Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Infection - Crappy Is154343.exe (good Post This Time...)


  • This topic is locked This topic is locked
5 replies to this topic

#1 DarkLight_CyBorg

DarkLight_CyBorg

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 04 June 2008 - 12:08 PM

(Originally started as: http://www.bleepingcomputer.com/forums/ind...mp;#entry843728 , but moved away. MEA CULPA - MY FAULT.)

Hello all...

Well, this is the problem: My little Sister infected her new Vostro 1400 LapTop when she tryed to install a pirated version of "McAfee VirusScan Enterprise 8.5i".

There was a single "Setup.exe", plus instructions to "just double click it and follow the wizard..."

Well, I was watching this and, just for curiosity, I opened that "Setup.exe" file with 7-Zip, and I found another big "Setup.exe" file inside, along with a little "is154343.exe" file (93.184 Bytes in size).

When I opened the 2nd "Setup.exe" file, I realized the software was there, but encrypted ("ZipCrypto Deflate"), and so I realized my sister was fooled by some "script kiddie" (or the like), as the only possible option to install the software forces the execution of "is154343.exe".

Then, I researched a little, and found a thread in this forum about that "exe" file: http://www.bleepingcomputer.com/forums/t/149117/virtumonde/

Now well, after further research in the affected computer, I found that this parasite force the inclusion of 2 entries in the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" Registry branch. They are:
  • dpnqwtgr = rundll32.exe "C:\WinNT\system32\dpnqwtgr.dll",b
  • qslqsvax = Rundll32.exe "C:\WinNT\system32\qslqsvax.dll",s
No matter I deactivate or delete them, they regenerate automatically after reboot.

Other 2 things this parasite does, are:
  • It enforces the "Privacy" setting in "Internet" Control Panel to "Accept all Cookies" (aka: Deactivates it).
  • It installs 2 "Explorer Helper Objects" (without any further info, of course), which are named: "cbXQiJby.dll" and "nnnoPgfF.dll"
If I deactivate them, at least "cbXQiJby.dll" is automatically re-activated after reboot.

Also, there is an Explorer Extension I do not know. It is named: "Research", and it has no file asociated.
Could it be unrelated to this pest? That I really don't know.

Ah, last thing to mention: I tried to do a "System Restore" to get rid of the thing, and I did it to the only Restore Point left.
That didn't helped at all, and so I suspect the parasite removed the rest of Restore Points I had available.

+ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - +

Well now... I tried to run the Kaspersky Online Scanner, but so far the P.C. hangs with nasty pop-ups urging me to install an on-line scanner (and sh** like that) from sites like "elmejorantivirus.com" or "barraintegral.com", so no Kaspersky Log for now (maybe later).

(Yeah, I know they are spanish / latin scam sites, because the affected Windows XP System is in Spanish. And so, possibly some logs will have Spanish text, but the error codes should be the same in any language.)

Now, "Main.txt" report follows:

+ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - +

Deckard's System Scanner v20071014.68
Run by Carmilla on 2008-06-04 12:03:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
87: 2008-06-04 16:01:25 UTC - RP87 - Deckard's System Scanner Restore Point
86: 2008-06-04 15:47:09 UTC - RP86 - Operación de restauración
85: 2008-06-03 20:05:32 UTC - RP85 - Installed K-Lite Mega Codec Pack
84: 2008-06-03 05:12:26 UTC - RP84 - Last known good configuration
83: 2008-06-03 05:12:23 UTC - RP83 - Installed Timershot Powertoy for Windows XP


-- First Restore Point --
1: 2008-06-03 05:12:15 UTC - RP1 - Punto de control del sistema


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Carmilla.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:04 PM, on 04/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WinNT\System32\smss.exe
C:\WinNT\System32\winlogon.exe
C:\WinNT\system32\services.exe
C:\WinNT\system32\lsass.exe
C:\WinNT\system32\svchost.exe
C:\WinNT\System32\svchost.exe
C:\Archivos de Programa\WIDComm\BlueTooth SoftWare\bin\btwdins.exe
C:\WinNT\System32\WLTRYSVC.EXE
C:\WinNT\System32\bcmwltry.exe
C:\WinNT\system32\spoolsv.exe
C:\WinNT\Explorer.EXE
C:\WinNT\system32\ctfmon.exe
C:\Archivos De Programa\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Archivos de Programa\Dell Support Center\bin\sprtsvc.exe
C:\WINNT\system32\STacSV.exe
C:\WinNT\system32\svchost.exe
C:\WinNT\system32\fxssvc.exe
C:\WinNT\system32\wscntfy.exe
C:\Archivos de Programa\Broadcom\BACS\BacsTray.exe
C:\Archivos de Programa\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\WINNT\system32\KADxMain.exe
C:\WINNT\system32\WLTRAY.exe
C:\Archivos de Programa\SigmaTel\C-Major Audio\WDM\STSysTra.exe
C:\Archivos de Programa\Dell\QuickSet\quickset.exe
C:\Archivos de Programa\DellTPad\Apoint.exe
C:\WinNT\OEM02Mon.exe
C:\WINNT\system32\igfxsrvc.exe
C:\Archivos de Programa\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Archivos de Programa\Dell Support Center\bin\sprtcmd.exe
C:\WinNT\system32\rundll32.exe
C:\WinNT\system32\Rundll32.exe
C:\Archivos de Programa\WIDComm\BlueTooth SoftWare\BTTray.exe
C:\Archivos de Programa\DellTPad\ApMsgFwd.exe
C:\Archivos de Programa\Digital Line Detect\DLG.exe
C:\ARCHIV~1\WIDComm\BLUETO~1\BTSTAC~1.EXE
C:\Archivos de Programa\DellTPad\HidFind.exe
C:\Archivos de Programa\DellTPad\Apntex.exe
B:\AntiViruses\# INTERNAL USE ONLY\DSS.exe
C:\DOCUME~1\Carmilla\ESCRIT~1\Carmilla.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {551F573A-DCAA-423C-A4DE-B5E069241623} - C:\WinNT\system32\cbXQiJby.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de Programa\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {BD962BAB-F429-460F-805B-B137087AB623} - C:\WinNT\system32\nnnoPgfF.dll
O4 - HKLM\..\Run: [bacstray] C:\Archivos de Programa\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Archivos de Programa\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINNT\system32\KADxMain.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINNT\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Archivos de Programa\SigmaTel\C-Major Audio\WDM\STSysTra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Archivos de Programa\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Archivos de Programa\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WinNT\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Archivos de Programa\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [dscactivate] "C:\Archivos de Programa\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Archivos de Programa\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WinNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [1027d612] rundll32.exe "C:\WinNT\system32\dpnqwtgr.dll",b
O4 - HKLM\..\Run: [BM1314e58e] Rundll32.exe "C:\WinNT\system32\qslqsvax.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WinNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Archivos de Programa\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Archivos de Programa\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de Programa\WIDComm\BlueTooth SoftWare\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de Programa\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de Programa\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Datos\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de Programa\WIDComm\BlueTooth SoftWare\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de Programa\WIDComm\BlueTooth SoftWare\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WinNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WinNT\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211926117281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211926095562
O20 - Winlogon Notify: nnnoPgfF - C:\WinNT\SYSTEM32\nnnoPgfF.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Archivos de Programa\WIDComm\BlueTooth SoftWare\bin\btwdins.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Archivos De Programa\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Archivos de Programa\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINNT\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WinNT\System32\WLTRYSVC.EXE

