer.symantec.com -> 
YN -> 10.18.250.4	dispatch.mcafee.com -> 
YN -> 10.18.250.4	download.mcafee.com -> 
YN -> 10.18.250.4	download.microsoft.com -> 
YN -> 10.18.250.4	downloads.microsoft.com -> 
YN -> 10.18.250.4	downloads1.kaspersky-labs.com -> 
YN -> 10.18.250.4	downloads2.kaspersky-labs.com -> 
YN -> 10.18.250.4	downloads3.kaspersky-labs.com -> 
YN -> 10.18.250.4	downloads4.kaspersky-labs.com -> 
YN -> 10.18.250.4	downloads-us1.kaspersky-labs.com -> 
YN -> 10.18.250.4	downloads-us2.kaspersky-labs.com -> 
YN -> 10.18.250.4	downloads-us3.kaspersky-labs.com -> 
YN -> 10.18.250.4	engine.awaps.net -> 
YN -> 10.18.250.4	fastclick.net -> 
YN -> 10.18.250.4	f-secure.com -> 
YN -> 10.18.250.4	ftp.avp.ch -> 
YN -> 10.18.250.4	ftp.downloads1.kaspersky-labs.com -> 
YN -> 10.18.250.4	ftp.downloads2.kaspersky-labs.com -> 
YN -> 10.18.250.4	ftp.downloads3.kaspersky-labs.com -> 
YN -> 10.18.250.4	ftp.f-secure.com -> 
YN -> 10.18.250.4	ftp.kasperskylab.ru -> 
YN -> 10.18.250.4	ftp.sophos.com -> 
YN -> 10.18.250.4	go.microsoft.com -> 
YN -> 10.18.250.4	ids.kaspersky-labs.com -> 
YN -> 10.18.250.4	kaspersky.com -> 
YN -> 10.18.250.4	kaspersky-labs.com -> 
YN -> 10.18.250.4	liveupdate.symantec.com -> 
YN -> 10.18.250.4	liveupdate.symantecliveupdate.com -> 
YN -> 10.18.250.4	mast.mcafee.com -> 
YN -> 10.18.250.4	mcafee.com -> 
YN -> 10.18.250.4	media.fastclick.net -> 
YN -> 10.18.250.4	microsoft.com -> 
YN -> 10.18.250.4	msdn.microsoft.com -> 
YN -> 10.18.250.4	my-etrust.com -> 
YN -> 10.18.250.4	nai.com -> 
YN -> 10.18.250.4	networkassociates.com -> 
YN -> 10.18.250.4	norton.com -> 
YN -> 10.18.250.4	office.microsoft.com -> 
YN -> 10.18.250.4	pandasoftware.com -> 
YN -> 10.18.250.4	phx.corporate-ir.net -> 
YN -> 10.18.250.4	rads.mcafee.com -> 
YN -> 10.18.250.4	secure.nai.com -> 
YN -> 10.18.250.4	securityresponse.symantec.com -> 
YN -> 10.18.250.4	service1.symantec.com -> 
YN -> 10.18.250.4	sophos.com -> 
YN -> 10.18.250.4	spd.atdmt.com -> 
YN -> 10.18.250.4	support.microsoft.com -> 
YN -> 10.18.250.4	symantec.com -> 
YN -> 10.18.250.4	trendmicro.com -> 
YN -> 10.18.250.4	update.symantec.com -> 
YN -> 10.18.250.4	updates.symantec.com -> 
YN -> 10.18.250.4	updates1.kaspersky-labs.com -> 
YN -> 10.18.250.4	updates2.kaspersky-labs.com -> 
YN -> 10.18.250.4	updates3.kaspersky-labs.com -> 
YN -> 10.18.250.4	updates4.kaspersky-labs.com -> 
YN -> 10.18.250.4	updates5.kaspersky-labs.com -> 
YN -> 10.18.250.4	us.mcafee.com -> 
YN -> 10.18.250.4	vil.nai.com -> 
YN -> 10.18.250.4	viruslist.com -> 
YN -> 10.18.250.4	viruslist.ru -> 
YN -> 10.18.250.4	virusscan.jotti.org -> 
YN -> 10.18.250.4	virustotal.com -> 
YN -> 10.18.250.4	windowsupdate.microsoft.com -> 
YN -> 10.18.250.4	www.avp.ch -> 
YN -> 10.18.250.4	www.avp.com -> 
YN -> 10.18.250.4	www.avp.ru -> 
YN -> 10.18.250.4	www.awaps.net -> 
YN -> 10.18.250.4	www.ca.com -> 
YN -> 10.18.250.4	www.fastclick.net -> 
YN -> 10.18.250.4	www.f-secure.com -> 
YN -> 10.18.250.4	www.grisoft.com -> 
YN -> 10.18.250.4	www.kaspersky.com -> 
YN -> 10.18.250.4	www.kaspersky.ru -> 
YN -> 10.18.250.4	www.kaspersky-labs.com -> 
YN -> 10.18.250.4	www.mcafee.com -> 
YN -> 10.18.250.4	www.microsoft.com -> 
YN -> 10.18.250.4	www.my-etrust.com -> 
YN -> 10.18.250.4	www.nai.com -> 
YN -> 10.18.250.4	www.networkassociates.com -> 
YN -> 10.18.250.4	www.pandasoftware.com -> 
YN -> 10.18.250.4	www.sophos.com -> 
YN -> 10.18.250.4	www.symantec.com -> 
YN -> 10.18.250.4	www.trendmicro.com -> 
YN -> 10.18.250.4	www.viruslist.com -> 
YN -> 10.18.250.4	www.viruslist.ru -> 
