Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log Please Help


  • Please log in to reply
15 replies to this topic

#1 flash110

flash110

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 28 September 2008 - 11:31 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:18:18 a.m., on 28/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\pctspk.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\sistray.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\mmc.exe
C:\Archivos de programa\Windows Defender\MsMpEng.exe
C:\Archivos de programa\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Archivos de programa\WinRAR\WinRAR.exe
C:\hjth\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [BMf7c81aab] Rundll32.exe "C:\WINDOWS\system32\wceqcvpl.dll",s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1182747246522
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1182737792120
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{808223DD-8414-4F43-B4FC-366E82E67CFA}: NameServer = 200.69.193.2 200.69.193.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe

--
End of file - 5405 bytes

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:10 PM

Posted 28 September 2008 - 11:38 AM

Hello flash110

Welcome to BleepingComputer :thumbsup:
========================
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      Rootkit Search -Yes
      Drivers -Non Microsoft
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 flash110

flash110
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 28 September 2008 - 03:11 PM

OTScanIt logfile created on: 28/09/2008 04:52:18 p.m.

OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Documents and Settings\Francisco\Escritorio\OTScanIt

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

 

223,48 Mb Total Physical Memory | 51,09 Mb Available Physical Memory | 22,86% Memory free

737,50 Mb Paging File | 553,14 Mb Available in Paging File | 75,00% Paging File free

Paging file location(s): C:\pagefile.sys 528 1056;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa

Drive C: | 37,26 Gb Total Space | 0,41 Gb Free Space | 1,11% Space Free | Partition Type: NTFS

Drive D: | 37,26 Gb Total Space | 2,50 Gb Free Space | 6,71% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 7,46 Gb Total Space | 3,70 Gb Free Space | 49,65% Space Free | Partition Type: FAT32

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: POLZ

Current User Name: Francisco

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On



[Processes - Non-Microsoft Only]

pctspk.exe -> %SystemRoot%\system32\pctspk.exe ->  [Ver = 1, 0, 0, 1 | Size = 176128 bytes | Modified Date = 06/01/2003 09:40:02 p.m. | Attr =	]



[Win32 Services - Non-Microsoft Only]

(dmadmin) Servicio del administrador de discos lógicos [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., VERITAS Software [Ver = 2600.2180.503.0 | Size = 225792 bytes | Modified Date = 19/08/2004 10:42:44 a.m. | Attr =	]

(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> Macromedia [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 25/06/2007 07:35:16 p.m. | Attr =	]



[Driver Services - Non-Microsoft Only]

(alcan5ln) SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\alcan5ln.sys -> THOMSON [Ver = 301.0.0.12 | Size = 36256 bytes | Modified Date = 08/12/2003 11:53:50 a.m. | Attr =	]

(alcaudsl) SpeedTouch ADSL Modem ATM Transport [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\alcaudsl.sys -> THOMSON [Ver = 301.0.0.12 | Size = 70688 bytes | Modified Date = 08/12/2003 11:53:46 a.m. | Attr =	]

(cmuda) C-Media WDM Audio Interface [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\cmuda.sys -> C-Media Inc [Ver = 5.12.01.0051.3 (73) | Size = 1373120 bytes | Modified Date = 09/06/2006 10:58:22 p.m. | Attr =	]

(nod32drv) nod32drv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\nod32drv.sys ->  [Ver =  | Size = 15424 bytes | Modified Date = 25/06/2007 05:10:57 a.m. | Attr =	]

(Ptserial) W2K Pctel Serial Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptserial.sys -> PCTEL, INC. [Ver = 7.54.07 | Size = 132700 bytes | Modified Date = 14/01/2003 11:15:36 p.m. | Attr =	]

(SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sisnic.sys -> SiS Corporation [Ver = 1.16.00.00 built by: WinDDK | Size = 32256 bytes | Modified Date = 10/07/2002 12:39:34 p.m. | Attr = R  ]

(Vcs) Vcs support [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Vcs.sys ->  [Ver =  | Size = 6852 bytes | Modified Date = 15/04/2003 06:07:26 p.m. | Attr =	]

(Vmodem) W2k Vmodem [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\vmodem.sys -> PCTEL, INC. [Ver = 7.60.10A | Size = 697629 bytes | Modified Date = 14/01/2003 11:14:44 p.m. | Attr =	]

(Vpctcom) W2k Vpctcom [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\vpctcom.sys -> PCtel, Inc. [Ver = 2.40-9K | Size = 551883 bytes | Modified Date = 14/01/2003 11:13:48 p.m. | Attr =	]

(Vvoice) W2k Vvoice [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\vvoice.sys -> PCtel, Inc. [Ver = 3.53.00 | Size = 65343 bytes | Modified Date = 14/01/2003 11:15:06 p.m. | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

BMf7c81aab -> %SystemRoot%\system32\wceqcvpl.dll [Rundll32.exe "C:\WINDOWS\system32\wceqcvpl.dll",s] ->  [Ver =  | Size = 105984 bytes | Modified Date = 28/09/2008 03:17:07 a.m. | Attr =	]

Cmaudio ->  [RunDll32 cmicnfg.cpl,CMICtrlWnd] -> File not found

KernelFaultCheck ->  [%systemroot%\system32\dumprep 0 -k] -> File not found

nod32kui -> %ProgramFiles%\ESET\nod32kui.exe ["C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE] -> Eset  [Ver = 2, 70, 39  | Size = 949376 bytes | Modified Date = 25/06/2007 05:10:57 a.m. | Attr =	]

PCTVOICE -> %SystemRoot%\system32\pctspk.exe [pctspk.exe] ->  [Ver = 1, 0, 0, 1 | Size = 176128 bytes | Modified Date = 06/01/2003 09:40:02 p.m. | Attr =	]

SiS KHooker -> %SystemRoot%\system32\khooker.exe [C:\WINDOWS\system32\khooker.exe] -> File not found

SiSPower -> %SystemRoot%\system32\SiSPower.dll [Rundll32.exe SiSPower.dll,ModeAgent] -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3730 | Size = 49152 bytes | Modified Date = 09/03/2006 03:04:42 a.m. | Attr =	]

SiSUSBRG -> %SystemRoot%\SiSUSBrg.exe [C:\WINDOWS\SiSUSBrg.exe] -> Silicon Integrated Systems Corp. [Ver = 1, 0, 0, 1 | Size = 106496 bytes | Modified Date = 12/07/2002 07:15:12 a.m. | Attr =	]

SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe ["C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:35 a.m. | Attr =	]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio -> 

%AllUsersProfile%\Menú Inicio\Programas\Inicio\Utility Tray.lnk -> %SystemRoot%\system32\sistray.exe -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3730 | Size = 262144 bytes | Modified Date = 09/03/2006 03:03:56 a.m. | Attr =	]

< Francisco Startup Folder > -> C:\Documents and Settings\Francisco\Menú Inicio\Programas\Inicio -> 

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

{DFFA99DF-4AAD-4663-B1C7-C92AD8111BCB} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\khfDtSkI.dll [] ->  [Ver =  | Size = 39936 bytes | Modified Date = 24/09/2008 05:43:36 p.m. | Attr =	]

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1035776 bytes | Modified Date = 13/06/2007 10:22:28 a.m. | Attr =	]

*MultiFile Done* -> -> 

*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 

C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25088 bytes | Modified Date = 19/08/2004 10:43:14 a.m. | Attr =	]

*MultiFile Done* -> -> 

*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 

logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 515584 bytes | Modified Date = 19/08/2004 10:42:54 a.m. | Attr =	]

*MultiFile Done* -> -> 

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 

rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8502272 bytes | Modified Date = 25/10/2007 01:43:27 p.m. | Attr =	]

Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 302592 bytes | Modified Date = 19/08/2004 10:43:22 a.m. | Attr =	]

*MultiFile Done* -> -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

khfDtSkI -> %SystemRoot%\system32\khfDtSkI.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 24/09/2008 05:43:36 p.m. | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMFUprogramsList -> 1 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoUserNameInStartMenu -> 1 -> 

Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 

< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->

*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 

SCSI miniport ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Controlador de CD-ROM -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 03/08/2004 05:59:54 p.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 

*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 

NEC	 MBR-7	->  -> File not found

NEC	 MBR-7.4  ->  -> File not found

PIONEER CHANGR DRM-1804X ->  -> File not found

PIONEER CD-ROM DRM-6324X ->  -> File not found

PIONEER CD-ROM DRM-624X  ->  -> File not found

TORiSAN CD-ROM CDR_C36 ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 

< Drives with AutoRun files > ->  -> 

AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 24/06/2007 06:22:28 p.m. | Attr =	]

< HOSTS File > (792 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

127.0.0.1	   localhost

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> 

HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 10:28:40 a.m. | Attr =	]

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 

1 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 10:28:40 a.m. | Attr =	]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Aplicación auxiliar de vínculos de Adobe PDF Reader] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 11:08:42 p.m. | Attr =	]

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 85 | Size = 976424 bytes | Modified Date = 08/06/2007 03:18:00 p.m. | Attr =	]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 07:09:42 p.m. | Attr =	]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:33 a.m. | Attr =	]

{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 01/05/2008 02:18:57 a.m. | Attr =	]

{DFFA99DF-4AAD-4663-B1C7-C92AD8111BCB} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\khfDtSkI.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 39936 bytes | Modified Date = 24/09/2008 05:43:36 p.m. | Attr =	]

{FC389212-4CE3-4841-A904-14C12F890AB7} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nnnoMGXN.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 253952 bytes | Modified Date = 25/09/2008 05:52:07 p.m. | Attr =	]

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 10:28:40 a.m. | Attr =	]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{147D6308-0614-4112-89B1-31402F9B82C4} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 10:28:40 a.m. | Attr =	]

WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Consola de Sun Java] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 a.m. | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Consola de Sun Java] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:33 a.m. | Attr =	]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 07:09:42 p.m. | Attr =	]

{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 85 | Size = 976424 bytes | Modified Date = 08/06/2007 03:18:00 p.m. | Attr =	]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Consola de Sun Java] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 a.m. | Attr =	]

CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 07:09:42 p.m. | Attr =	]

CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 85 | Size = 976424 bytes | Modified Date = 08/06/2007 03:18:00 p.m. | Attr =	]

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

Download with GetRight -> %ProgramFiles%\GetRight\GRDownload.htm ->  [Ver =  | Size = 638 bytes | Modified Date = 11/12/2001 02:49:46 p.m. | Attr =	]

Open with GetRight Browser -> %ProgramFiles%\GetRight\GRBrowse.htm ->  [Ver =  | Size = 638 bytes | Modified Date = 11/12/2001 02:49:38 p.m. | Attr =	]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 

SV1 ->  -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{19028EFD-56C2-4B7E-BAD6-ED68452256C8} ->	(SiS 900 PCI Fast Ethernet Adapter) -> 

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 25/06/2007 05:10:58 a.m. | Attr =	]

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 1 | Size = 1828440 bytes | Modified Date = 08/06/2007 03:18:00 p.m. | Attr = R  ]

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{05317530-B882-449D-9421-18D94FA3ED34}[HKEY_LOCAL_MACHINE] -> http://www.sis.com/ocis/OSInfo.cab[OSInfo Control] -> 

{16095503-786F-4097-AED6-5D567A26D760}[HKEY_LOCAL_MACHINE] -> http://www.sis.com/ocis/SiSAutodetectNT.cab[SiS_OCX Control] -> 

{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab[MSN Photo Upload Tool] -> 

{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182747246522[WUWebControl Class] -> 

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182737792120[MUWebControl Class] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab[Java Plug-in 1.6.0_03] -> 