--
End of file - 7587 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.txt - txtfile - shell\open\command - "C:\Archivos de Programa\JGsoft\EditPadLite\EditPadLite.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\winnt\system32\drivers\appdrv.sys
R3 DXEC02 - c:\winnt\system32\drivers\dxec02.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\archivos de programa\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S4 MDM (Machine Debug Manager) - "c:\archivos de programa\archivos comunes\microsoft shared\vs7debug\mdm.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-04 and 2008-06-04 -----------------------------

2008-06-03 16:35:11 0 d-------- C:\WinNT\pss
2008-06-03 16:05:34 0 d-------- C:\Archivos de Programa\K-Lite MEGA Codec Pack
2008-06-03 16:05:30 2973696 --a------ C:\Documents and Settings\Carmilla\ntuser.dat
2008-06-03 13:21:14 115200 --a------ C:\WinNT\system32\dpnqwtgr.dll
2008-06-03 13:18:14 2560 --a------ C:\WinNT\system32\mtbifeho.exe
2008-06-03 13:15:15 125952 --a------ C:\WinNT\system32\qslqsvax.dll
2008-06-03 01:12:05 372131 --ahs---- C:\WinNT\system32\ybJiQXbc.ini2
2008-06-03 01:11:58 373248 --a------ C:\WinNT\system32\cbXQiJby.dll
2008-06-03 01:06:55 57344 --a------ C:\WinNT\system32\nnnoPgfF.dll
2008-06-02 16:21:40 0 dr-h----- C:\Documents and Settings\Carmilla\Recent
2008-06-02 16:16:33 0 d-------- C:\Archivos de Programa\CCleaner
2008-06-02 16:00:58 0 d-------- C:\Archivos de Programa\Trillian
2008-06-02 15:41:34 65536 --a------ C:\WinNT\system32\NeroCo.dll im Stoeckmaedle 18
76307 Karlsbad, Germany
Fax: ++49-7248-911-888
e-mail: info@nero.com; Nero Burning Rom>
2008-06-02 15:41:16 0 d-------- C:\WinNT\system32\NtmsData
2008-06-02 15:37:57 364544 -----n--- C:\WinNT\system32\TwnLib4.dll
2008-06-02 15:37:57 106496 --a------ C:\WinNT\system32\TwnLib20.dll
2008-06-02 15:37:55 155648 --a------ C:\WinNT\system32\NeroCheck.exe
2008-06-02 15:37:55 471040 -----n--- C:\WinNT\system32\ImagXRA7.dll
2008-06-02 15:37:55 262144 -----n--- C:\WinNT\system32\ImagXR7.dll
2008-06-02 15:37:55 1568768 -----n--- C:\WinNT\system32\ImagX7.dll
2008-06-02 15:37:55 0 d-------- C:\Archivos de Programa\Archivos comunes\Ahead
2008-06-02 15:37:55 0 d-------- C:\Archivos de Programa\Ahead
2008-06-02 14:34:24 0 d-------- C:\WinNT\Downloaded Installations
2008-06-02 14:23:59 0 d-------- C:\Archivos de Programa\Archivos comunes\NSV
2008-06-02 12:21:00 0 d-------- C:\WinNT\RegisteredPackages
2008-06-02 12:12:56 0 d-------- C:\Archivos de Programa\WinAmp
2008-06-02 03:11:04 0 d-------- C:\Archivos de Programa\Beyond Compare 2
2008-06-02 02:48:20 0 d-------- C:\Archivos de Programa\QT Lite
2008-06-02 01:03:47 0 d-------- C:\Archivos de Programa\Dell Support Center
2008-06-02 01:03:46 0 d-------- C:\Archivos de Programa\Archivos comunes\supportsoft
2008-05-31 22:07:11 0 d-------- C:\Archivos de Programa\Microsoft CAPICOM 2.1.0.2
2008-05-31 21:28:36 0 d-------- C:\Archivos de Programa\MSECache
2008-05-31 20:56:58 0 d-------- C:\Archivos de Programa\Microsoft Works
2008-05-31 20:56:40 0 d-------- C:\Archivos de Programa\MSBuild
2008-05-31 20:55:56 0 d-------- C:\Archivos de Programa\Microsoft.NET
2008-05-31 20:53:14 0 d--h----- C:\IDE
2008-05-31 20:53:08 0 d-------- C:\Archivos de Programa\Microsoft Visual Studio 8
2008-05-31 20:52:38 0 d-------- C:\WinNT\SHELLNEW
2008-05-31 20:51:50 0 dr-h----- C:\MSOCache
2008-05-31 19:00:14 0 d-------- C:\Archivos de Programa\WS_FTP
2008-05-31 18:52:43 0 d-------- C:\Archivos de Programa\FoxIt Reader
2008-05-31 18:33:05 0 d-------- C:\WinNT\system32\Adobe
2008-05-31 18:15:44 0 d-------- C:\Archivos de Programa\Java
2008-05-31 18:15:40 0 d-------- C:\Archivos de Programa\Archivos comunes\Java
2008-05-31 17:23:19 0 --a------ C:\WinNT\nsreg.dat
2008-05-31 17:17:14 0 d-------- C:\Documents and Settings\Carmilla\Application Data
2008-05-31 17:17:14 0 d-------- C:\Documents and Settings\Carmilla\Application Data\SSH
2008-05-31 17:16:23 0 d-------- C:\Archivos de Programa\SSH Communications Security
2008-05-31 17:15:07 0 d-------- C:\Archivos de Programa\Josh Madison
2008-05-30 12:40:59 0 d-------- C:\Archivos de Programa\7-Zip
2008-05-29 17:09:40 0 d-------- C:\Documents and Settings\Carmilla\Bluetooth Software
2008-05-29 15:53:38 0 d-------- C:\Archivos de Programa\WIDComm
2008-05-29 15:46:55 0 d-------- C:\Archivos de Programa\WIDComm(3)
2008-05-29 15:40:45 0 d-------- C:\Archivos de Programa\WIDComm(2)
2008-05-29 14:23:49 0 d-------- C:\Archivos de Programa\SyncToy
2008-05-29 14:17:31 0 d-------- C:\Archivos de Programa\Pro Imaging Powertoys
2008-05-29 14:17:31 0 d-------- C:\Archivos de Programa\Archivos comunes\Nikon
2008-05-29 14:14:52 0 d-------- C:\Archivos de Programa\Microsoft Calculator Plus
2008-05-29 14:11:16 1172 --a------ C:\WinNT\system32\unins000.dat
2008-05-29 14:11:06 0 d-------- C:\Archivos de Programa\WallpaperToy
2008-05-28 16:31:11 0 dr-hs---- C:\CmdCons
2008-05-28 16:31:06 0 d-------- C:\WinNT\setup.pss
2008-05-28 16:30:15 0 d-------- C:\WinNT\setupupd