YN -> 10.18.250.4	www.virustotal.com -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\syscmd\mscmp32.dll [BhoApp Class]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe -> C:\WINDOWS\system32\winav.exe [%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\user\Datos de programa\sysdefender.exe -> C:\Documents and Settings\user\Datos de programa\sysdefender.exe [C:\Documents and Settings\user\Datos de programa\sysdefender.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\user\Datos de programa\pcpriv.exe -> C:\Documents and Settings\user\Datos de programa\pcpriv.exe [C:\Documents and Settings\user\Datos de programa\pcpriv.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\user\Datos de programa\mcrupdate.exe -> C:\Documents and Settings\user\Datos de programa\mcrupdate.exe [C:\Documents and Settings\user\Datos de programa\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -> C:\Archivos de programa\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [C:\Archivos de programa\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe -> C:\WINDOWS\system32\winav.exe [%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\user\Datos de programa\sysdefender.exe -> C:\Documents and Settings\user\Datos de programa\sysdefender.exe [C:\Documents and Settings\user\Datos de programa\sysdefender.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\user\Datos de programa\pcpriv.exe -> C:\Documents and Settings\user\Datos de programa\pcpriv.exe [C:\Documents and Settings\user\Datos de programa\pcpriv.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\user\Datos de programa\mcrupdate.exe -> C:\Documents and Settings\user\Datos de programa\mcrupdate.exe [C:\Documents and Settings\user\Datos de programa\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019]
[Files/Folders - Created Within 30 days]
NY -> tmp3AF01.FOT -> %SystemRoot%\System32\tmp3AF01.FOT
NY -> tmp61112.FOT -> %SystemRoot%\System32\tmp61112.FOT
NY -> tmpA2112.FOT -> %SystemRoot%\System32\tmpA2112.FOT
NY -> tmpF8F01.FOT -> %SystemRoot%\System32\tmpF8F01.FOT
NY -> wowfx.dll -> %SystemRoot%\System32\wowfx.dll
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> temp.dll -> %AppData%\temp.dll
NY -> .protected -> %AllUsersProfile%\Menú Inicio\Programas\Inicio\.protected
NY -> .protected -> %UserProfile%\Menú Inicio\Programas\Inicio\.protected
NY -> syscmd -> %ProgramFiles%\syscmd
[Files/Folders - Modified Within 30 days]
NY -> 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> tmp3AF01.FOT -> %SystemRoot%\System32\tmp3AF01.FOT
NY -> tmp61112.FOT -> %SystemRoot%\System32\tmp61112.FOT
NY -> tmpA2112.FOT -> %SystemRoot%\System32\tmpA2112.FOT
NY -> tmpF8F01.FOT -> %SystemRoot%\System32\tmpF8F01.FOT
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> temp.dll -> %AppData%\temp.dll
NY -> .protected -> %AllUsersProfile%\Menú Inicio\Programas\Inicio\.protected
NY -> .protected -> %UserProfile%\Menú Inicio\Programas\Inicio\.protected
[Extra Files]
%ProgramFiles%\AntiSpywareMaster\
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Now let's run an online virus scan. Both of these require Internet Explorer. Try F-Secure first. Sometimes it doesn't play nice with other system components so if it cannot complete then try the Kaspersky scan. You only need to complete one of the two.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
If the F-Secure scan did not work then try an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Just use the default settings.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here by copy/pasting them into the reply:
  • The Avenger report (c:\Avenger.txt)
  • The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
  • The online virus scan report (whichever one you ran)
Attach the following back here in the reply:
  • The new OTScanIt scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 bcnfun