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 

< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 19/08/2004 10:42:18 a.m. | Attr =	]

C:\WINDOWS\system32\nnnoMGXN -> %SystemRoot%\system32\nnnoMGXN.dll ->  [Ver =  | Size = 253952 bytes | Modified Date = 25/09/2008 05:52:07 p.m. | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 02:50:46 p.m. | Attr =	]

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 19/08/2004 10:42:18 a.m. | Attr =	]

schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 11:22:37 a.m. | Attr =	]

wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 24/03/2006 01:37:56 a.m. | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 592 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 184832 bytes | Modified Date = 19/08/2004 10:42:24 a.m. | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119808 bytes | Modified Date = 19/08/2004 10:42:20 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 02 41 39 10 B0 A8 3E 7C B1 A6 91 E6 24 D5 30 55 34 62 38 61 64 30 64 65 00 FD 07 00 61 0F 00 00 34 FA 07 00 56 82 47 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 07 E2 96 33 D9 1A 8A AC 6E D6 F0 4B  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> BE 31 25 7D 5A D5 F4 58 05  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 52 AC 29 DB DB 38  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 24/08/2001 07:00:00 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 0F 02 91 BA BA AC 59 E0 F3 28 67 9A 88 68 D8 70  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 80 B9 13 E3 B1 B6 C7 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 31 92 4E F2 85 C4 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 6C EA 56 F2 85 C4 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 99 1B 58 F2 85 C4 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Ofrece servicios de traducción de direcciones, direccionamiento, resolución de nombres y/o servicios de prevención de intrusión para una red doméstica o de pequeña empresa. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Firewall de Windows/Conexión compartida a Internet (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 19/08/2004 10:43:12 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 4454 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 332288 bytes | Modified Date = 19/08/2004 10:42:14 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142848 bytes | Modified Date = 19/08/2004 10:43:10 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 09:44:50 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Archivos de programa\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:55:06 p.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Archivos de programa\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 04:10:02 p.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142848 bytes | Modified Date = 19/08/2004 10:43:10 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mmc.exe -> %SystemRoot%\system32\mmc.exe [C:\WINDOWS\system32\mmc.exe:*:Disabled:Consola de administración de Microsoft] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 816128 bytes | Modified Date = 19/08/2004 10:42:54 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 09:44:50 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:55:06 p.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 04:10:02 p.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\mIRC\mirc.exe -> %SystemDrive%\Program Files\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> mIRC Co. Ltd. [Ver = 6.17 | Size = 2023424 bytes | Modified Date = 25/06/2007 10:50:23 p.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\eMule\emule.exe -> %ProgramFiles%\eMule\emule.exe [C:\Archivos de programa\eMule\emule.exe:*:Enabled:eMule] -> http://www.emule-project.net [Ver = 0.48.0 Unicode | Size = 5308416 bytes | Modified Date = 13/05/2007 11:57:46 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Archivos de programa\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath ] -> Skype Technologies S.A. [Ver = 3.2.0.163 | Size = 23233576 bytes | Modified Date = 08/06/2007 03:18:00 p.m. | Attr = R  ]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpvsetup.exe -> %SystemRoot%\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 83456 bytes | Modified Date = 19/08/2004 10:42:44 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Flickr Uploadr\Flickr Uploadr.exe -> %ProgramFiles%\Flickr Uploadr\Flickr Uploadr.exe [C:\Archivos de programa\Flickr Uploadr\Flickr Uploadr.exe:*:Enabled:Flickr Uploadr] -> Yahoo! Inc. [Ver = 2.5.0.15 | Size = 1351168 bytes | Modified Date = 07/06/2007 11:26:52 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Azureus\Azureus.exe -> %ProgramFiles%\Azureus\Azureus.exe [C:\Archivos de programa\Azureus\Azureus.exe:*:Enabled:Azureus] -> Azureus Inc [Ver = 3.0.0.0 | Size = 254976 bytes | Modified Date = 10/04/2008 02:31:33 p.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\VideoLAN\VLC\vlc.exe -> %ProgramFiles%\VideoLAN\VLC\vlc.exe [C:\Archivos de programa\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player] ->  [Ver =  | Size = 96256 bytes | Modified Date = 17/06/2007 07:14:36 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 30/08/2007 05:43:18 p.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Archivos de programa\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 30/08/2007 05:43:18 p.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Archivos de programa\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 19/08/2004 10:42:50 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 19/08/2004 10:43:12 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Actualizaciones automáticas -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Habilita la descarga e instalación de actualizaciones de Windows. Si el servicio está deshabilitado, este equipo no podrá usar la característica Actualizaciones automáticas ni el sitio Web de Windows Update. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 19/08/2004 10:42:34 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Habilita usuarios remotos para que modifiquen la configuración del Registro en este equipo. Si se detiene este servicio, cualquier usuario en este equipo puede modificar el Registro. Si este servicio está deshabilitado, cualquier servicio que explícitamente dependa de él no podrá iniciarse. -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 

RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 01:40:01 a.m. | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Registro remoto -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 19/08/2004 10:43:12 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 19/08/2004 10:42:22 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 74240 bytes | Modified Date = 19/08/2004 10:43:14 a.m. | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 

RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 01:40:01 a.m. | Attr =	]

TCPIP ->  -> File not found

NTLMSSP ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Permite que un usuario remoto inicie sesión en el equipo y ejecute programas , y sea compatible con varios clientes de Telnet TCP/IP, incluyendo los equipos basados en UNIX y Windows. Si este servicio se detiene, es posible que el acceso al usuario remoto no esté disponible. Si este servicio está deshabilitado, cualquier servicio que explícitamente dependa de él no podrá iniciarse. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\0 -> Root\LEGACY_TLNTSVR\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





[Files/Folders - Created Within 30 days]

hjth -> %SystemDrive%\hjth ->  [Folder | Created Date = 28/09/2008 04:58:35 a.m. | Attr =	]

pne -> %SystemDrive%\pne ->  [Folder | Created Date = 20/09/2008 03:32:42 a.m. | Attr =	]

sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 12/09/2008 01:57:04 p.m. | Attr =  H ]

sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 12/09/2008 01:57:04 p.m. | Attr =  H ]

khfDtSkI.dll -> %SystemRoot%\System32\khfDtSkI.dll ->  [Ver =  | Size = 39936 bytes | Created Date = 24/09/2008 05:43:36 p.m. | Attr =	]

nnnoMGXN.dll -> %SystemRoot%\System32\nnnoMGXN.dll ->  [Ver =  | Size = 253952 bytes | Created Date = 25/09/2008 05:47:59 p.m. | Attr =	]

NXGMonnn.ini -> %SystemRoot%\System32\NXGMonnn.ini ->  [Ver =  | Size = 400732 bytes | Created Date = 25/09/2008 05:52:09 p.m. | Attr =  HS]

NXGMonnn.ini2 -> %SystemRoot%\System32\NXGMonnn.ini2 ->  [Ver =  | Size = 400732 bytes | Created Date = 25/09/2008 05:52:09 p.m. | Attr =  HS]

tuvVLfFv.dll -> %SystemRoot%\System32\tuvVLfFv.dll ->  [Ver =  | Size = 39936 bytes | Created Date = 24/09/2008 05:43:36 p.m. | Attr =	]

wceqcvpl.dll -> %SystemRoot%\System32\wceqcvpl.dll ->  [Ver =  | Size = 105984 bytes | Created Date = 28/09/2008 03:16:19 a.m. | Attr =	]

BMf7c81aab.xml -> %SystemRoot%\BMf7c81aab.xml ->  [Ver =  | Size = 0 bytes | Created Date = 28/09/2008 03:17:10 a.m. | Attr =	]

pskt.ini -> %SystemRoot%\pskt.ini ->  [Ver =  | Size = 22 bytes | Created Date = 28/09/2008 03:17:11 a.m. | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

LOG.Ddc -> %UserProfile%\Mis documentos\LOG.Ddc ->  [Ver =  | Size = 305 bytes | Created Date = 24/09/2008 03:13:35 p.m. | Attr =	]

LOG2.DDC -> %UserProfile%\Mis documentos\LOG2.DDC ->  [Ver =  | Size = 309 bytes | Created Date = 24/09/2008 06:25:36 p.m. | Attr =	]

Data Doctor Recovery Digital Camera.lnk -> %UserProfile%\Escritorio\Data Doctor Recovery Digital Camera.lnk ->  [Ver =  | Size = 1065 bytes | Created Date = 24/09/2008 05:43:52 p.m. | Attr =	]

efinales.htm -> %UserProfile%\Escritorio\efinales.htm ->  [Ver =  | Size = 4221 bytes | Created Date = 08/09/2008 10:32:44 p.m. | Attr =	]

efinales_archivos -> %UserProfile%\Escritorio\efinales_archivos ->  [Folder | Created Date = 08/09/2008 10:32:44 p.m. | Attr =	]

nano21_92@hotmail.com -> %UserProfile%\Escritorio\nano21_92@hotmail.com ->  [Ver =  | Size = 21 bytes | Created Date = 14/09/2008 12:29:22 p.m. | Attr =	]

OTScanIt -> %UserProfile%\Escritorio\OTScanIt ->  [Folder | Created Date = 28/09/2008 04:49:53 p.m. | Attr =	]

OTScanIt.exe -> %UserProfile%\Escritorio\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 28/09/2008 04:45:10 p.m. | Attr =	]

removal-media-data-recovery-demo.exe -> %UserProfile%\Escritorio\removal-media-data-recovery-demo.exe -> Pro Data Doctor Pvt. Ltd.									[Ver = 3.0.1.5			  | Size = 620171 bytes | Created Date = 24/09/2008 04:54:11 p.m. | Attr =	]

San Isidro · Gobierno Municipal.htm -> %UserProfile%\Escritorio\San Isidro · Gobierno Municipal.htm ->  [Ver =  | Size = 41202 bytes | Created Date = 11/09/2008 09:07:04 p.m. | Attr =	]

San Isidro · Gobierno Municipal_archivos -> %UserProfile%\Escritorio\San Isidro · Gobierno Municipal_archivos ->  [Folder | Created Date = 15/09/2008 04:06:33 p.m. | Attr =	]

Data Doctor Recovery Digital Camera -> %ProgramFiles%\Data Doctor Recovery Digital Camera ->  [Folder | Created Date = 24/09/2008 05:43:47 p.m. | Attr =	]

FreeUndelete -> %ProgramFiles%\FreeUndelete ->  [Folder | Created Date = 24/09/2008 03:38:55 p.m. | Attr =	]



[Files/Folders - Modified Within 30 days]

boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 25/09/2008 05:57:13 p.m. | Attr =  HS]

sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 12/09/2008 01:57:04 p.m. | Attr =  H ]

sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 12/09/2008 01:57:04 p.m. | Attr =  H ]

khfDtSkI.dll -> %SystemRoot%\System32\khfDtSkI.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 24/09/2008 05:43:36 p.m. | Attr =	]

nnnoMGXN.dll -> %SystemRoot%\System32\nnnoMGXN.dll ->  [Ver =  | Size = 253952 bytes | Modified Date = 25/09/2008 05:52:07 p.m. | Attr =	]

NXGMonnn.ini -> %SystemRoot%\System32\NXGMonnn.ini ->  [Ver =  | Size = 400732 bytes | Modified Date = 28/09/2008 04:52:40 p.m. | Attr =  HS]

NXGMonnn.ini2 -> %SystemRoot%\System32\NXGMonnn.ini2 ->  [Ver =  | Size = 400732 bytes | Modified Date = 28/09/2008 04:50:19 p.m. | Attr =  HS]