2008-05-28 16:27:54 0 d-------- C:\Archivos de Programa\Support Tools
2008-05-28 16:26:55 0 d-------- C:\Archivos de Programa\Application Compatibility Toolkit
2008-05-28 15:17:08 0 d-------- C:\Zip
2008-05-28 15:17:08 0 d-------- C:\Bin
2008-05-28 14:22:27 34064 -ra------ C:\WinNT\system32\WRKill.exe
2008-05-28 14:22:27 16896 -ra------ C:\WinNT\system32\WinExit.scr
2008-05-28 14:22:27 20752 -ra------ C:\WinNT\system32\VDesk.exe
2008-05-28 14:22:27 9216 -ra------ C:\WinNT\system32\TopHook.dll
2008-05-28 14:22:27 100864 -ra------ C:\WinNT\system32\TopDesk.exe
2008-05-28 14:22:27 148240 -ra------ C:\WinNT\system32\TimeServ.exe
2008-05-28 14:22:27 13312 -ra------ C:\WinNT\system32\TimeServ.dll
2008-05-28 14:22:27 57104 -ra------ C:\WinNT\system32\SU.exe
2008-05-28 14:22:27 12288 -ra------ C:\WinNT\system32\RKill.exe
2008-05-28 14:22:27 24336 -ra------ C:\WinNT\system32\QuickRes.exe
2008-05-28 14:22:27 16384 -ra------ C:\WinNT\system32\ProcMon.exe
2008-05-28 14:22:27 94480 -ra------ C:\WinNT\system32\NetClip.exe
2008-05-28 14:22:27 107280 -ra------ C:\WinNT\system32\ImagEdit.exe
2008-05-28 14:22:27 61200 -ra------ C:\WinNT\system32\GUtils.dll
2008-05-28 14:22:27 441344 -ra------ C:\WinNT\system32\DeskTops.exe
2008-05-28 14:22:27 57344 -ra------ C:\WinNT\system32\AniEdit.exe
2008-05-28 14:22:27 742912 -ra------ C:\WinNT\3DPaint.exe
2008-05-28 14:20:35 25992 --a------ C:\WinNT\system32\pgdfgsvc.exe
2008-05-28 14:20:12 0 d-------- C:\Archivos de Programa\System Internals
2008-05-27 18:14:19 0 d-------- C:\WinNT\system32\PreInstall
2008-05-27 18:09:38 0 d-------- C:\WinNT\system32\SoftwareDistribution
2008-05-27 18:06:33 0 d--hs---- C:\Documents and Settings\Carmilla\UserData
2008-05-27 18:01:46 0 d--h----- C:\WinNT\system32\GroupPolicy
2008-05-27 17:37:00 0 d-------- C:\Archivos de Programa\JGsoft
2008-05-27 15:51:21 0 d-------- C:\WinNT\system32\URTTemp
2008-05-27 15:23:55 76 -r-hs---- C:\WinNT\CT4CET.bin
2008-05-27 15:23:17 0 d-------- C:\Archivos de Programa\Archivos comunes\Reallusion
2008-05-27 15:22:38 0 d-------- C:\Archivos de Programa\Creative Live! Cam
2008-05-27 15:22:13 0 d-------- C:\Archivos de Programa\Creative
2008-05-27 14:32:08 0 d-------- C:\Archivos de Programa\DellTPad
2008-05-26 17:57:44 0 d-------- C:\Archivos de Programa\Modem Diagnostic Tool
2008-05-26 17:56:03 0 d-------- C:\Archivos de Programa\Digital Line Detect
2008-05-26 17:45:40 16128 --a------ C:\WinNT\system32\drivers\APPDRV.SYS
2008-05-26 17:33:26 666 --a------ C:\WinNT\speed.reg
2008-05-26 17:24:05 0 d-------- C:\Archivos de Programa\Conexant
2008-05-26 17:08:34 806912 --a------ C:\WinNT\system32\BCMLogon.dll
2008-05-26 17:08:33 24064 --a------ C:\WinNT\system32\WLTRYSVC.EXE
2008-05-26 17:08:33 2183168 --a------ C:\WinNT\system32\WLTRAY.EXE
2008-05-26 17:08:33 2670592 --a------ C:\WinNT\system32\WLBCGCBPRO731.DLL
2008-05-26 17:08:33 2682880 --a------ C:\WinNT\system32\vcredist_x86.exe
2008-05-26 17:08:33 416 --a------ C:\WinNT\system32\vcredist_x86.bat
2008-05-26 17:08:33 139264 --a------ C:\WinNT\system32\preflib.dll
2008-05-26 17:08:33 33664 --a------ C:\WinNT\system32\drivers\BCMWLNPF.SYS
2008-05-26 17:08:33 278528 --a------ C:\WinNT\system32\bcmwlu00.exe
2008-05-26 17:08:33 1921024 --a------ C:\WinNT\system32\BCMWLTRY.EXE
2008-05-26 17:08:33 69632 --a------ C:\WinNT\system32\bcmwlpkt.dll
2008-05-26 17:08:33 753664 --a------ C:\WinNT\system32\bcm1xsup.dll
2008-05-26 16:06:10 0 d-------- C:\Archivos de Programa\SigmaTel
2008-05-26 15:56:57 0 d-------- C:\Archivos de Programa\Archivos comunes\InstallShield
2008-05-26 12:40:37 0 d-------- C:\WinNT\system32\Lang
2008-05-26 12:26:11 0 d-------- C:\WinNT\system32\vmm32
2008-05-26 12:26:11 0 d-------- C:\Archivos de Programa\Dell
2008-05-26 12:21:06 0 d-------- C:\WinNT\system32\ESP
2008-05-26 12:19:27 0 d--h----- C:\Archivos de Programa\InstallShield Installation Information
2008-05-26 11:40:17 0 d-------- C:\WinNT\system32\ReinstallBackups
2008-05-26 11:40:14 53248 --a------ C:\WinNT\system32\CSVer.dll
2008-05-26 11:40:14 0 d-------- C:\Archivos de Programa\Intel
2008-05-26 01:59:04 0 d------c- C:\WinNT\system32\DRVSTORE
2008-05-26 01:59:03 0 d-------- C:\Archivos de Programa\BroadCom
2008-05-25 23:40:57 0 d------c- C:\Logs
2008-05-25 23:25:16 0 d-------- C:\WinNT\system32\FxsTmp
2008-05-25 23:16:40 0 d-------- C:\WinNT\system32\appmgmt
2008-05-25 23:14:06 0 d-------- C:\Datos
2008-05-23 17:55:48 0 dr-h----- C:\Documents and Settings\Carmilla\SendTo
2008-05-23 17:55:48 0 d--h----- C:\Documents and Settings\Carmilla\Plantillas
2008-05-23 17:55:48 0 dr------- C:\Documents and Settings\Carmilla\Mis documentos
2008-05-23 17:55:48 0 dr------- C:\Documents and Settings\Carmilla\Menú Inicio
2008-05-23 17:55:48 0 d--h----- C:\Documents and Settings\Carmilla\Impresoras
2008-05-23 17:55:48 0 dr------- C:\Documents and Settings\Carmilla\Favoritos
2008-05-23 17:55:48 0 d-------- C:\Documents and Settings\Carmilla\Escritorio
2008-05-23 17:55:48 0 d--h----- C:\Documents and Settings\Carmilla\Entorno de red