bcnfun
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 20 May 2008 - 02:48 PM

Hola a nuevo. I think I attached everything as required. I used the F Secure scanner and this worked, if a bit slowly. The computer behaved itself throughout and I now have access back to my Control Panel ! Although I have yet to test it out fully. Below is the OT log file.

bcn :thumbsup:

OTScanIt logfile created on: 20/05/2008 21:22:58
OTScanIt by OldTimer - Version 1.0.14.1	 Folder = C:\Documents and Settings\user\Escritorio\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: Reino Unido | Language: ENG | Date Format: dd/MM/yyyy
 
510.92 Mb Total Physical Memory | 294.20 Mb Available Physical Memory | 57.58% Memory free
1.22 Gb Paging File | 1.01 Gb Available in Paging File | 83.17% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 74.53 Gb Total Space | 48.98 Gb Free Space | 65.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOMBRE-8Y9CYSLY
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.1.0.610 | Size = 234600 bytes | Modified Date = 12/12/2003 16:11:26 | Attr =	]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.1.0.610 | Size = 255080 bytes | Modified Date = 12/12/2003 16:10:18 | Attr =	]
00thotkey.exe -> %SystemRoot%\system32\00THotkey.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 253952 bytes | Modified Date = 23/05/2003 14:39:58 | Attr =	]
tfnf5.exe -> %SystemRoot%\system32\TFNF5.exe -> TOSHIBA Corp. [Ver = 2, 2, 0, 0 | Size = 73728 bytes | Modified Date = 18/07/2003 17:41:26 | Attr = R  ]
stacmon.exe -> %ProgramFiles%\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe -> SigmaTel Inc. [Ver = 1, 0, 0, 3 | Size = 86073 bytes | Modified Date = 03/08/2003 16:01:14 | Attr =	]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 110592 bytes | Modified Date = 30/05/2003 19:25:02 | Attr =	]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 614400 bytes | Modified Date = 30/05/2003 19:23:14 | Attr =	]
touched.exe -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 122880 bytes | Modified Date = 11/03/2003 14:08:18 | Attr =	]
tpsmain.exe -> %SystemRoot%\system32\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 1 | Size = 266240 bytes | Modified Date = 02/10/2003 14:09:36 | Attr =	]
tfncky.exe -> %ProgramFiles%\Toshiba\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.01.01 | Size = 102400 bytes | Modified Date = 18/09/2003 10:16:28 | Attr =	]
agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Modified Date = 18/04/2003 11:20:10 | Attr =	]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 2.1.0.610 | Size = 70760 bytes | Modified Date = 12/12/2003 16:10:02 | Attr =	]
qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 01/02/2008 00:13:08 | Attr =	]
ndstray.exe -> %ProgramFiles%\Toshiba\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 3, 0, 0, 101 | Size = 888832 bytes | Modified Date = 03/09/2003 19:54:50 | Attr =	]
sprtcmd.exe -> %ProgramFiles%\Telefonica\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 6,7,1035,0 | Size = 192512 bytes | Modified Date = 06/10/2005 17:44:48 | Attr =	]
tpsbattm.exe -> %SystemRoot%\system32\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 0 | Size = 40960 bytes | Modified Date = 02/10/2003 14:09:22 | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 19/02/2008 14:10:32 | Attr =	]
toscdspd.exe -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 15/09/2003 16:33:22 | Attr =	]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 13/07/2007 00:04:12 | Attr =	]
easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare Software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 19/09/2007 05:33:46 | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 18/02/2008 12:16:30 | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 16:17:08 | Attr =	]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 3, 0, 0, 12 | Size = 28672 bytes | Modified Date = 03/09/2003 22:00:18 | Attr =	]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4562 | Size = 77824 bytes | Modified Date = 24/09/2003 18:00:00 | Attr = R  ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 19/02/2008 14:10:24 | Attr =	]