TrueSoft.dat -> %SystemRoot%\System32\TrueSoft.dat ->  [Ver =  | Size = 1536 bytes | Modified Date = 28/09/2008 04:39:13 p.m. | Attr =	]

tuvVLfFv.dll -> %SystemRoot%\System32\tuvVLfFv.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 24/09/2008 05:43:36 p.m. | Attr =	]

wceqcvpl.dll -> %SystemRoot%\System32\wceqcvpl.dll ->  [Ver =  | Size = 105984 bytes | Modified Date = 28/09/2008 03:17:07 a.m. | Attr =	]

wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2228 bytes | Modified Date = 28/09/2008 04:38:27 p.m. | Attr =	]

BMf7c81aab.xml -> %SystemRoot%\BMf7c81aab.xml ->  [Ver =  | Size = 0 bytes | Modified Date = 28/09/2008 03:17:10 a.m. | Attr =	]

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 28/09/2008 04:37:32 p.m. | Attr =   S]

4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 26/09/2008 04:24:57 a.m. | Attr =	]

pskt.ini -> %SystemRoot%\pskt.ini ->  [Ver =  | Size = 22 bytes | Modified Date = 28/09/2008 04:38:31 p.m. | Attr =	]

system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 25/09/2008 05:57:13 p.m. | Attr =	]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 675 bytes | Modified Date = 25/09/2008 05:57:13 p.m. | Attr =	]

MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 344 bytes | Modified Date = 28/09/2008 04:46:04 a.m. | Attr =  H ]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 28/09/2008 04:37:39 p.m. | Attr =  H ]

C:\Documents and Settings\All Users\Datos de programa\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\HTML Help ->  [Folder | Modified Date = 24/06/2007 07:16:40 p.m. | Attr =	]

hhcolreg.dat -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 8134 bytes | Modified Date = 24/06/2007 07:16:40 p.m. | Attr =	]

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader ->  [Folder | Modified Date = 24/06/2007 10:27:16 p.m. | Attr =	]

qmgr0.dat -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 30644 bytes | Modified Date = 25/09/2008 05:43:27 p.m. | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 30644 bytes | Modified Date = 25/09/2008 05:43:28 p.m. | Attr =	]

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\Office\Data ->  [Folder | Modified Date = 25/06/2007 05:21:28 a.m. | Attr =	]

data.dat -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 25/06/2007 07:11:56 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\ -> C:\Documents and Settings\Francisco\Configuración local\Temp ->  [Folder | Modified Date = 28/09/2008 04:45:00 p.m. | Attr =	]

Install_WLMessenger.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\Install_WLMessenger.exe -> Microsoft Corporation [Ver = 12.0.2000.1009 | Size = 20207632 bytes | Modified Date = 28/10/2007 01:46:41 a.m. | Attr =	]

jre-6u5-windows-i586-p-iftw_1b121abb.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.19 | Size = 382352 bytes | Modified Date = 04/04/2008 03:27:07 p.m. | Attr =	]

Reboot.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\Reboot.exe ->  [Ver =  | Size = 146399 bytes | Modified Date = 15/07/2003 12:03:40 p.m. | Attr =	]

setup_wm.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\setup_wm.exe -> Microsoft Corporation [Ver = 9.00.00.3250 | Size = 778240 bytes | Modified Date = 19/08/2004 10:43:10 a.m. | Attr =	]

Uninstall.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\Uninstall.exe -> Pro Data Doctor Pvt. Ltd.									[Ver = 3.0.1.5			  | Size = 140102 bytes | Modified Date = 24/09/2008 04:58:53 p.m. | Attr =	]

xdesifv.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\xdesifv.exe ->  [Ver =  | Size = 24576 bytes | Modified Date = 02/04/2008 11:01:07 a.m. | Attr =	]

1027 C:\Documents and Settings\Francisco\Configuración local\Temp\*.tmp files -> C:\Documents and Settings\Francisco\Configuración local\Temp\*.tmp -> 

C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT ->  [Folder | Modified Date = 25/06/2007 10:59:37 p.m. | Attr =	]

EBAPISET.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\EBAPISET.exe ->  [Ver =  | Size = 23040 bytes | Modified Date = 31/03/2000 | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\AGENT2_t\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\AGENT2_t ->  [Folder | Modified Date = 25/06/2007 10:59:37 p.m. | Attr =	]

SAgent2.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\AGENT2_t\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 3, 0, 0 | Size = 94208 bytes | Modified Date = 17/07/2002 02:03:00 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\BASE_t\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\BASE_t ->  [Folder | Modified Date = 25/06/2007 10:59:37 p.m. | Attr =	]

STMSetup.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\BASE_t\STMSetup.exe ->  [Ver = 1, 13, 0, 0 | Size = 81920 bytes | Modified Date = 18/05/2000 01:13:00 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\EBAPI16_s\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\EBAPI16_s ->  [Folder | Modified Date = 25/06/2007 10:59:37 p.m. | Attr =	]

EBAPI2HS.EXE -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\EBAPI16_s\EBAPI2HS.EXE -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 69632 bytes | Modified Date = 04/12/2001 01:01:00 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\ICD1.tmp\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\ICD1.tmp\ ->  [Folder | Modified Date = 25/06/2007 05:12:37 p.m. | Attr =	]

jinstall.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\ICD1.tmp\jinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 364544 bytes | Modified Date = 14/03/2007 04:02:28 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531 ->  [Folder | Modified Date = 25/06/2007 05:54:56 p.m. | Attr =	]

SetupX.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\SetupX.exe -> Nero AG [Ver = 1, 5, 30, 0 | Size = 1556480 bytes | Modified Date = 17/11/2006 09:23:36 p.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp ->  [Folder | Modified Date = 25/06/2007 06:21:57 p.m. | Attr =	]

SetupNeroMobileUnsignedA8C35C16.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\SetupNeroMobileUnsignedA8C35C16.exe -> Nero AG [Ver = 1.2.0.13 | Size = 3375705 bytes | Modified Date = 16/11/2006 03:43:54 p.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist ->  [Folder | Modified Date = 20/11/2006 12:29:26 p.m. | Attr =	]

50comupd.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\50comupd.exe -> Microsoft Corporation [Ver = 5.00.2516.1900 | Size = 509984 bytes | Modified Date = 18/12/2002 12:43:16 p.m. | Attr =	]

instmsia.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\instmsia.exe -> Microsoft Corporation [Ver = 2.0.2600.2 | Size = 1708856 bytes | Modified Date = 11/03/2002 02:45:02 p.m. | Attr =	]

instmsiw.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\instmsiw.exe -> Microsoft Corporation [Ver = 2.0.2600.2 | Size = 1822520 bytes | Modified Date = 11/03/2002 08:06:30 a.m. | Attr =	]

ShFolder.Exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\ShFolder.Exe -> Microsoft Corporation [Ver = 5.50.4027.300 | Size = 117288 bytes | Modified Date = 23/01/2001 11:13:28 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\DirectX\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\DirectX ->  [Folder | Modified Date = 20/11/2006 12:29:26 p.m. | Attr =	]

dxsetup.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\DirectX\dxsetup.exe -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 484632 bytes | Modified Date = 14/08/2006 04:08:04 p.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Setup\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Setup ->  [Folder | Modified Date = 20/11/2006 12:29:26 p.m. | Attr =	]

NeroDelTmp.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Setup\NeroDelTmp.exe -> Nero AG [Ver = 1, 5, 30, 0 | Size = 860160 bytes | Modified Date = 17/11/2006 09:24:28 p.m. | Attr =	]

NiReg.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Setup\NiReg.exe -> Nero AG [Ver = 1, 5, 21, 0 | Size = 823296 bytes | Modified Date = 22/09/2006 09:05:20 a.m. | Attr =	]

UninstallNero.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Setup\UninstallNero.exe -> Nero AG [Ver = 1, 5, 30, 0 | Size = 946176 bytes | Modified Date = 17/11/2006 09:24:10 p.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\ ->  [Folder | Modified Date = 25/06/2007 07:58:06 p.m. | Attr =	]

DivXComponentInstaller.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\DivXComponentInstaller.exe ->  [Ver =  | Size = 40905 bytes | Modified Date = 12/12/2006 01:24:25 p.m. | Attr =	]

DivXConnectionTester.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\DivXConnectionTester.exe ->  [Ver =  | Size = 76507 bytes | Modified Date = 12/12/2006 01:24:24 p.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine ->  [Folder | Modified Date = 25/06/2007 07:56:46 p.m. | Attr =	]

PxCpyA64.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine\PxCpyA64.exe -> Sonic Solutions [Ver = 1.00.39a | Size = 64760 bytes | Modified Date = 30/01/2007 02:03:34 a.m. | Attr =	]

PxCpyI64.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine\PxCpyI64.exe -> Sonic Solutions [Ver = 1.00.39a | Size = 116472 bytes | Modified Date = 30/01/2007 02:03:34 a.m. | Attr =	]

pxhpinst.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 72440 bytes | Modified Date = 30/01/2007 02:03:35 a.m. | Attr =	]

PxInsA64.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine\PxInsA64.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 64760 bytes | Modified Date = 30/01/2007 02:03:34 a.m. | Attr =	]

PxInsI64.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine\PxInsI64.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 118520 bytes | Modified Date = 30/01/2007 02:03:34 a.m. | Attr =	]

pxsetup.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine\pxsetup.exe -> Sonic Solutions [Ver = 1.00.39a | Size = 68344 bytes | Modified Date = 30/01/2007 02:03:34 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\par-Francisco\cache-exiftool-6.91\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\par-Francisco\cache-exiftool-6.91\ ->  [Folder | Modified Date = 30/04/2008 12:32:33 p.m. | Attr =	]

exiftool(-k).exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\par-Francisco\cache-exiftool-6.91\exiftool(-k).exe ->  [Ver =  | Size = 53299 bytes | Modified Date = 27/06/2007 12:48:01 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\RarSFX0\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\RarSFX0 ->  [Folder | Modified Date = 25/06/2007 01:19:38 a.m. | Attr =	]

findkey.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\RarSFX0\findkey.exe ->  [Ver =  | Size = 520704 bytes | Modified Date = 21/04/2003 02:15:42 a.m. | Attr =	]

xpkey.exe -> C:\Documents and Settings\Francisco\Configuración local\Temp\RarSFX0\xpkey.exe ->  [Ver =  | Size = 15917 bytes | Modified Date = 19/09/2002 02:25:32 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\ -> C:\Documents and Settings\Francisco\Configuración local\Temp ->  [Folder | Modified Date = 28/09/2008 04:45:00 p.m. | Attr =	]

dsprs.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\dsprs.dll ->  [Ver =  | Size = 69632 bytes | Modified Date = 15/07/2003 12:51:56 p.m. | Attr =	]

NSISGSearchCheck.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NSISGSearchCheck.dll ->  [Ver =  | Size = 90112 bytes | Modified Date = 10/03/2008 11:53:54 p.m. | Attr =	]

swt-gdip-win32-3346.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\swt-gdip-win32-3346.dll -> Eclipse Foundation [Ver = 3.346 | Size = 77824 bytes | Modified Date = 27/10/2007 10:10:29 p.m. | Attr =	]

swt-gdip-win32-3430.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\swt-gdip-win32-3430.dll -> Eclipse Foundation [Ver = 3.430 | Size = 77824 bytes | Modified Date = 19/04/2008 12:12:52 p.m. | Attr =	]

swt-win32-3346.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\swt-win32-3346.dll -> Eclipse Foundation [Ver = 3.346 | Size = 307200 bytes | Modified Date = 27/10/2007 10:10:19 p.m. | Attr =	]

swt-win32-3430.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\swt-win32-3430.dll -> Eclipse Foundation [Ver = 3.430 | Size = 323584 bytes | Modified Date = 10/04/2008 02:30:18 p.m. | Attr =	]

uvnvewdk.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\uvnvewdk.dll ->  [Ver =  | Size = 80652 bytes | Modified Date = 25/09/2008 06:14:47 p.m. | Attr =	]