2008-05-23 17:55:48 0 dr-h----- C:\Documents and Settings\Carmilla\Datos de programa
2008-05-23 17:55:48 0 d--hs---- C:\Documents and Settings\Carmilla\Cookies
2008-05-23 17:55:48 0 d--h----- C:\Documents and Settings\Carmilla\Configuración local
2008-05-23 17:55:19 0 d-------- C:\WinNT\SoftwareDistribution
2008-05-23 17:55:17 0 d---s---- C:\WinNT\system32\Microsoft
2008-05-23 17:55:17 0 d-------- C:\WinNT\Prefetch
2008-05-23 17:51:23 0 d-------- C:\WinNT\system32\xircom
2008-05-23 17:51:23 0 d-------- C:\Archivos de Programa\microsoft frontpage
2008-05-23 17:51:03 0 d-------- C:\Tmp
2008-05-23 17:50:24 0 dr------- C:\WinNT\Offline Web Pages
2008-05-23 17:50:24 0 d---s---- C:\WinNT\Downloaded Program Files
2008-05-23 17:50:15 0 d--h----- C:\Archivos de Programa\WindowsUpdate
2008-05-23 17:50:00 0 d-------- C:\WinNT\system32\DirectX
2008-05-23 17:49:37 0 d---s---- C:\WinNT\Tasks
2008-05-23 17:49:37 0 d-------- C:\Archivos de Programa\Archivos comunes\MSSoap
2008-05-23 17:49:33 0 d-------- C:\WinNT\srchasst
2008-05-23 17:49:32 0 d-------- C:\WinNT\system32\Macromed
2008-05-23 17:49:23 0 d-------- C:\Archivos de Programa\Movie Maker
2008-05-23 17:49:00 0 d-------- C:\WinNT\system32\Restore
2008-05-23 17:48:26 21900 --a------ C:\WinNT\system32\emptyregdb.dat
2008-05-23 17:48:23 0 d-------- C:\WinNT\Registration
2008-05-23 17:48:13 0 d-------- C:\Archivos de Programa\MSN Gaming Zone
2008-05-23 17:47:59 0 d-------- C:\WinNT\Cursores
2008-05-23 17:47:46 0 d-------- C:\Archivos de Programa\Windows NT
2008-05-23 17:47:42 0 d-------- C:\WinNT\system32\MsDtc
2008-05-23 17:47:39 0 d-------- C:\WinNT\system32\Com
2008-05-23 13:33:52 0 d-------- C:\WINNT
2008-05-23 13:33:52 0 d-------- C:\WinNT\WinSxS
2008-05-23 13:33:52 0 dr------- C:\WinNT\Web
2008-05-23 13:33:52 0 d-------- C:\WinNT\twain_32
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\wins
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\wbem
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\usmt
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\spool
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\ShellExt
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\Setup
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\ras
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\oobe
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\npp
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\mui
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\inetsrv
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\IME
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\icsxml
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\ias
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\export
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\es-es
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\es
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\drivers
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\drivers\etc
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\drivers\disdn
2008-05-23 13:33:52 0 dr-hs--c- C:\WinNT\system32\dllcache
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\dhcp
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\config
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\3com_dmi
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\3082
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\3076
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\2052
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\1054
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\1042
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\1041
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\1037
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\1033
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\1031
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\1028
2008-05-23 13:33:52 0 d-------- C:\WinNT\system32\1025
2008-05-23 13:33:52 0 d-------- C:\WinNT\system
2008-05-23 13:33:52 0 d-------- C:\WinNT\security
2008-05-23 13:33:52 0 d-------- C:\WinNT\Resources
2008-05-23 13:33:52 0 d-------- C:\WinNT\repair
2008-05-23 13:33:52 0 d-------- C:\WinNT\Provisioning
2008-05-23 13:33:52 0 d-------- C:\WinNT\PeerNet
2008-05-23 13:33:52 0 d-------- C:\WinNT\pchealth
2008-05-23 13:33:52 0 d-------- C:\WinNT\NLDRV
2008-05-23 13:33:52 0 d-------- C:\WinNT\Network Diagnostic
2008-05-23 13:33:52 0 d-------- C:\WinNT\mui
2008-05-23 13:33:52 0 d-------- C:\WinNT\msapps
2008-05-23 13:33:52 0 d-------- C:\WinNT\msagent
2008-05-23 13:33:52 0 d-------- C:\WinNT\Media
2008-05-23 13:33:52 0 d-------- C:\WinNT\L2Schemas
2008-05-23 13:33:52 0 d-------- C:\WinNT\java
2008-05-23 13:33:52 0 d--h----- C:\WinNT\inf
2008-05-23 13:33:52 0 d-------- C:\WinNT\ime
2008-05-23 13:33:52 0 d-------- C:\WinNT\Help
2008-05-23 13:33:52 0 dr--s---- C:\WinNT\Fonts
2008-05-23 13:33:52 0 d-------- C:\WinNT\ehome
2008-05-23 13:33:52 0 d-------- C:\WinNT\Driver Cache
2008-05-23 13:33:52 0 d-------- C:\WinNT\Debug
2008-05-23 13:33:52 0 d-------- C:\WinNT\Cursors