otscanit.exe -> %UserProfile%\Escritorio\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.1 | Size = 372224 bytes | Modified Date = 18/05/2008 20:29:48 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 18/02/2008 12:16:30 | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 16:17:08 | Attr =	]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.1.0.610 | Size = 255080 bytes | Modified Date = 12/12/2003 16:10:18 | Attr =	]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 2.1.0.610 | Size = 87144 bytes | Modified Date = 12/12/2003 16:11:06 | Attr =	]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.1.0.610 | Size = 234600 bytes | Modified Date = 12/12/2003 16:11:26 | Attr =	]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 3, 0, 0, 12 | Size = 28672 bytes | Modified Date = 03/09/2003 22:00:18 | Attr =	]
(dmadmin) Servicio del administrador de discos lógicos [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., VERITAS Software [Ver = 2600.2180.503.0 | Size = 225792 bytes | Modified Date = 19/08/2004 16:42:44 | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 03/02/2007 00:31:27 | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 19/02/2008 14:10:24 | Attr =	]
(navapsvc) Servicio Auto-Protect de Norton AntiVirus [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\navapsvc.exe -> Symantec Corporation [Ver = 10.00.13 | Size = 158824 bytes | Modified Date = 08/12/2003 17:04:40 | Attr =	]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4562 | Size = 77824 bytes | Modified Date = 24/09/2003 18:00:00 | Attr = R  ]
(SAVScan) SAVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\SAVScan.exe -> Symantec Corporation [Ver = 9.2.1.14 | Size = 193816 bytes | Modified Date = 07/11/2003 21:46:58 | Attr =	]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBServ.exe -> Symantec Corporation [Ver = 1, 1, 1, 131 | Size = 66784 bytes | Modified Date = 24/06/2003 19:23:10 | Attr =	]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.4.4.17 | Size = 206552 bytes | Modified Date = 21/01/2005 23:32:12 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
000StTHK -> %SystemRoot%\system32\000StTHK.exe [000StTHK.exe] ->  [Ver =  | Size = 24576 bytes | Modified Date = 23/06/2001 20:28:06 | Attr =	]
00THotkey -> %SystemRoot%\system32\00THotkey.exe [C:\WINDOWS\System32\00THotkey.exe] -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 253952 bytes | Modified Date = 23/05/2003 14:39:58 | Attr =	]
AGRSMMSG -> %SystemRoot%\agrsmmsg.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Modified Date = 18/04/2003 11:20:10 | Attr =	]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 2.1.0.610 | Size = 70760 bytes | Modified Date = 12/12/2003 16:10:02 | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Archivos de programa\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 19/02/2008 14:10:32 | Attr =	]
LtMoh -> %ProgramFiles%\ltmoh\ltmoh.exe [C:\Archivos de programa\ltmoh\Ltmoh.exe] -> Agere Systems [Ver = 1.69 | Size = 172032 bytes | Modified Date = 02/01/2003 16:16:38 | Attr =	]
NDSTray.exe ->  [NDSTray.exe] -> File not found
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.4562 | Size = 4861952 bytes | Modified Date = 24/09/2003 18:00:00 | Attr = R  ]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /installquiet] -> NVIDIA Corporation [Ver = 6.14.10.4562 | Size = 323584 bytes | Modified Date = 24/09/2003 18:00:00 | Attr = R  ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 01/02/2008 00:13:08 | Attr =	]
SigmaTel StacMon -> %ProgramFiles%\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe [C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe] -> SigmaTel Inc. [Ver = 1, 0, 0, 3 | Size = 86073 bytes | Modified Date = 03/08/2003 16:01:14 | Attr =	]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe [C:\ARCHIV~1\SYMNET~1\SNDMon.exe] -> Symantec Corporation [Ver = 5.4.4.17 | Size = 95960 bytes | Modified Date = 24/03/2007 16:21:00 | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 614400 bytes | Modified Date = 30/05/2003 19:23:14 | Attr =	]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 110592 bytes | Modified Date = 30/05/2003 19:25:02 | Attr =	]
Telefonica -> %ProgramFiles%\Telefonica\bin\sprtcmd.exe ["C:\Archivos de programa\Telefonica\bin\sprtcmd.exe" /P Telefonica] -> SupportSoft, Inc. [Ver = 6,7,1035,0 | Size = 192512 bytes | Modified Date = 06/10/2005 17:44:48 | Attr =	]