WizeSupp.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\WizeSupp.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 30/08/2003 12:51:30 a.m. | Attr =	]

1027 C:\Documents and Settings\Francisco\Configuración local\Temp\*.tmp files -> C:\Documents and Settings\Francisco\Configuración local\Temp\*.tmp -> 

C:\Documents and Settings\Francisco\Configuración local\Temp\{F977FD4B-C9A6-4BAA-B4BB-DE3023288253}\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\{F977FD4B-C9A6-4BAA-B4BB-DE3023288253} ->  [Folder | Modified Date = 18/02/2008 07:56:50 a.m. | Attr =	]

ISRT.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\{F977FD4B-C9A6-4BAA-B4BB-DE3023288253}\ISRT.DLL -> InstallShield Software Corporation [Ver = 9.01.429 | Size = 401408 bytes | Modified Date = 10/11/2003 06:16:22 p.m. | Attr =	]

_ISRES.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\{F977FD4B-C9A6-4BAA-B4BB-DE3023288253}\_ISRES.DLL -> InstallShield Software Corporation [Ver = 9.00.333 | Size = 311296 bytes | Modified Date = 19/02/2008 07:54:00 p.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\3974593\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\3974593 ->  [Folder | Modified Date = 18/02/2008 06:03:53 a.m. | Attr =	]

ywiseext.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\3974593\ywiseext.dll -> Yahoo! Inc. [Ver = 2007, 11, 2, 1 | Size = 106496 bytes | Modified Date = 02/11/2007 10:25:48 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\6727850\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\6727850 ->  [Folder | Modified Date = 18/02/2008 06:10:54 a.m. | Attr =	]

ywiseext.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\6727850\ywiseext.dll -> Yahoo! Inc. [Ver = 2007, 11, 2, 1 | Size = 106496 bytes | Modified Date = 02/11/2007 10:25:48 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT ->  [Folder | Modified Date = 25/06/2007 10:59:37 p.m. | Attr =	]

EBAPISET.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\EBAPISET.dll -> SEIKO EPSON CORPORATION [Ver = 2.04 | Size = 260096 bytes | Modified Date = 22/08/2002 02:04:00 a.m. | Attr =	]

EBP16PIF.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\EBP16PIF.DLL -> SEIKO EPSON Corporation [Ver = 1.00.00 | Size = 5344 bytes | Modified Date = 25/01/2001 01:00:00 a.m. | Attr =	]

EBSETUP.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\EBSETUP.dll -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 2 | Size = 184320 bytes | Modified Date = 01/09/1999 09:40:10 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\BASE_s\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\BASE_s ->  [Folder | Modified Date = 25/06/2007 10:59:37 p.m. | Attr =	]

ebapi2.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\BASE_s\ebapi2.dll -> SEIKO EPSON CORPORATION [Ver = 1, 4, 0, 0 | Size = 139264 bytes | Modified Date = 23/08/2001 01:04:00 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\EBAPI16_s\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\EBAPI16_s ->  [Folder | Modified Date = 25/06/2007 10:59:37 p.m. | Attr =	]

Ebapi162.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\EBAPI16_s\Ebapi162.dll -> SEIKO EPSON CORPORATION [Ver = 1, 2, 0, 0 | Size = 19168 bytes | Modified Date = 08/05/2002 01:02:00 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\LPT_t\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\LPT_t ->  [Folder | Modified Date = 25/06/2007 10:59:37 p.m. | Attr =	]

Ebplpt.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\LPT_t\Ebplpt.dll -> SEIKO EPSON CORPORATION [Ver = 2, 26, 0, 0 | Size = 230912 bytes | Modified Date = 31/07/2002 02:26:00 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\LPTNT_s\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\LPTNT_s ->  [Folder | Modified Date = 25/06/2007 10:59:37 p.m. | Attr =	]

ebppmon.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\LPTNT_s\ebppmon.dll -> SEIKO EPSON CORPORATION [Ver = 2, 27, 0, 0 | Size = 108544 bytes | Modified Date = 08/10/2002 02:27:00 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\SHARE2_t\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\SHARE2_t ->  [Folder | Modified Date = 25/06/2007 10:59:37 p.m. | Attr =	]

EbpShre2.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\SHARE2_t\EbpShre2.dll -> SEIKO EPSON CORPORATION [Ver = 2, 1, 0, 0 | Size = 77824 bytes | Modified Date = 08/11/2001 02:01:00 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp ->  [Folder | Modified Date = 25/06/2007 06:21:57 p.m. | Attr =	]

BCGCBPRO8002D9B60E3.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\BCGCBPRO8002D9B60E3.dll -> BCGSoft Ltd [Ver = 8, 00, 0, 0 | Size = 2600960 bytes | Modified Date = 17/10/2005 04:07:46 p.m. | Attr =	]

BCGPOleAcc9B39C142.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\BCGPOleAcc9B39C142.dll ->  [Ver = 8, 50, 0, 0 | Size = 32768 bytes | Modified Date = 23/12/2005 04:50:28 p.m. | Attr =	]

Drweb323680E0DF.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\Drweb323680E0DF.dll -> Doctor Web, Ltd. [Ver = 4, 33, 0, 10250 | Size = 1347584 bytes | Modified Date = 31/05/2006 07:46:46 p.m. | Attr =	]

em2v01DC7D73.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\em2v01DC7D73.dll -> Nero AG [Ver = 4,5,13,0 | Size = 184320 bytes | Modified Date = 09/11/2006 04:04:18 p.m. | Attr =	]

em2v6300DBD6.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\em2v6300DBD6.dll -> Nero AG [Ver = 4,5,13,0 | Size = 184320 bytes | Modified Date = 09/11/2006 04:04:18 p.m. | Attr =	]

gdiplus38B07F0B.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplus38B07F0B.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

gdiplus536CC5AD.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplus536CC5AD.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

gdiplus5461AF19.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplus5461AF19.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

gdiplus55EBB4A3.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplus55EBB4A3.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

gdiplus5ABC3C3B.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplus5ABC3C3B.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

gdiplus5C39907C.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplus5C39907C.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

gdiplus74C97B78.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplus74C97B78.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

gdiplus78D63180.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplus78D63180.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

gdiplus9071448E.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplus9071448E.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

gdiplus985FC367.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplus985FC367.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

gdiplusA455ADFC.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplusA455ADFC.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

gdiplusAF831C96.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplusAF831C96.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

gdiplusB1DBFAF0.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplusB1DBFAF0.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

gdiplusD6EBAEF5.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplusD6EBAEF5.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

gdiplusDC8C5D2A.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplusDC8C5D2A.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

gdiplusE1DA3D0E.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplusE1DA3D0E.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

gdiplusF33DEC0A.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\gdiplusF33DEC0A.DLL -> Microsoft Corporation [Ver = 5.1.3102.1360 (xpsp2.040109-1800) | Size = 1645320 bytes | Modified Date = 04/05/2004 10:53:40 a.m. | Attr =	]

MFC71109CB9C7.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\MFC71109CB9C7.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1060864 bytes | Modified Date = 19/03/2003 06:20:00 a.m. | Attr =	]

MFC71249A74F9.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\MFC71249A74F9.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1060864 bytes | Modified Date = 19/03/2003 06:20:00 a.m. | Attr =	]

MFC713F517409.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\MFC713F517409.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1060864 bytes | Modified Date = 19/03/2003 06:20:00 a.m. | Attr =	]

MFC71461BF8FA.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\MFC71461BF8FA.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1060864 bytes | Modified Date = 19/03/2003 06:20:00 a.m. | Attr =	]

MFC7149090881.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\MFC7149090881.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1060864 bytes | Modified Date = 19/03/2003 06:20:00 a.m. | Attr =	]

MFC715B49AA52.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\MFC715B49AA52.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1060864 bytes | Modified Date = 19/03/2003 06:20:00 a.m. | Attr =	]

MFC716011AF24.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\MFC716011AF24.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1060864 bytes | Modified Date = 19/03/2003 06:20:00 a.m. | Attr =	]

MFC716251E7FF.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\MFC716251E7FF.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1060864 bytes | Modified Date = 19/03/2003 06:20:00 a.m. | Attr =	]

MFC718A0B572D.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\MFC718A0B572D.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1060864 bytes | Modified Date = 19/03/2003 06:20:00 a.m. | Attr =	]

MFC71AE66EE48.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\MFC71AE66EE48.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1060864 bytes | Modified Date = 19/03/2003 06:20:00 a.m. | Attr =	]

MFC71CB545924.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\MFC71CB545924.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1060864 bytes | Modified Date = 19/03/2003 06:20:00 a.m. | Attr =	]

MFC71E906F697.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\MFC71E906F697.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1060864 bytes | Modified Date = 19/03/2003 06:20:00 a.m. | Attr =	]

MFC71F47B49DB.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\MFC71F47B49DB.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1060864 bytes | Modified Date = 19/03/2003 06:20:00 a.m. | Attr =	]

mfc71u12406601.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\mfc71u12406601.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1047552 bytes | Modified Date = 18/03/2003 08:12:12 p.m. | Attr =	]

mfc71u4C5C5DD0.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\mfc71u4C5C5DD0.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1047552 bytes | Modified Date = 18/03/2003 08:12:12 p.m. | Attr =	]

mfc71u4D1989F2.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\mfc71u4D1989F2.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1047552 bytes | Modified Date = 18/03/2003 08:12:12 p.m. | Attr =	]

mfc71u93490C3B.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\mfc71u93490C3B.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1047552 bytes | Modified Date = 18/03/2003 08:12:12 p.m. | Attr =	]

mfc71uE8BEE4D1.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\mfc71uE8BEE4D1.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1047552 bytes | Modified Date = 18/03/2003 08:12:12 p.m. | Attr =	]

mfc71uF18EADFB.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\mfc71uF18EADFB.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1047552 bytes | Modified Date = 18/03/2003 08:12:12 p.m. | Attr =	]

msvcp710E7F954E.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp710E7F954E.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp712CF144D3.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp712CF144D3.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp71318C1171.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp71318C1171.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp71346249B2.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp71346249B2.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp714536764D.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp714536764D.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp714D58BA94.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp714D58BA94.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp7150E1E867.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp7150E1E867.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp7151207FF7.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp7151207FF7.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp7158986D1C.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp7158986D1C.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp7162535DFA.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp7162535DFA.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp7169869529.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp7169869529.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp7177B7CF3F.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp7177B7CF3F.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp7178516802.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp7178516802.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp7198B02AF4.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp7198B02AF4.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp71B4C16822.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp71B4C16822.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp71BBF6D7CF.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp71BBF6D7CF.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp71C138A21F.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp71C138A21F.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp71C50F23DB.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp71C50F23DB.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp71EB0FA0C2.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp71EB0FA0C2.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp71EF1A49EE.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp71EF1A49EE.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp71F4FBCFF4.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp71F4FBCFF4.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp71F525E9F7.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp71F525E9F7.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcp71FC7343DA.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcp71FC7343DA.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 19/03/2003 06:14:52 a.m. | Attr =	]

msvcr7103CBFF9A.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr7103CBFF9A.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr7113A22A6A.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr7113A22A6A.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr71264D7D03.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr71264D7D03.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr712E243769.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr712E243769.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr7135AD2B54.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr7135AD2B54.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr713C2058C6.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr713C2058C6.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr71402AC422.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr71402AC422.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr7144B7F012.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr7144B7F012.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr7166D31FF4.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr7166D31FF4.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr716A7F987A.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr716A7F987A.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr7193442B58.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr7193442B58.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr719D484A5A.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr719D484A5A.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr71BA5A88D0.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr71BA5A88D0.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr71BB261ECC.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr71BB261ECC.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr71CC2005AB.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr71CC2005AB.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr71D1A5E404.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr71D1A5E404.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr71E0570AA5.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr71E0570AA5.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr71E0BAC39B.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr71E0BAC39B.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr71EE7C0081.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr71EE7C0081.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr71F02E11D7.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr71F02E11D7.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr71F2E0F0EF.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr71F2E0F0EF.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr71F5084597.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr71F5084597.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

msvcr71FD47894B.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\msvcr71FD47894B.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 21/02/2003 02:42:22 p.m. | Attr =	]