2008-05-23 13:33:52 0 d-------- C:\WinNT\Config
2008-05-23 13:33:52 0 d-------- C:\WinNT\AppPatch
2008-05-23 13:33:52 0 d-------- C:\WinNT\addins
2008-05-23 12:40:15 0 d--hs---- C:\WinNT\Installer
2008-05-23 12:40:15 0 d-------- C:\Archivos de Programa\Archivos comunes\ODBC
2008-05-23 12:40:11 0 d-------- C:\Archivos de Programa\Archivos comunes\SpeechEngines
2008-05-23 12:39:35 0 d-------- C:\WinNT\system32\CatRoot2
2008-05-23 12:39:35 0 d-------- C:\WinNT\system32\CatRoot
2008-05-23 12:39:13 0 dr------- C:\Archivos de Programa
2008-05-23 12:39:13 0 d-------- C:\Archivos de Programa\Archivos comunes
2008-05-23 12:39:06 0 d-------- C:\Documents and Settings
2008-05-23 12:39:05 0 d--hs---- C:\System Volume Information
2008-05-13 17:03:33 1572352 --a------ C:\WinNT\system32\sfcfiles.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-04 11:53:40 464770 --a------ C:\WinNT\system32\perfh00A.dat
2008-06-04 11:53:40 82590 --a------ C:\WinNT\system32\perfc00A.dat
2008-06-02 13:46:53 0 d-------- C:\Documents and Settings\Carmilla\Datos de programa\WinAmp
2008-06-02 03:22:26 0 d-------- C:\Documents and Settings\Carmilla\Datos de programa\Media Player Classic
2008-06-02 03:12:26 0 d-------- C:\Documents and Settings\Carmilla\Datos de programa\Scooter Software
2008-05-31 19:42:39 0 d-------- C:\Documents and Settings\Carmilla\Datos de programa\Macromedia
2008-05-31 19:42:39 0 d-------- C:\Documents and Settings\Carmilla\Datos de programa\Adobe
2008-05-31 18:14:42 0 d-------- C:\Documents and Settings\Carmilla\Datos de programa\Sun
2008-05-31 17:23:26 0 d-------- C:\Documents and Settings\Carmilla\Datos de programa\Talkback
2008-05-31 17:23:17 0 d-------- C:\Documents and Settings\Carmilla\Datos de programa\Mozilla
2008-05-27 17:37:08 0 d-------- C:\Documents and Settings\Carmilla\Datos de programa\JGsoft
2008-05-27 15:31:04 0 d-------- C:\Documents and Settings\Carmilla\Datos de programa\Creative
2008-05-27 15:29:50 0 d-------- C:\Documents and Settings\Carmilla\Datos de programa\tmp
2008-05-27 15:29:50 0 d-------- C:\Documents and Settings\Carmilla\Datos de programa\Reallusion
2008-05-26 17:46:19 0 d-------- C:\Documents and Settings\Carmilla\Datos de programa\Dell
2008-05-26 12:19:26 0 d-------- C:\Documents and Settings\Carmilla\Datos de programa\InstallShield
2008-05-23 12:39:47 62 --ahs---- C:\Documents and Settings\Carmilla\Datos de programa\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{551F573A-DCAA-423C-A4DE-B5E069241623}]
03/06/2008 01:12 AM 373248 --a------ C:\WinNT\system32\cbXQiJby.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD962BAB-F429-460F-805B-B137087AB623}]
03/06/2008 01:06 AM 57344 --a------ C:\WinNT\system32\nnnoPgfF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bacstray"="C:\Archivos de Programa\Broadcom\BACS\BacsTray.exe" [14/01/2007 11:42 AM]
"IAAnotif"="C:\Archivos de Programa\Intel\Intel Matrix Storage Manager\iaanotif.exe" [07/05/2008 05:41 PM]
"IgfxTray"="C:\WINNT\system32\igfxtray.exe" [17/03/2008 08:05 AM]
"HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [17/03/2008 08:05 AM]
"Persistence"="C:\WINNT\system32\igfxpers.exe" [17/03/2008 08:05 AM]
"KADxMain"="C:\WINNT\system32\KADxMain.exe" [02/11/2006 02:05 PM]
"Broadcom Wireless Manager UI"="C:\WINNT\system32\WLTRAY.exe" [09/10/2007 07:17 PM]
"SigmatelSysTrayApp"="C:\Archivos de Programa\SigmaTel\C-Major Audio\WDM\STSysTra.exe" [10/05/2007 10:22 AM]
"Dell QuickSet"="C:\Archivos de Programa\Dell\QuickSet\quickset.exe" [22/02/2008 12:43 PM]
"Apoint"="C:\Archivos de Programa\DellTPad\Apoint.exe" [02/07/2007 01:29 PM]
"OEM02Mon.exe"="C:\WinNT\OEM02Mon.exe" [10/05/2007 01:01 AM]
"DELL Webcam Manager"="C:\Archivos de Programa\Dell\Dell Webcam Manager\DellWMgr.exe" [27/07/2007 04:43 PM]
"dscactivate"="C:\Archivos de Programa\Dell Support Center\gs_agent\custom\dsca.exe" [13/02/2008 07:21 PM]
"DellSupportCenter"="C:\Archivos de Programa\Dell Support Center\bin\sprtcmd.exe" [13/02/2008 07:21 PM]
"NeroFilterCheck"="C:\WinNT\system32\NeroCheck.exe" [12/01/2006 04:40 PM]
"1027d612"="C:\WinNT\system32\dpnqwtgr.dll" [03/06/2008 01:21 PM]
"BM1314e58e"="C:\WinNT\system32\qslqsvax.dll" [03/06/2008 01:15 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WinNT\system32\ctfmon.exe" [14/04/2008 06:48 AM]
"DellSupportCenter"="C:\Archivos de Programa\Dell Support Center\bin\sprtcmd.exe" [13/02/2008 07:21 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
BTTray.lnk - C:\Archivos de Programa\WIDComm\BlueTooth SoftWare\BTTray.exe [17/05/2007 15:43:18]
Digital Line Detect.lnk - C:\Archivos de Programa\Digital Line Detect\DLG.exe [26/05/2008 17:56:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BD962BAB-F429-460F-805B-B137087AB623}"= C:\WinNT\system32\nnnoPgfF.dll [03/06/2008 01:06 AM 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WinNT\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoPgfF]
nnnoPgfF.dll 03/06/2008 01:06 AM 57344 C:\WINNT\system32\nnnoPgfF.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WinNT\system32\cbXQiJby