TFncKy ->  [TFncKy.exe] -> File not found
TFNF5 -> %SystemRoot%\system32\TFNF5.exe [TFNF5.exe] -> TOSHIBA Corp. [Ver = 2, 2, 0, 0 | Size = 73728 bytes | Modified Date = 18/07/2003 17:41:26 | Attr = R  ]
TouchED -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe [C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe] -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 122880 bytes | Modified Date = 11/03/2003 14:08:18 | Attr =	]
TPSMain -> %SystemRoot%\system32\TPSMain.exe [TPSMain.exe] -> TOSHIBA Corporation [Ver = 1, 0, 1, 1 | Size = 266240 bytes | Modified Date = 02/10/2003 14:09:36 | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 13/07/2007 00:04:12 | Attr =	]
TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe] -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 15/09/2003 16:33:22 | Attr =	]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9] -> Adobe Systems Incorporated [Ver = 3.0.0.40 | Size = 307200 bytes | Modified Date = 22/11/2004 09:18:02 | Attr = R  ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio -> 
%AllUsersProfile%\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Reader.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 14/12/2004 05:44:06 | Attr =	]
%AllUsersProfile%\Menú Inicio\Programas\Inicio\Software Kodak EasyShare.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare Software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 19/09/2007 05:33:46 | Attr =	]
< user Startup Folder > -> C:\Documents and Settings\user\Menú Inicio\Programas\Inicio -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Controlador de CD-ROM -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 03/08/2004 23:59:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomMATbleepA_UJDA750_DVD/CDRW_______________1.51____\5&1a26c68d&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 13/10/2003 09:34:10 | Attr =	]
< HOSTS File > (355 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
::1			localhost -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 14/12/2004 02:56:50 | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2427968 bytes | Modified Date = 03/02/2007 00:31:26 | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 13/07/2007 00:04:12 | Attr =	]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NAVShExt.dll [CNavExtBho Class] -> Symantec Corporation [Ver = 10.00.13 | Size = 103528 bytes | Modified Date = 08/12/2003 17:06:56 | Attr =	]
{D5E5C1E6-78DB-49F0-A137-8D594F342FD6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll [Me.dium IE Add-on] -> Me.dium, Inc. [Ver = 2.0.3.5802dl | Size = 570136 bytes | Modified Date = 14/12/2007 05:44:30 | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2427968 bytes | Modified Date = 03/02/2007 00:31:26 | Attr = R  ]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NAVShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 10.00.13 | Size = 103528 bytes | Modified Date = 08/12/2003 17:06:56 | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2427968 bytes | Modified Date = 03/02/2007 00:31:26 | Attr = R  ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NAVShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 10.00.13 | Size = 103528 bytes | Modified Date = 08/12/2003 17:06:56 | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44}:{156C59E0-8EC8-462F-A412-F67EF09C65D8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll [Me.dium] -> Me.dium, Inc. [Ver = 2.0.3.5802dl | Size = 570136 bytes | Modified Date = 14/12/2007 05:44:30 | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{09A4A5A7-FC01-4C9E-8E94-F381F2B1E778} ->	(Adaptador de red 1394) -> 
{4BB2016B-BECF-4B9A-B738-432A95494A02} ->	(Intel(R) PRO/Wireless LAN 2100 3B Mini PCI Adapter) -> 
{58813567-142F-4B6D-8207-6C739BA6BF84} ->	(Adaptador de red 1394) -> 
{D7E82980-D89A-489C-87D5-DCC864CD8429} ->	(Intel(R) PRO/100 VE Network Connection) -> 
{F4BA4FEF-A343-44A1-B5D4-5F4232009E0D} ->	(ATMEL USB FastVNET (AR)) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 24/07/2007 16:17:08 | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170797521452[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 