Msvcrt11D4118E.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\Msvcrt11D4118E.dll -> Microsoft Corporation [Ver = 6.10.8924.0 | Size = 290869 bytes | Modified Date = 04/05/2001 11:05:02 a.m. | Attr =	]

ndvddiscD56CC44A.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\ndvddiscD56CC44A.dll -> Nero AG [Ver = 4,5,13,0 | Size = 45568 bytes | Modified Date = 09/11/2006 04:04:14 p.m. | Attr =	]

NeAcEnc9FC8C58A.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\NeAcEnc9FC8C58A.dll -> Nero AG [Ver = 4,5,13,0 | Size = 126976 bytes | Modified Date = 09/11/2006 04:04:18 p.m. | Attr =	]

NeEm2a529CBA7F.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\NeEm2a529CBA7F.dll -> Nero AG [Ver = 4,5,13,0 | Size = 135168 bytes | Modified Date = 09/11/2006 04:04:18 p.m. | Attr =	]

NeEm2a57A96039.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\NeEm2a57A96039.dll -> Nero AG [Ver = 4,5,13,0 | Size = 135168 bytes | Modified Date = 09/11/2006 04:04:18 p.m. | Attr =	]

NeroIPP18F99FA5.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\NeroIPP18F99FA5.dll -> Nero AG [Ver = 4,5,13,0 | Size = 3371008 bytes | Modified Date = 09/11/2006 04:04:20 p.m. | Attr =	]

NeroIPP55B9FD4A.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\NeroIPP55B9FD4A.dll -> Nero AG [Ver = 4,5,13,0 | Size = 3371008 bytes | Modified Date = 09/11/2006 04:04:20 p.m. | Attr =	]

NeroMediaCon041A55CE.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\NeroMediaCon041A55CE.dll -> Nero AG [Ver = 4,5,13,0 | Size = 1265664 bytes | Modified Date = 09/11/2006 04:04:20 p.m. | Attr =	]

NeroMediaConD4CB9F82.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\NeroMediaConD4CB9F82.dll -> Nero AG [Ver = 4,5,13,0 | Size = 1265664 bytes | Modified Date = 09/11/2006 04:04:20 p.m. | Attr =	]

NeroRcPluginAti3935D9B2.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\NeroRcPluginAti3935D9B2.dll -> Nero AG [Ver = 1, 5, 3, 0 | Size = 81920 bytes | Modified Date = 16/11/2006 06:53:48 p.m. | Attr =	]

NeroRcPluginHauppaugeD1EEA012.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\NeroRcPluginHauppaugeD1EEA012.dll -> Nero AG [Ver = 1, 5, 3, 0 | Size = 81920 bytes | Modified Date = 16/11/2006 06:57:32 p.m. | Attr =	]

NeRSDB05C2D9D9.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\NeRSDB05C2D9D9.dll -> Nero AG [Ver = 7, 5, 9, 0 | Size = 34816 bytes | Modified Date = 27/10/2006 04:29:54 p.m. | Attr =	]

NeVcr50E5ADBC.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\NeVcr50E5ADBC.dll -> Nero AG [Ver = 4,5,13,0 | Size = 323584 bytes | Modified Date = 09/11/2006 04:04:20 p.m. | Attr =	]

TMPVImporterF67588C5.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\TMPVImporterF67588C5.dll -> Nero AG [Ver = 7, 5, 9, 0 | Size = 94208 bytes | Modified Date = 27/10/2006 04:37:20 p.m. | Attr =	]

UDFImporter4B649A67.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\UDFImporter4B649A67.dll -> Nero AG [Ver = 7, 5, 9, 0 | Size = 425984 bytes | Modified Date = 27/10/2006 04:37:08 p.m. | Attr =	]

VMPEGEncNDX44D4A2E4.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Cab\Tmp\VMPEGEncNDX44D4A2E4.dll -> Nero AG [Ver = 1, 3, 1, 1 | Size = 364544 bytes | Modified Date = 31/05/2006 07:46:46 p.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist ->  [Folder | Modified Date = 20/11/2006 12:29:26 p.m. | Attr =	]

AReadyLB_Nero.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\AReadyLB_Nero.dll -> Audible Inc. [Ver = 5, 0, 0, 18 | Size = 598016 bytes | Modified Date = 10/11/2006 01:59:00 p.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\DirectX\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\DirectX ->  [Folder | Modified Date = 20/11/2006 12:29:26 p.m. | Attr =	]

DSETUP.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\DirectX\DSETUP.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 74520 bytes | Modified Date = 14/08/2006 04:08:04 p.m. | Attr =	]

dsetup32.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\DirectX\dsetup32.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 2248984 bytes | Modified Date = 14/08/2006 04:08:04 p.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\MS\System\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\MS\System ->  [Folder | Modified Date = 20/11/2006 12:29:26 p.m. | Attr =	]

asycfilt.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\MS\System\asycfilt.dll -> Microsoft Corporation [Ver = 2.40.4275 | Size = 147728 bytes | Modified Date = 08/03/1999 11:50:56 a.m. | Attr =	]

mfc42.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\MS\System\mfc42.dll -> Microsoft Corporation [Ver = 6.00.8665.0 | Size = 995383 bytes | Modified Date = 06/04/2000 07:13:36 p.m. | Attr =	]

msvcirt.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\MS\System\msvcirt.dll -> Microsoft Corporation [Ver = 6.00.8168.0 | Size = 77878 bytes | Modified Date = 06/04/2000 07:10:38 p.m. | Attr =	]

msvcp60.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\MS\System\msvcp60.dll -> Microsoft Corporation [Ver = 6.00.8972.0 | Size = 401462 bytes | Modified Date = 29/08/2000 01:19:16 a.m. | Attr =	]

msvcrt.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\MS\System\msvcrt.dll -> Microsoft Corporation [Ver = 6.00.8797.0 | Size = 278581 bytes | Modified Date = 06/04/2000 07:10:40 p.m. | Attr =	]

oleaut32.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\MS\System\oleaut32.dll -> Microsoft Corporation [Ver = 2.40.4275 | Size = 598288 bytes | Modified Date = 12/04/2000 01:00:24 p.m. | Attr =	]

olepro32.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Redist\MS\System\olepro32.dll -> Microsoft Corporation [Ver = 5.0.4275 | Size = 164112 bytes | Modified Date = 08/03/1999 11:50:56 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Setup\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Setup ->  [Folder | Modified Date = 20/11/2006 12:29:26 p.m. | Attr =	]

APATCH.DLL -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Setup\APATCH.DLL -> Catalyst Development Corporation [Ver = 1.20.1210 | Size = 263848 bytes | Modified Date = 27/05/2002 07:50:06 p.m. | Attr =	]

NPS.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Setup\NPS.dll -> Nero AG [Ver = 1, 5, 30, 0 | Size = 3334144 bytes | Modified Date = 17/11/2006 09:25:18 p.m. | Attr =	]

unrar.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\NeroDemo11531\Setup\unrar.dll ->  [Ver =  | Size = 160768 bytes | Modified Date = 05/01/2006 04:56:06 p.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\ ->  [Folder | Modified Date = 25/06/2007 07:58:06 p.m. | Attr =	]

EmailValidator.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\EmailValidator.dll -> DivX, Inc. [Ver = 1, 1, 0, 2 | Size = 45056 bytes | Modified Date = 30/01/2007 02:02:37 a.m. | Attr =	]

fftbapi.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\fftbapi.dll ->  [Ver =  | Size = 50688 bytes | Modified Date = 30/01/2007 02:02:55 a.m. | Attr =	]

gdsapi.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\gdsapi.dll ->  [Ver =  | Size = 4096 bytes | Modified Date = 30/01/2007 02:02:56 a.m. | Attr =	]

InstallOptions.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\InstallOptions.dll ->  [Ver =  | Size = 12288 bytes | Modified Date = 25/06/2007 07:55:20 p.m. | Attr =	]

LangDLL.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\LangDLL.dll ->  [Ver =  | Size = 5120 bytes | Modified Date = 25/06/2007 07:55:11 p.m. | Attr =	]

PCloser.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PCloser.dll -> DivX, Inc. [Ver = 1, 0, 0, 3 | Size = 65536 bytes | Modified Date = 30/01/2007 02:04:05 a.m. | Attr =	]

System.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\System.dll ->  [Ver =  | Size = 9216 bytes | Modified Date = 30/01/2007 02:03:20 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine ->  [Folder | Modified Date = 25/06/2007 07:56:46 p.m. | Attr =	]

px.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine\px.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 527096 bytes | Modified Date = 30/01/2007 02:03:34 a.m. | Attr =	]

pxafs.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine\pxafs.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 129784 bytes | Modified Date = 30/01/2007 02:03:34 a.m. | Attr =	]

pxdrv.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine\pxdrv.dll -> Sonic Solutions [Ver = 1.02.01a | Size = 502520 bytes | Modified Date = 30/01/2007 02:03:34 a.m. | Attr =	]

pxmas.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine\pxmas.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 183032 bytes | Modified Date = 30/01/2007 02:03:35 a.m. | Attr =	]

pxsfs.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine\pxsfs.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 1329912 bytes | Modified Date = 30/01/2007 02:03:34 a.m. | Attr =	]

pxwave.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine\pxwave.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 379640 bytes | Modified Date = 30/01/2007 02:03:34 a.m. | Attr =	]

vxblock.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\PxEngine\vxblock.dll -> Sonic Solutions [Ver = 1.00.74a | Size = 39672 bytes | Modified Date = 30/01/2007 02:03:34 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\par-Francisco\cache-exiftool-6.91\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\par-Francisco\cache-exiftool-6.91\ ->  [Folder | Modified Date = 30/04/2008 12:32:33 p.m. | Attr =	]

278090af.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\par-Francisco\cache-exiftool-6.91\278090af.dll ->  [Ver =  | Size = 24665 bytes | Modified Date = 27/06/2007 12:48:01 a.m. | Attr =	]

3276b8c8.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\par-Francisco\cache-exiftool-6.91\3276b8c8.dll ->  [Ver =  | Size = 28789 bytes | Modified Date = 27/06/2007 12:48:40 a.m. | Attr =	]

34bdba63.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\par-Francisco\cache-exiftool-6.91\34bdba63.dll ->  [Ver =  | Size = 86133 bytes | Modified Date = 27/06/2007 12:48:01 a.m. | Attr =	]

4a2ee9db.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\par-Francisco\cache-exiftool-6.91\4a2ee9db.dll ->  [Ver =  | Size = 28770 bytes | Modified Date = 27/06/2007 12:48:01 a.m. | Attr =	]