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-04 12:06:40 ------------

+ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - +

Now, "Extra.txt" report follows:

+ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - +

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: Spanish

CPU 0: Intel® Core™2 Duo CPU T5470 @ 1.60GHz
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 2038.11 MiB / 1580.32 MiB
Pagefile Memory (total/avail): 3930.06 MiB / 3596.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1870.14 MiB

B: is Network (NTFS)
C: is Fixed (NTFS) - 90 GiB total, 82.02 GiB free.
E: is CDROM (No Media)
N: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1646GSX - 149.05 GiB - 4 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Sistema de archivos instalables - 90 GiB - C:
\PARTITION2 - Extendido con Inter. 13 extendida - 59 GiB



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Carmilla\Datos de programa
CLIENTNAME=Console
CommonProgramFiles=C:\Archivos de Programa\Archivos comunes
COMPUTERNAME=CARMILLA-XP
ComSpec=C:\WinNT\System32\Cmd.exe
FP_No_Host_Check=No
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Carmilla
LOGONSERVER=\\CARMILLA-XP
Number_of_Processors=2
OS=Windows_NT
Path=C:\WinNT\System32;C:\WinNT;C:\WinNT\System32\WBEM;C:\Bin\32;C:\Bin;C:\Zip\32;C:\Zip;C:\Archivos de Programa\Support Tools;C:\Archiv~1\SSHCom~1\SSHSec~1
PathExt=.com;.exe;.bat;.cmd;.vbs;.vbe;.js;.jse;.wsf;.wsh;.msc
Processor_Architecture=x86
Processor_Identifier=x86 Family 6 Model 15 Stepping 13, GenuineIntel
Processor_Level=6
Processor_Revision=0f0d
ProgramFiles=C:\Archivos de Programa
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WinNT
Temp=C:\Tmp
Tmp=C:\Tmp
USERDOMAIN=CARMILLA-XP
USERNAME=Carmilla
USERPROFILE=C:\Documents and Settings\Carmilla
WinDir=C:\WinNT


-- User Profiles ---------------------------------------------------------------

Carmilla (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6B72A18C-47EE-472C-B909-6C6432156722}
--> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de Programa\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0xa
--> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de Programa\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0xa
--> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de Programa\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0xa
--> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de Programa\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0xa
--> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de Programa\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0xa
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0C0A-0000-0000000FF1CE} /uninstall {2CC8520D-6A74-4CCA-9539-8E774E2B50D1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0C0A-0000-0000000FF1CE} /uninstall {2CC8520D-6A74-4CCA-9539-8E774E2B50D1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0C0A-0000-0000000FF1CE} /uninstall {2CC8520D-6A74-4CCA-9539-8E774E2B50D1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0C0A-0000-0000000FF1CE} /uninstall {2CC8520D-6A74-4CCA-9539-8E774E2B50D1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0C0A-0000-0000000FF1CE} /uninstall {2CC8520D-6A74-4CCA-9539-8E774E2B50D1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0C0A-0000-0000000FF1CE} /uninstall {2CC8520D-6A74-4CCA-9539-8E774E2B50D1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0403-0000-0000000FF1CE} /uninstall {A5B6B786-2D6F-4B75-940F-42B32D01D146}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {669EB263-0AFE-4FCB-A068-DB082CA6273C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0C0A-0000-0000000FF1CE} /uninstall {2CC8520D-6A74-4CCA-9539-8E774E2B50D1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0C0A-0000-0000000FF1CE} /uninstall {35B14BD6-6042-4A55-B326-58309DC8C72A}
3D Windows XP Screen Saver --> rundll32.exe setupapi.dll,InstallHinfSection UninstallInstall 132 C:\WinNT\system32\3D Windows XP.inf
7-Zip 4.57 --> "C:\Archivos de Programa\7-Zip\Uninstall.exe"
Actualización de seguridad para Windows XP (KB923789) --> C:\WINNT\system32\MacroMed\Flash\genuinst.exe C:\WINNT\system32\MacroMed\Flash\KB923789.inf
Adobe Flash Player ActiveX --> C:\WinNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WinNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11 --> C:\WinNT\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WinNT\system32\Adobe\SHOCKW~1\Install.log
Advanced Audio FX Engine --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de Programa\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0xa /remove
Advanced Video FX Engine --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de Programa\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0xa /remove
Application Compatibility Toolkit --> MsiExec.exe /X{B4CF72FF-4A3F-44A7-BFF2-31A8E1CC70B6}
Beyond Compare Version 2.5.2 --> "C:\Archivos de Programa\Beyond Compare 2\unins000.exe"
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Broadcom Management Programs --> MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
CCleaner (remove only) --> "C:\Archivos de Programa\CCleaner\uninst.exe"
ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
CmdHere Powertoy For Windows XP --> MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007 --> MsiExec.exe /X{90120000-00B2-0C0A-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem --> C:\Archivos de Programa\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
Dell Resource CD --> MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad --> C:\Archivos de Programa\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de Programa\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0xa /remove
Dell Webcam Manager --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de Programa\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0xa /remove
Digital Line Detect --> C:\Archivos de Programa\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe -runfromtemp -l0x000a -removeonly
Foxit Reader --> C:\Archivos de Programa\FoxIt Reader\Uninstall.exe
Herramienta de diagnóstico del módem --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Herramienta para eliminar datos ocultos --> MsiExec.exe /X{90F80C0A-6000-11D3-8CFE-0150048383C9}
HTML Slideshow Powertoy for Windows XP --> MsiExec.exe /I{4E475FD4-4513-4B1D-8DDA-43912B068C99}
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel® Graphics Media Accelerator Driver --> C:\WINNT\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager --> C:\WinNT\system32\imsmudlg.exe -uninstall
IntelliSonic Speech Enhancement --> MsiExec.exe /X{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Just Great Software EditPad Lite 6.4.1 --> C:\WINNT\UnDeploy.exe "C:\Archivos de Programa\JGsoft\EditPadLite\Deploy.log"
Laptop Integrated Webcam Driver (1.04.01.1011) --> C:\WinNT\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x040A
Live! Cam Avatar --> C:\Archivos de Programa\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x000a -removeonly /remove
Live! Cam Avatar Creator --> C:\Archivos de Programa\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x000a -removeonly /remove
Magnifier Powertoy for Windows XP --> MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9}
Microsoft Calculator Plus --> MsiExec.exe /I{9F646557-87A6-4F2D-AB8C-97FE036888C0}
Microsoft Color Control Panel Applet for Windows XP --> MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}
Microsoft Office Access MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0015-0C0A-0000-0000000FF1CE}
Microsoft Office Converter Pack --> MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office Excel MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0016-0C0A-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0044-0C0A-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001A-0C0A-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0018-0C0A-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Archivos de Programa\Archivos comunes\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Basque) 2007 --> MsiExec.exe /X{90120000-001F-042D-0000-0000000FF1CE}
Microsoft Office Proof (Catalan) 2007 --> MsiExec.exe /X{90120000-001F-0403-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Galician) 2007 --> MsiExec.exe /X{90120000-001F-0456-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Spanish) 2007 --> MsiExec.exe /X{90120000-002C-0C0A-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0019-0C0A-0000-0000000FF1CE}
Microsoft Office Shared MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-006E-0C0A-0000-0000000FF1CE}
Microsoft Office Word MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001B-0C0A-0000-0000000FF1CE}
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50) --> MsiExec.exe /X{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Archivos de Programa\Mozilla FireFox\uninstall\helper.exe
Nero 6 Ultra Edition --> C:\Archivos de Programa\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero BurnRights --> C:\WinNT\UNNeroBurnRights.exe /UNINSTALL
QT Lite 2.5.1 --> "C:\Archivos de Programa\QT Lite\unins000.exe"
QuickSet --> C:\Archivos de Programa\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x000a APPDRVNT4 -removeonly
RICOH R5C83x/84x Media Driver x86 Ver.3.34.03 --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de Programa\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0xa anything
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
SigmaTel Audio --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de Programa\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0xa -remove -removeonly
Slideshow Generator Powertoy for Windows XP --> MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}
SSH Secure Shell --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de Programa\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
SyncToy --> MsiExec.exe /I{B5688129-7595-4E5B-9990-CEF981A31264}
Tarjeta de red inalámbrica WLAN de Dell --> "C:\Archivos de Programa\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Archivos de Programa\Dell\Dell Wireless WLAN Card"
Timershot Powertoy for Windows XP --> MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}
Trillian --> C:\Archivos de Programa\Trillian\trillian.exe /uninstall
Tweak UI --> "C:\WinNT\system32\mshta.exe" "res://C:\WinNT\system32\TweakUI.exe/uninstall.hta"
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Virtual Desktop Manager Powertoy for Windows XP --> MsiExec.exe /I{F251B999-08A9-4704-999C-9962F0DFD88E}
Wallpaper Changer for Windows XP --> C:\WinNT\walltoyUninst.exe UNINSTALL
WIDCOMM Bluetooth Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Winamp --> "C:\Archivos de Programa\WinAmp\UninstWA.exe"
Windows Support Tools --> MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}
Windows XP Creativity Fun Packs - Windows XP Power Toys --> MsiExec.exe /X{485E6526-EA98-4F04-925A-67424D12E1E2}
Windows XP Video Screensaver Powertoy --> C:\WinNT\system32\unins000.exe
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
WinZip Command Line Support Add-On 2.3 --> C:\Archivos de Programa\WinZip\wzuninst.exe wzcline C:\Archivos de Programa\WinZip\wzclun.dll