[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 20/05/2008 19:33:17 | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 18/05/2008 00:49:48 | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 20/05/2008 19:43:36 | Attr =	]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys ->  [Ver =  | Size = 15864 bytes | Created Date = 18/05/2008 18:22:14 | Attr =	]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 27048 bytes | Created Date = 18/05/2008 18:22:14 | Attr =	]
MRT.INI -> %SystemRoot%\System32\MRT.INI ->  [Ver =  | Size = 118 bytes | Created Date = 16/05/2008 22:05:32 | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 18/05/2008 00:50:11 | Attr =	]
ftpcache -> %SystemRoot%\ftpcache ->  [Folder | Created Date = 15/05/2008 08:05:52 | Attr =  HS]

[Files/Folders - Modified Within 30 days]
Archivos de programa -> %ProgramFiles% ->  [Folder | Modified Date = 20/05/2008 19:39:29 | Attr = R  ]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 20/05/2008 19:33:46 | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 18/05/2008 00:49:48 | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 20/05/2008 19:43:36 | Attr =	]
logfile -> %SystemDrive%\logfile ->  [Ver =  | Size = 97595 bytes | Modified Date = 20/05/2008 19:39:42 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 20/05/2008 19:36:34 | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 20/05/2008 21:03:50 | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 355 bytes | Modified Date = 20/05/2008 21:03:51 | Attr =	]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys ->  [Ver =  | Size = 15864 bytes | Modified Date = 05/05/2008 20:46:32 | Attr =	]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 27048 bytes | Modified Date = 05/05/2008 20:46:36 | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 20/05/2008 19:43:27 | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 13/05/2008 23:32:42 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 20/05/2008 19:33:17 | Attr =	]
MRT.INI -> %SystemRoot%\System32\MRT.INI ->  [Ver =  | Size = 118 bytes | Modified Date = 16/05/2008 22:05:32 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 20/05/2008 19:39:39 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 13/05/2008 21:42:44 | Attr =  H ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 20/05/2008 19:39:24 | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 20/05/2008 19:48:49 | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 18/05/2008 00:50:11 | Attr =	]
ftpcache -> %SystemRoot%\ftpcache ->  [Folder | Modified Date = 15/05/2008 08:05:52 | Attr =  HS]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 19/05/2008 19:06:05 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 18/05/2008 18:27:04 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 13/05/2008 22:23:34 | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 20/05/2008 21:21:32 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 20/05/2008 19:39:32 | Attr =  H ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 20/05/2008 19:36:34 | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 20/05/2008 19:39:40 | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 298 bytes | Modified Date = 10/05/2008 11:41:01 | Attr =	]
Norton AntiVirus - Analizar el equipo - user.job -> %SystemRoot%\tasks\Norton AntiVirus - Analizar el equipo - user.job ->  [Ver =  | Size = 552 bytes | Modified Date = 25/04/2008 20:00:39 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 20/05/2008 19:39:27 | Attr =  H ]
Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job ->  [Ver =  | Size = 438 bytes | Modified Date = 20/05/2008 19:42:00 | Attr =	]
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader ->  [Folder | Modified Date = 20/05/2008 19:39:34 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 20/05/2008 19:39:34 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 20/05/2008 19:39:34 | Attr =	]
C:\Documents and Settings\All Users\Datos de programa\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 21/02/2007 00:45:35 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11090 bytes | Modified Date = 21/02/2007 00:46:34 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 20/05/2008 20:03:59 | Attr =	]
fsgk32.exe -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
fssm32.exe -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 20/05/2008 19:48:40 | Attr =	]
fsgk32.exe -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
fssm32.exe -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 20/05/2008 20:03:59 | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
avpproxy.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
daas_s.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 27/02/2008 15:59:28 | Attr =	]
fm4av.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
fpinor.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
fsbl.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
fsbld.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 20/05/2008 19:48:04 | Attr =	]
fsecr32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
fsmart.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 20/05/2008 19:48:30 | Attr =	]
fspe32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fssubmit.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 20/05/2008 19:48:08 | Attr =	]
fsup32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsupux32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsusscr.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14193 | Size = 884736 bytes | Modified Date = 20/05/2008 19:48:30 | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 20/05/2008 19:48:01 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 20/05/2008 19:48:40 | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