671d8b64.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\par-Francisco\cache-exiftool-6.91\671d8b64.dll ->  [Ver =  | Size = 24674 bytes | Modified Date = 27/06/2007 12:48:01 a.m. | Attr =	]

9a6a9a93.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\par-Francisco\cache-exiftool-6.91\9a6a9a93.dll ->  [Ver =  | Size = 24671 bytes | Modified Date = 27/06/2007 12:48:01 a.m. | Attr =	]

d183fe29.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\par-Francisco\cache-exiftool-6.91\d183fe29.dll ->  [Ver =  | Size = 20571 bytes | Modified Date = 27/06/2007 12:48:01 a.m. | Attr =	]

perl58.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\par-Francisco\cache-exiftool-6.91\perl58.dll -> ActiveState, a division of Sophos [Ver = 5,8,7,813 | Size = 815185 bytes | Modified Date = 27/06/2007 12:48:01 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\TempFolder.aaa\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\TempFolder.aaa\ ->  [Folder | Modified Date = 02/11/2007 03:32:03 a.m. | Attr =	]

dirapi.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\TempFolder.aaa\dirapi.dll -> Macromedia, Inc. [Ver = 7.0r198 | Size = 945152 bytes | Modified Date = 02/11/2007 03:32:01 a.m. | Attr =	]

iml32.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\TempFolder.aaa\iml32.dll -> Macromedia, Inc. [Ver = 7.0r198 | Size = 375808 bytes | Modified Date = 02/11/2007 03:32:00 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\TempFolder.aab\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\TempFolder.aab\ ->  [Folder | Modified Date = 02/11/2007 03:37:32 a.m. | Attr =	]

dirapi.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\TempFolder.aab\dirapi.dll -> Macromedia, Inc. [Ver = 7.0r198 | Size = 945152 bytes | Modified Date = 02/11/2007 03:37:32 a.m. | Attr =	]

iml32.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\TempFolder.aab\iml32.dll -> Macromedia, Inc. [Ver = 7.0r198 | Size = 375808 bytes | Modified Date = 02/11/2007 03:37:32 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\TempFolder.aac\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\TempFolder.aac\ ->  [Folder | Modified Date = 02/11/2007 03:38:10 a.m. | Attr =	]

dirapi.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\TempFolder.aac\dirapi.dll -> Macromedia, Inc. [Ver = 7.0r198 | Size = 945152 bytes | Modified Date = 02/11/2007 03:38:09 a.m. | Attr =	]

iml32.dll -> C:\Documents and Settings\Francisco\Configuración local\Temp\TempFolder.aac\iml32.dll -> Macromedia, Inc. [Ver = 7.0r198 | Size = 375808 bytes | Modified Date = 02/11/2007 03:38:09 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\ ->  [Folder | Modified Date = 25/03/2008 03:46:18 p.m. | Attr =   S]

index.dat -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\index.dat ->  [Ver =  | Size = 1835008 bytes | Modified Date = 25/03/2008 03:48:16 p.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\Cookies\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\Cookies ->  [Folder | Modified Date = 25/03/2008 03:36:57 p.m. | Attr =   S]

index.dat -> C:\Documents and Settings\Francisco\Configuración local\Temp\Cookies\index.dat ->  [Ver =  | Size = 49152 bytes | Modified Date = 25/03/2008 03:37:35 p.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\Historial\History.IE5\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\Historial\History.IE5\ ->  [Folder | Modified Date = 14/08/2007 10:11:19 p.m. | Attr =   S]

index.dat -> C:\Documents and Settings\Francisco\Configuración local\Temp\Historial\History.IE5\index.dat ->  [Ver =  | Size = 98304 bytes | Modified Date = 25/03/2008 03:37:35 p.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\ -> C:\Documents and Settings\Francisco\Configuración local\Temp ->  [Folder | Modified Date = 28/09/2008 04:45:00 p.m. | Attr =	]

RunTime.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\RunTime.ini ->  [Ver =  | Size = 625 bytes | Modified Date = 25/06/2007 06:44:09 a.m. | Attr =	]

{AC76BA86-7AD7-1034-7B44-A81000000003}.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\{AC76BA86-7AD7-1034-7B44-A81000000003}.ini ->  [Ver =  | Size = 890 bytes | Modified Date = 25/04/2008 12:15:36 p.m. | Attr =	]

{AC76BA86-7AD7-1034-7B44-A81200000003}.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\{AC76BA86-7AD7-1034-7B44-A81200000003}.ini ->  [Ver =  | Size = 641 bytes | Modified Date = 25/04/2008 12:18:08 p.m. | Attr =	]

1027 C:\Documents and Settings\Francisco\Configuración local\Temp\*.tmp files -> C:\Documents and Settings\Francisco\Configuración local\Temp\*.tmp -> 

C:\Documents and Settings\Francisco\Configuración local\Temp\{F977FD4B-C9A6-4BAA-B4BB-DE3023288253}\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\{F977FD4B-C9A6-4BAA-B4BB-DE3023288253} ->  [Folder | Modified Date = 18/02/2008 07:56:50 a.m. | Attr =	]

IsConfig.INI -> C:\Documents and Settings\Francisco\Configuración local\Temp\{F977FD4B-C9A6-4BAA-B4BB-DE3023288253}\IsConfig.INI ->  [Ver =  | Size = 10 bytes | Modified Date = 19/02/2008 07:54:00 p.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\ ->  [Folder | Modified Date = 25/03/2008 03:46:18 p.m. | Attr =   S]

desktop.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 18/02/2008 08:22:46 p.m. | Attr =  HS]

C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\3L82GAJS\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\3L82GAJS ->  [Folder | Modified Date = 25/03/2008 03:45:21 p.m. | Attr =   S]

desktop.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\3L82GAJS\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 18/02/2008 08:22:47 p.m. | Attr =  HS]

C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\4NROUN14\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\4NROUN14 ->  [Folder | Modified Date = 25/03/2008 03:46:07 p.m. | Attr =   S]

desktop.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\4NROUN14\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 18/02/2008 08:22:47 p.m. | Attr =  HS]

C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\4PAWO2CN\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\4PAWO2CN ->  [Folder | Modified Date = 25/03/2008 03:42:33 p.m. | Attr =   S]

desktop.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\4PAWO2CN\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 18/02/2008 08:22:46 p.m. | Attr =  HS]

C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\GL63GTI3\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\GL63GTI3 ->  [Folder | Modified Date = 25/03/2008 03:48:11 p.m. | Attr =   S]

desktop.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\GL63GTI3\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 25/03/2008 03:46:18 p.m. | Attr =  HS]

C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\GLW9YJG1\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\GLW9YJG1 ->  [Folder | Modified Date = 25/03/2008 03:48:15 p.m. | Attr =   S]

desktop.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\GLW9YJG1\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 25/03/2008 03:46:18 p.m. | Attr =  HS]

C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\K9CFS3CZ\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\K9CFS3CZ ->  [Folder | Modified Date = 25/03/2008 03:48:15 p.m. | Attr =   S]

desktop.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\K9CFS3CZ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 25/03/2008 03:46:18 p.m. | Attr =  HS]

C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\KTIVKH6F\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\KTIVKH6F ->  [Folder | Modified Date = 25/03/2008 03:48:16 p.m. | Attr =   S]

desktop.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\KTIVKH6F\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 25/03/2008 03:46:18 p.m. | Attr =  HS]

C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\WB4A6ROF\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\WB4A6ROF ->  [Folder | Modified Date = 25/03/2008 03:46:05 p.m. | Attr =   S]

desktop.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\WB4A6ROF\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 18/02/2008 08:22:47 p.m. | Attr =  HS]

C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\Etc\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\Etc ->  [Folder | Modified Date = 25/06/2007 10:59:37 p.m. | Attr =	]

EBAPI.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\EBAPIEXT\Etc\EBAPI.ini ->  [Ver =  | Size = 453 bytes | Modified Date = 21/10/2002 | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\Historial\History.IE5\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\Historial\History.IE5\ ->  [Folder | Modified Date = 14/08/2007 10:11:19 p.m. | Attr =   S]

desktop.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\Historial\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 14/08/2007 10:11:19 p.m. | Attr =  HS]

C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\ ->  [Folder | Modified Date = 25/06/2007 07:58:06 p.m. | Attr =	]

google-browser-choice.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\google-browser-choice.ini ->  [Ver =  | Size = 1320 bytes | Modified Date = 25/06/2007 07:55:48 p.m. | Attr =	]

google-toolbar-choice.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\google-toolbar-choice.ini ->  [Ver =  | Size = 681 bytes | Modified Date = 12/12/2006 01:24:48 p.m. | Attr =	]

google-toolbardesktop-choice.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\google-toolbardesktop-choice.ini ->  [Ver =  | Size = 828 bytes | Modified Date = 12/12/2006 01:24:48 p.m. | Attr =	]

ioSpecial.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\ioSpecial.ini ->  [Ver =  | Size = 290 bytes | Modified Date = 25/06/2007 07:55:20 p.m. | Attr =	]

splash-screen-nostretch.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\splash-screen-nostretch.ini ->  [Ver =  | Size = 240 bytes | Modified Date = 25/06/2007 07:55:22 p.m. | Attr =	]

version-check.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\version-check.ini ->  [Ver =  | Size = 410 bytes | Modified Date = 25/06/2007 07:55:20 p.m. | Attr =	]

VistaOS.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\nsf555.tmp\VistaOS.ini ->  [Ver =  | Size = 95 bytes | Modified Date = 25/06/2007 07:55:13 p.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\vga241\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\vga241 ->  [Folder | Modified Date = 28/02/2008 02:19:10 a.m. | Attr =	]

VGAsetup1.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\vga241\VGAsetup1.ini ->  [Ver =  | Size = 104373 bytes | Modified Date = 28/02/2008 02:19:10 a.m. | Attr =	]

VGAsetup2.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\vga241\VGAsetup2.ini ->  [Ver =  | Size = 107160 bytes | Modified Date = 28/02/2008 02:19:13 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\vga251\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\vga251 ->  [Folder | Modified Date = 28/02/2008 02:22:41 a.m. | Attr =	]

VGAsetup1.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\vga251\VGAsetup1.ini ->  [Ver =  | Size = 104373 bytes | Modified Date = 28/02/2008 02:21:31 a.m. | Attr =	]

VGAsetup2.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\vga251\VGAsetup2.ini ->  [Ver =  | Size = 189302 bytes | Modified Date = 28/02/2008 02:22:31 a.m. | Attr =	]

C:\Documents and Settings\Francisco\Configuración local\Temp\vga260\ -> C:\Documents and Settings\Francisco\Configuración local\Temp\vga260 ->  [Folder | Modified Date = 28/02/2008 02:22:00 a.m. | Attr =	]

VGAsetup1.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\vga260\VGAsetup1.ini ->  [Ver =  | Size = 104373 bytes | Modified Date = 28/02/2008 02:22:00 a.m. | Attr =	]

VGAsetup2.ini -> C:\Documents and Settings\Francisco\Configuración local\Temp\vga260\VGAsetup2.ini ->  [Ver =  | Size = 107522 bytes | Modified Date = 28/02/2008 02:22:01 a.m. | Attr =	]

C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 28/09/2008 04:50:02 p.m. | Attr =	]

Perflib_Perfdata_6cc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6cc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 30/05/2008 06:18:19 p.m. | Attr =	]

Perflib_Perfdata_94c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_94c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 14/08/2007 07:34:47 p.m. | Attr =	]

31 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 228352 bytes | Modified Date = 26/09/2008 04:36:37 a.m. | Attr =	]

LOG.Ddc -> %UserProfile%\Mis documentos\LOG.Ddc ->  [Ver =  | Size = 305 bytes | Modified Date = 24/09/2008 03:13:35 p.m. | Attr =	]

LOG2.DDC -> %UserProfile%\Mis documentos\LOG2.DDC ->  [Ver =  | Size = 309 bytes | Modified Date = 24/09/2008 06:25:36 p.m. | Attr =	]

Data Doctor Recovery Digital Camera.lnk -> %UserProfile%\Escritorio\Data Doctor Recovery Digital Camera.lnk ->  [Ver =  | Size = 1065 bytes | Modified Date = 24/09/2008 05:43:52 p.m. | Attr =	]

efinales.htm -> %UserProfile%\Escritorio\efinales.htm ->  [Ver =  | Size = 4221 bytes | Modified Date = 08/09/2008 10:32:44 p.m. | Attr =	]

nano21_92@hotmail.com -> %UserProfile%\Escritorio\nano21_92@hotmail.com ->  [Ver =  | Size = 21 bytes | Modified Date = 14/09/2008 12:29:22 p.m. | Attr =	]

OTScanIt.exe -> %UserProfile%\Escritorio\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 28/09/2008 04:49:40 p.m. | Attr =	]

San Isidro · Gobierno Municipal.htm -> %UserProfile%\Escritorio\San Isidro · Gobierno Municipal.htm ->  [Ver =  | Size = 41202 bytes | Modified Date = 15/09/2008 04:07:04 p.m. | Attr =	]



[CatchMe Rootkit Scan by GMER]

< Windows folder & sub-folders >

scanning hidden processes ...