-- Application Event Log -------------------------------------------------------

Event Record #/Type697 / Warning
Event Submitted/Written: 05/31/2008 08:57:00 PM
Event ID/Source: 63 / WinMgmt
Event Description:
Un proveedor, OffProv12, se ha registrado en el espacio de nombres de, Root\MSAPPS12, para usar la cuenta LocalSystem. Esta cuenta tiene privilegios y el proveedor puede originar una violación de seguridad si no personifica correctamente las solicitudes de usuarios.

Event Record #/Type619 / Error
Event Submitted/Written: 05/29/2008 05:08:28 PM
Event ID/Source: 1004 / Application Error
Event Description:
Aplicación con errores: logonui.exe, versión: 6.0.2900.5512, módulo con error: unknown, versión 0.0.0.0, dirección de error 0x00650063.
Error al crear el PEAP-TLV resultado, en respuesta al PEAP-TLV recibido (logonui.exe!ld!)

Event Record #/Type618 / Error
Event Submitted/Written: 05/29/2008 05:06:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplicación con errores: logonui.exe, versión: 6.0.2900.5512, módulo con error: unknown, versión 0.0.0.0, dirección de error 0x00650063.
Procesando suceso específico de medio para [logonui.exe!ws!]

Event Record #/Type584 / Warning
Event Submitted/Written: 05/29/2008 03:55:45 PM
Event ID/Source: 32066 / Microsoft Fax
Event Description:
Al menos uno de los dispositivos en el grupo de enrutamiento de salida no es válido.
Nombre del grupo: ""

Event Record #/Type526 / Error
Event Submitted/Written: 05/29/2008 02:18:31 PM
Event ID/Source: 11722 / MsiInstaller
Event Description:
Product: Microsoft Photo Info -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action _D318D14F_26F8_4A0E_ACD0_D1E78C8DD5F2, location: C:\WinNT\Installer\MSI34.tmp, command: /quiet



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1790 / Warning
Event Submitted/Written: 06/04/2008 11:49:35 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Su equipo ha configurado automáticamente la dirección IP de la
tarjeta de red con la dirección de red 001C23FE782C. La dirección IP utilizada es 146.155.24.105.

Event Record #/Type1784 / Error
Event Submitted/Written: 06/04/2008 11:47:12 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
El controlador de inicialización siguiente no se cargó correctamente:
AFD
APPDRV
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Event Record #/Type1783 / Error
Event Submitted/Written: 06/04/2008 11:47:12 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
El servicio Servicios IPSEC depende del servicio Controlador IPSEC, el cual no pudo iniciarse debido al siguiente error:
%%31

Event Record #/Type1782 / Error
Event Submitted/Written: 06/04/2008 11:47:12 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
El servicio Ayuda de NetBIOS sobre TCP/IP depende del servicio AFD, el cual no pudo iniciarse debido al siguiente error:
%%31

Event Record #/Type1781 / Error
Event Submitted/Written: 06/04/2008 11:47:12 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
El servicio Cliente DNS depende del servicio Controlador de protocolo TCP/IP, el cual no pudo iniciarse debido al siguiente error:
%%31



-- End of Deckard's System Scanner: finished at 2008-06-04 12:06:40 ------------

+ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - +

Please, Help Me out of this. I know you can ;-)

Thanks A LOT !!!