avpproxy.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
fm4av.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
fpinor.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
fsbl.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsecr32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fspe32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsup32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsupux32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 20/05/2008 19:48:30 | Attr =	]
fsmart.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 20/05/2008 19:48:30 | Attr =	]
fsusscr.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14193 | Size = 884736 bytes | Modified Date = 20/05/2008 19:48:30 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 20/05/2008 19:48:01 | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 20/05/2008 19:48:01 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 20/05/2008 19:48:08 | Attr =	]
fssubmit.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 20/05/2008 19:48:08 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 20/05/2008 19:48:04 | Attr =	]
fsblu.dll -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 20/05/2008 19:48:04 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 20/05/2008 20:03:59 | Attr =	]
ext.dat -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 20/05/2008 19:47:44 | Attr =	]
fsedb.dat -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 834338 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
perf.dat -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 20/05/2008 21:20:52 | Attr =	]
sae.dat -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 20/05/2008 19:47:44 | Attr =	]
sai.dat -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 20/05/2008 19:47:44 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 20/05/2008 19:47:44 | Attr =	]
ext.dat -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 20/05/2008 19:47:44 | Attr =	]
sae.dat -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 20/05/2008 19:47:44 | Attr =	]
sai.dat -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 20/05/2008 19:47:44 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsedb.dat -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 834338 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 20/05/2008 20:03:59 | Attr =	]
FS@av.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 20/05/2008 19:47:44 | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 20/05/2008 19:47:37 | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 20/05/2008 19:48:04 | Attr =	]
FS@corp.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 20/05/2008 19:48:30 | Attr =	]
FS@ols.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 20/05/2008 19:48:08 | Attr =	]
FS@peg.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 20/05/2008 19:48:01 | Attr =	]
verdicts.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 20/05/2008 19:47:40 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 20/05/2008 19:47:44 | Attr =	]
FS@av.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 20/05/2008 19:47:44 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\avpe\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\avpe ->  [Folder | Modified Date = 20/05/2008 19:47:44 | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 20/05/2008 19:47:37 | Attr =	]
verdicts.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 20/05/2008 19:47:40 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 20/05/2008 19:48:40 | Attr =	]
FS@corp.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 20/05/2008 19:48:40 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 20/05/2008 19:48:24 | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 20/05/2008 19:48:24 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 20/05/2008 19:48:30 | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 20/05/2008 19:48:30 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 20/05/2008 19:48:01 | Attr =	]
FS@peg.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 20/05/2008 19:48:01 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 20/05/2008 19:48:08 | Attr =	]
FS@ols.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 20/05/2008 19:48:08 | Attr =	]
C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 20/05/2008 19:48:04 | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\user\Configuración local\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 20/05/2008 19:48:04 | Attr =	]

< End of report >

Attached Files



#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:57 AM

Posted 20 May 2008 - 03:26 PM

Hi bcnfun. Everything looks good. Go ahead and run the system normally for a couple of days and then get back with me and let me know if there are any continuing issues. If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 bcnfun

bcnfun
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 20 May 2008 - 04:14 PM

Thanks for all your help OT. My colleagues thought I was mad to ask for help this way, but it seems to have worked wonders. At least now the wife can get on the internet again. Whether that is good or bad you can decide.

bcnfun

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:57 AM

Posted 20 May 2008 - 04:37 PM

I think I should refrain from comment on that one lol. :thumbsup:

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users