IPC error: 2 El sistema no puede hallar el archivo especificado.

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

< Document and Settings folder & sub folders >

scanning hidden files ...

IPC error: 2 El sistema no puede hallar el archivo especificado.

C:\Documents and Settings\All Users\Documentos\Mi música\Música de muestra\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documentos\Mis imágenes\Imágenes de muestra\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Escritorio\aventura\images\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Escritorio\aventura\images1\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Escritorio\aventura\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Escritorio\belleA\Tipos de piel_archivos\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Escritorio\belleA\Lindisima Rutina de belleza diaria 2 parte_archivos\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Escritorio\San Isidro · Gobierno Municipal_archivos\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Escritorio\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\MYJMK online.url:favicon 1346 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Diarios\argentina\LA NACION LINE.url:favicon 11134 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Economia\Financial Times Deutschland.url:favicon 1406 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Economia\Handelsblatt Unternehmen Europas.url:favicon 894 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Economia\WirtschaftsWoche.url:favicon 3886 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Economia\Yahoo! Finanzas - Mercados del Mundo.url:favicon 6598 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\MercadoLibre.url:favicon 5174 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Yahoo! Argentina.url:favicon 6598 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Yahoo! Respuestas.url:favicon 1150 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Google.url:favicon 1406 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Info\alemania\http--www.welt.de-.url:favicon 7782 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Info\alemania\FAZ.NET - Aktuell.url:favicon 2962 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Info\alemania\KSTA.DE.url:favicon 1406 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Info\alemania\n-tv.de.url:favicon 894 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Info\diccionarios\Wörterbuch Spanisch Deutsch dictionary-diccionario.url:favicon 1346 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Info\grupos de ayuda\Discussions in Windows XP.url:favicon 3638 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Info\Resto\Portales\Bienvenido a Flickr Intercambio de fotos.url:favicon 1150 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Info\Resto\Portales\ContactosSex.com.url:favicon 14846 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Info\Resto\Portales\Emporis Buildings - Free Database about buildings and the real-estate industry.url:favicon 894 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Info\Resto\Temp\Pensá, Nene, Pensá! Droga droga muera la droga.url:favicon 3638 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Info\Resto\Temp\Yahoo! Respuestas - reticuloendoplasmico's Perfil P&R.url:favicon 1150 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Info\Resto\webconferencia -.url:favicon 1406 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Info\Windows XP Home and Professional Service Pack 2 Service Configurations by Black Viper.url:favicon 1406 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Info\Windows XP SP2 Services Configurations.url:favicon 318 bytes

C:\Documents and Settings\Francisco\Favoritos\Vínculos\Info\Wahlen in Deutschland.url:favicon 894 bytes

C:\Documents and Settings\Francisco\Mis documentos\Video nieve\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Rest\wc\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Rest\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Unnamed Site 1\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis archivos recibidos\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Graficos\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\comic\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\comic2\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\comic3\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\comic4\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\comic5\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\comic6\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\comic7\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Fotos 11-4\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Fotos Fac Derecho\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Nueva carpeta\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Nueva carpeta (2)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Nueva carpeta (3)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Rest\Nueva carpeta\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Rest\Nueva carpeta (10)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Rest\Nueva carpeta (11)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Rest\Nueva carpeta (2)\Nueva carpeta\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Rest\Nueva carpeta (2)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Rest\stranny(2)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Rest\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Rest\Nueva carpeta (3)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Rest\Nueva carpeta (4)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Rest\Nueva carpeta (5)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Rest\Nueva carpeta (6)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Rest\Nueva carpeta (7)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Rest\Nueva carpeta (8)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Rest\Nueva carpeta (9)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\images\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\2008_04_19\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis imágenes\hires\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis vídeos\Narración\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Francisco\Mis documentos\Mis vídeos\Thumbs.db:encryptable 0 bytes

scan completed successfully

hidden files: 693



< End of report >


#4 flash110

flash110
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 28 September 2008 - 03:28 PM

Hi kahdah! thanks for helping :D, I don´t know if it´s important but my antivirus showed up two times during the scan warning of a trojan, hope i can solve this

#5 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:10 PM

Posted 28 September 2008 - 04:22 PM

Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> BMf7c81aab -> %SystemRoot%\system32\wceqcvpl.dll [Rundll32.exe "C:\WINDOWS\system32\wceqcvpl.dll",s]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {DFFA99DF-4AAD-4663-B1C7-C92AD8111BCB} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\khfDtSkI.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> khfDtSkI -> %SystemRoot%\system32\khfDtSkI.dll
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMFUprogramsList -> 1
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoUserNameInStartMenu -> 1
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {DFFA99DF-4AAD-4663-B1C7-C92AD8111BCB} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\khfDtSkI.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {FC389212-4CE3-4841-A904-14C12F890AB7} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nnnoMGXN.dll [Reg Error: Value  does not exist or could not be read.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\nnnoMGXN -> %SystemRoot%\system32\nnnoMGXN.dll
< BotCheck > -> 
[Files/Folders - Created Within 30 days]
NY -> khfDtSkI.dll -> %SystemRoot%\System32\khfDtSkI.dll
NY -> nnnoMGXN.dll -> %SystemRoot%\System32\nnnoMGXN.dll
NY -> NXGMonnn.ini -> %SystemRoot%\System32\NXGMonnn.ini
NY -> NXGMonnn.ini2 -> %SystemRoot%\System32\NXGMonnn.ini2
NY -> tuvVLfFv.dll -> %SystemRoot%\System32\tuvVLfFv.dll
NY -> wceqcvpl.dll -> %SystemRoot%\System32\wceqcvpl.dll
NY -> BMf7c81aab.xml -> %SystemRoot%\BMf7c81aab.xml
NY -> pskt.ini -> %SystemRoot%\pskt.ini
[Files/Folders - Modified Within 30 days]
NY -> BMf7c81aab.xml -> %SystemRoot%\BMf7c81aab.xml
NY -> pskt.ini -> %SystemRoot%\pskt.ini
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#6 flash110

flash110
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 28 September 2008 - 06:41 PM

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BMf7c81aab deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wceqcvpl.dll
C:\WINDOWS\system32\wceqcvpl.dll NOT unregistered.
C:\WINDOWS\system32\wceqcvpl.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DFFA99DF-4AAD-4663-B1C7-C92AD8111BCB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFFA99DF-4AAD-4663-B1C7-C92AD8111BCB}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\khfDtSkI.dll
C:\WINDOWS\system32\khfDtSkI.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\khfDtSkI.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfDtSkI\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\khfDtSkI.dll
C:\WINDOWS\system32\khfDtSkI.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\khfDtSkI.dll scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMFUprogramsList deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoUserNameInStartMenu deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DFFA99DF-4AAD-4663-B1C7-C92AD8111BCB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFFA99DF-4AAD-4663-B1C7-C92AD8111BCB}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\khfDtSkI.dll
C:\WINDOWS\system32\khfDtSkI.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\khfDtSkI.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC389212-4CE3-4841-A904-14C12F890AB7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC389212-4CE3-4841-A904-14C12F890AB7}\ not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nnnoMGXN.dll
C:\WINDOWS\system32\nnnoMGXN.dll NOT unregistered.
C:\WINDOWS\system32\nnnoMGXN.dll moved successfully.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\nnnoMGXN deleted successfully.
File C:\WINDOWS\system32\nnnoMGXN.dll not found.
[Files/Folders - Created Within 30 days]
DllUnregisterServer procedure not found in C:\WINDOWS\System32\khfDtSkI.dll
C:\WINDOWS\System32\khfDtSkI.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\khfDtSkI.dll scheduled to be moved on reboot.
File C:\WINDOWS\System32\nnnoMGXN.dll not found!
C:\WINDOWS\System32\NXGMonnn.ini moved successfully.
C:\WINDOWS\System32\NXGMonnn.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\tuvVLfFv.dll
C:\WINDOWS\System32\tuvVLfFv.dll NOT unregistered.
C:\WINDOWS\System32\tuvVLfFv.dll moved successfully.
File C:\WINDOWS\System32\wceqcvpl.dll not found!
C:\WINDOWS\BMf7c81aab.xml moved successfully.
C:\WINDOWS\pskt.ini moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\BMf7c81aab.xml not found!
File C:\WINDOWS\pskt.ini not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\WB4A6ROF\activity;src=1128861;met=1;v=1;pid=25468063;aid=195064378;ko=0;cid=25383542;rid=25401399;rv=1;&timestamp=1206469816519;eid1=2;ecn1=0;etm1=10;&_dc_ck=try[1].gif scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\KTIVKH6F\1686446253@Top,Top1,TopLeft,TopRight,Left,Left2,Left3,Right,Right1,Right2,Right3,Right4,Right5,Middle,Middle1,Middle2,Middle3,Middle4,Middle5,Bottom,Bottom1,Botto[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\4PAWO2CN\1625435519@Top,Top1,TopLeft,TopRight,Left,Left2,Left3,Right,Right1,Right2,Right3,Right4,Right5,Middle,Middle1,Middle2,Middle3,Middle4,Middle5,Bottom,Bottom1,Botto[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\4NROUN14\1523365496@Top,Top1,Left,TopRight,Middle,Middle1,Middle2,Middle3,Middle4,Right,Right1,Right2,Right3,Right4,Right5,Right6,Bottom,Bottom1,Position1,Position2,Positi[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\3L82GAJS\Type=click&FlightID=312364&AdID=601044&TargetID=103509&Targets=100878,99800,97430,104058,105449,103808,103307,103509,104211,103131,103714,106339&Values=31,43,51,6[1].htm scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 09282008_201709

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\khfDtSkI.dll scheduled to be moved on reboot.
File C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\WB4A6ROF\activity;src=1128861;met=1;v=1;pid=25468063;aid=195064378;ko=0;cid=25383542;rid=25401399;rv=1;&timestamp=1206469816519;eid1=2;ecn1=0;etm1=10;&_dc_ck=try[1].gif not found!
File C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\KTIVKH6F\1686446253@Top,Top1,TopLeft,TopRight,Left,Left2,Left3,Right,Right1,Right2,Right3,Right4,Right5,Middle,Middle1,Middle2,Middle3,Middle4,Middle5,Bottom,Bottom1,Botto[1] not found!
File C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\4PAWO2CN\1625435519@Top,Top1,TopLeft,TopRight,Left,Left2,Left3,Right,Right1,Right2,Right3,Right4,Right5,Middle,Middle1,Middle2,Middle3,Middle4,Middle5,Bottom,Bottom1,Botto[1] not found!
File C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\4NROUN14\1523365496@Top,Top1,Left,TopRight,Middle,Middle1,Middle2,Middle3,Middle4,Right,Right1,Right2,Right3,Right4,Right5,Right6,Bottom,Bottom1,Position1,Position2,Positi[1] not found!
File C:\Documents and Settings\Francisco\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\3L82GAJS\Type=click&FlightID=312364&AdID=601044&TargetID=103509&Targets=100878,99800,97430,104058,105449,103808,103307,103509,104211,103131,103714,106339&Values=31,43,51,6[1].htm not found!