BC AdBot (Login to Remove)

 


#2 DarkLight_CyBorg

DarkLight_CyBorg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 04 June 2008 - 01:07 PM

Ah, one thing more:

Do you like / want / need me to provide a copy of the "Is154343.exe" file?

I can upload or send it wherever you want.

#3 DarkLight_CyBorg

DarkLight_CyBorg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 04 June 2008 - 02:43 PM

Hello again...

... Now I have Kaspersky Online Scan log files: Memory Scan.txt and File Scan.txt. Posting now:

+ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - +

Memory Scan.txt:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 04, 2008 2:07:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/06/2008
Kaspersky Anti-Virus database records: 828960
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Memory:

Scan Statistics:
Total number of scanned objects: 2393
Number of viruses found: 2
Number of infected objects: 59
Number of suspicious objects: 0
Duration of the scan process: 00:00:29

Infected Object Name / Virus Name / Last Action
[0] [System Process] => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[0] [System Process] => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[1044] winlogon.exe => C:\WinNT\System32\nnnoPgfF.dll Infected: Trojan-Downloader.Win32.Agent.pvz skipped
[1100] lsass.exe => C:\WinNT\system32\cbXQiJby.dll Infected: Trojan.Win32.Monder.gen skipped
[3344] wscntfy.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[3344] wscntfy.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3432] ctfmon.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[3432] ctfmon.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3564] BacsTray.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3564] BacsTray.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[3572] IAAnotif.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3572] IAAnotif.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[3588] igfxtray.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3588] igfxtray.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[3596] hkcmd.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3596] hkcmd.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[3604] igfxpers.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3604] igfxpers.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[3612] KADxMain.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[3612] KADxMain.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3620] WLTRAY.EXE => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3620] WLTRAY.EXE => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[3732] stsystra.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3732] stsystra.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[3740] quickset.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3740] quickset.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[3748] Apoint.exe => C:\WinNT\system32\nnnoPgfF.dll Infected: Trojan-Downloader.Win32.Agent.pvz skipped
[3748] Apoint.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[3748] Apoint.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3756] OEM02Mon.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3756] OEM02Mon.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[3764] DellWMgr.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[3764] DellWMgr.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3828] sprtcmd.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3828] sprtcmd.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[624] BTTray.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[624] BTTray.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[708] DLG.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[708] DLG.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[872] ApMsgFwd.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[872] ApMsgFwd.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[1528] ApntEx.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[1528] ApntEx.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[1636] hidfind.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[1636] hidfind.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[2428] BTStackServer.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[2428] BTStackServer.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[3320] EditPadLite.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3320] EditPadLite.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[2216] explorer.exe => C:\WinNT\system32\cbXQiJby.dll Infected: Trojan.Win32.Monder.gen skipped
[2216] explorer.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[2216] explorer.exe => C:\WinNT\system32\nnnoPgfF.dll Infected: Trojan-Downloader.Win32.Agent.pvz skipped
[2216] explorer.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[940] rundll32.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[940] rundll32.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[3676] iexplore.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
[3676] iexplore.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[2544] rundll32.exe => C:\WinNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
[2544] rundll32.exe => C:\WinNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped

Scan process completed.

+ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - +

File Scan.txt:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 04, 2008 3:25:04 PM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/06/2008
Kaspersky Anti-Virus database records: 828960
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
E:\
N:\

Scan Statistics:
Total number of scanned objects: 32265
Number of viruses found: 4
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 00:23:40

Infected Object Name / Virus Name / Last Action
C:\Bin\32\NC.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
C:\Bin\32\PSKill.exe Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Carmilla\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Carmilla\Configuración local\Archivos temporales de Internet\Content.IE5\N8YFM6FH\kb516107[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Carmilla\Configuración local\Archivos temporales de Internet\Content.IE5\S7VDCTI8\kb456456[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Carmilla\Configuración local\Datos de programa\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Carmilla\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Carmilla\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Carmilla\Configuración local\Datos de programa\SupportSoft\DellSupportCenter\Carmilla\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Carmilla\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Carmilla\Configuración local\Historial\History.IE5\MSHist012008060420080605\index.dat Object is locked skipped
C:\Documents and Settings\Carmilla\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Carmilla\ntuser.dat Object is locked skipped
C:\Documents and Settings\Carmilla\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped
C:\Logs\PFireWall.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4D5ADB29-DA0D-4D18-9539-76FCEC81FECE}\RP84\A0006245.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4D5ADB29-DA0D-4D18-9539-76FCEC81FECE}\RP86\A0006316.dll Infected: Trojan-Downloader.Win32.Agent.pvz skipped
C:\System Volume Information\_restore{4D5ADB29-DA0D-4D18-9539-76FCEC81FECE}\RP86\A0006323.dll Infected: Trojan-Downloader.Win32.Agent.pvz skipped
C:\System Volume Information\_restore{4D5ADB29-DA0D-4D18-9539-76FCEC81FECE}\RP87\change.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\CatRoot2\edb.log Object is locked skipped
C:\WINNT\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINNT\system32\cbXQiJby.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\Internet.evt Object is locked skipped
C:\WINNT\system32\config\ODiag.evt Object is locked skipped
C:\WINNT\system32\config\OSession.evt Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\system.LOG Object is locked skipped
C:\WINNT\system32\dpnqwtgr.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINNT\system32\h323log.txt Object is locked skipped
C:\WINNT\system32\nnnoPgfF.dll Infected: Trojan-Downloader.Win32.Agent.pvz skipped
C:\WINNT\system32\porjbekn.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINNT\system32\qslqsvax.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINNT\system32\wnqpbwmb.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINNT\wiadebug.log Object is locked skipped
C:\WINNT\wiaservc.log Object is locked skipped

Scan process completed.

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:34 AM

Posted 05 June 2008 - 03:59 PM

Hello DarkLight_CyBorg and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 DarkLight_CyBorg

DarkLight_CyBorg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 09 June 2008 - 06:00 PM

Sorry for the delay, and thank you verymuch for your replay, OldTimer.

I don't know if it's just bad luck or what, but past friday the whole hard disk FRIED ITSELF, with a little fume.

Dell will be sending a replacement (new) Hard Disk by tomorrow or past-tomorrow, so please forget about this and close this thread.

... Geez... 'Guess I'l be installing WinXP next weekend.

Thank you for your time and support. I'm sure this will not be the last time I'll need your valuable help. See ya...

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:34 AM

Posted 09 June 2008 - 06:16 PM

Ahhh, that sucks DarkLight_CyBorg. But now you will have a new, clean one :)

I will now close this topic. If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users