#7 flash110

flash110
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 28 September 2008 - 06:45 PM

I did the fix process but I think the problem is still here since connection and pc speed is still slow, I keep being unable to update windows defender giving me an error message, windows automatic update service is stopped and when I try to start it it gives me an error message

Edited by flash110, 28 September 2008 - 06:48 PM.


#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:10 PM

Posted 28 September 2008 - 06:58 PM

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 flash110

flash110
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 28 September 2008 - 10:25 PM

ComboFix 08-09-27.06 - Francisco 2008-09-29 0:04:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.56 [GMT -3:00]
Se ejecuta desde: C:\Documents and Settings\Francisco\Escritorio\ComboFix.exe
Comando de interruptores utilizados :: C:\Documents and Settings\Francisco\Escritorio\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Creado un nuevo punto de restauración
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Francisco\Configuraci¢n local\Datos de programa\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\BMf7c81aab.txt
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\khfDtSkI.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pmnnLFvs.dll
C:\WINDOWS\system32\svFLnnmp.ini
C:\WINDOWS\system32\svFLnnmp.ini2

.
(((((((((((((((((( Archivos creados desde 2008-08-28 - 2008-09-29 )))))))))))))))))))))))))))))))))
.

2008-09-29 00:12 . 2008-09-29 00:12 22 --a------ C:\WINDOWS\pskt.ini
2008-09-28 22:18 . <DIR> C:\WINDOWS\LastGood.Tmp
2008-09-28 20:29 . 2008-09-28 20:29 111,616 --a------ C:\WINDOWS\system32\xzydua.dll
2008-09-28 20:29 . 2008-09-28 20:29 111,616 --a------ C:\WINDOWS\system32\tmbvdbwb.dll
2008-09-28 20:29 . 2008-09-28 20:29 0 --a------ C:\WINDOWS\BMf7c81aab.xml
2008-09-28 20:28 . 2008-09-28 20:29 105,984 --a------ C:\WINDOWS\system32\jguvmmix.dll
2008-09-28 20:17 . 2008-09-28 20:17 <DIR> d-------- C:\_OTScanIt
2008-09-28 04:58 . 2008-09-28 05:18 <DIR> d-------- C:\hjth
2008-09-24 17:43 . 2008-09-24 17:43 <DIR> d-------- C:\Archivos de programa\Data Doctor Recovery Digital Camera
2008-09-24 15:38 . 2008-09-24 15:39 <DIR> d-------- C:\Archivos de programa\FreeUndelete
2008-09-20 03:32 . 2008-09-20 03:33 <DIR> d-------- C:\pne
2008-09-12 13:57 . 2008-09-12 13:57 268 --ah----- C:\sqmdata01.sqm
2008-09-12 13:57 . 2008-09-12 13:57 244 --ah----- C:\sqmnoopt01.sqm

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 20:43 --------- d-----w C:\Documents and Settings\Francisco\Datos de programa\Azureus
2008-09-24 18:45 --------- d-----w C:\Archivos de programa\eMule
2008-08-08 21:42 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Google Updater
2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-06-05 20:36 2,851,142 ----a-w C:\Archivos de programa\exiftool(-k).exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4a396591-9dcd-4d75-9fa0-e4a5d5759224}]
2008-09-28 20:29 111616 --a------ C:\WINDOWS\system32\xzydua.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496]
"nod32kui"="C:\Archivos de programa\Eset\nod32kui.exe" [2007-06-25 949376]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"BMf7c81aab"="C:\WINDOWS\system32\jguvmmix.dll" [2008-09-28 105984]
"PCTVOICE"="pctspk.exe" [2003-01-06 C:\WINDOWS\system32\pctspk.exe]
"SiSPower"="SiSPower.dll" [2006-03-09 C:\WINDOWS\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xzydua.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.mjpg"= mcmjpg32.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Francisco^Menú Inicio^Programas^Inicio^PartMetBackup.lnk]
path=C:\Documents and Settings\Francisco\Menú Inicio\Programas\Inicio\PartMetBackup.lnk
backup=C:\WINDOWS\pss\PartMetBackup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Archivos de programa\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2007-03-13 16:38 39264 c:\ARCHIV~1\ARCHIV~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C43 Series]
--a------ 2002-12-25 03:00 75776 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S08IC1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Archivos de programa\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-06-08 15:18 23233576 C:\Archivos de programa\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tspcm]
--a------ 2005-02-16 16:32 94208 C:\Archivos de programa\Telefonica\Speedy\SATConMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 C:\Archivos de programa\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"NBService"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"idsvc"=3 (0x3)
"CCALib8"=2 (0x2)
"gusvc"=2 (0x2)
"WinDefend"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Archivos de programa\\eMule\\emule.exe"=
"C:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Archivos de programa\\Flickr Uploadr\\Flickr Uploadr.exe"=
"C:\\Archivos de programa\\Azureus\\Azureus.exe"=
"C:\\Archivos de programa\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Archivos de programa\\Yahoo!\\Messenger\\YServer.exe"=

R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-15 6852]
R3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 alcan5ln;SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 36256]
S3 usbscan;Controlador de escáner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
.
Contenido de carpeta 'Tareas Programadas'
.
- - - - HUÉRFANOS ELIMINADOS - - - -

BHO-{53FF8449-21DD-4C7C-BA91-40747C7A3956} - C:\WINDOWS\system32\nnnoMGXN.dll
BHO-{EB382F5B-0B48-4219-8024-632057E964E3} - C:\WINDOWS\system32\pmnnLFvs.dll
HKLM-Run-SiS KHooker - C:\WINDOWS\system32\khooker.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-imekrmig - C:\Archivos de programa\Archivos comunes\Microsoft Shared\IME\IMKR\imekrmig.exe
MSConfigStartUp-imjpmig - C:\Archivos de programa\Archivos comunes\Microsoft Shared\IME\IMJP\imjpmig.exe
MSConfigStartUp-L06EXLRD_20664453 - C:\Archivos de programa\Microsoft Student\Microsoft Student 2006 - DVD\EDICT.EXE
MSConfigStartUp-L06EXLRD_5760092 - C:\Archivos de programa\Microsoft Student\Microsoft Student 2006 - DVD\EDICT.EXE
MSConfigStartUp-SpeedTouch USB Diagnostics - C:\Archivos de programa\thomson\Dragdiag.exe


.
------- Análisis Suplementario -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 -: E&xportar a Microsoft Excel - C:\ARCHIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 -: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm

O16 -: {16095503-786F-4097-AED6-5D567A26D760} - hxxp://www.sis.com/ocis/SiSAutodetectNT.cab
C:\WINDOWS\Downloaded Program Files\SiS_OCX.inf
.
.
------- File Associations -------
.
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-29 00:12:32
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...


C:\WINDOWS\pskt.ini 22 bytes

el escaneo se completo con exito
archivos ocultos: 1

**************************************************************************
.
--------------------- DLLs cargados bajo los procesos en ejecución ---------------------

PROCESOS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\jguvmmix.dll
.
------------------------ Otros procesos en ejecución ------------------------
.
C:\Archivos de programa\ESET\nod32krn.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\sistray.exe
.
**************************************************************************
.
Tiempo completado: 2008-09-29 0:19:46 - Reiniciando la máquina
ComboFix-quarantined-files.txt 2008-09-29 03:19:36

Pre-Run: 2.307.026.944 bytes libres
Post-Run: 2,450,124,800 bytes libres

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

198 --- E O F --- 2008-08-03 05:29:32

#10 flash110

flash110
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 28 September 2008 - 10:27 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:39 a.m., on 29/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\pctspk.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjth\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: {4229575d-5a4e-0af9-57d4-dcd9195693a4} - {4a396591-9dcd-4d75-9fa0-e4a5d5759224} - C:\WINDOWS\system32\xzydua.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [BMf7c81aab] Rundll32.exe "C:\WINDOWS\system32\jguvmmix.dll",s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1182747246522
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1182737792120
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{808223DD-8414-4F43-B4FC-366E82E67CFA}: NameServer = 200.69.193.2 200.69.193.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: xzydua.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe

--
End of file - 6259 bytes

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:10 PM

Posted 29 September 2008 - 04:55 AM

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Rootkit::
C:\WINDOWS\pskt.ini 

File::
C:\WINDOWS\system32\jguvmmix.dll
C:\WINDOWS\system32\xzydua.dll
C:\WINDOWS\system32\tmbvdbwb.dll
C:\WINDOWS\BMf7c81aab.xml
C:\WINDOWS\system32\jguvmmix.dll

DirLook::
C:\pne
C:\hjth

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4a396591-9dcd-4d75-9fa0-e4a5d5759224}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMf7c81aab"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 flash110

flash110
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 29 September 2008 - 06:53 PM

ComboFix 08-09-27.06 - Francisco 2008-09-29 18:57:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.51 [GMT -3:00]
Se ejecuta desde: C:\Documents and Settings\Francisco\Escritorio\ComboFix.exe
Comando de interruptores utilizados :: C:\Documents and Settings\Francisco\Escritorio\CFScript.txt
* Creado un nuevo punto de restauración
* Resident AV is active


FILE ::
C:\WINDOWS\BMf7c81aab.xml
C:\WINDOWS\system32\jguvmmix.dll
C:\WINDOWS\system32\tmbvdbwb.dll
C:\WINDOWS\system32\xzydua.dll
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMf7c81aab.txt
C:\WINDOWS\BMf7c81aab.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\jguvmmix.dll

.
(((((((((((((((((( Archivos creados desde 2008-08-28 - 2008-09-29 )))))))))))))))))))))))))))))))))
.

2008-09-28 20:17 . 2008-09-28 20:17 <DIR> d-------- C:\_OTScanIt
2008-09-28 04:58 . 2008-09-29 00:24 <DIR> d-------- C:\hjth
2008-09-24 17:43 . 2008-09-29 02:30 <DIR> d-------- C:\Archivos de programa\Data Doctor Recovery Digital Camera
2008-09-24 15:38 . 2008-09-24 15:39 <DIR> d-------- C:\Archivos de programa\FreeUndelete
2008-09-20 03:32 . 2008-09-20 03:33 <DIR> d-------- C:\pne
2008-09-12 13:57 . 2008-09-12 13:57 268 --ah----- C:\sqmdata01.sqm
2008-09-12 13:57 . 2008-09-12 13:57 244 --ah----- C:\sqmnoopt01.sqm

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 20:43 --------- d-----w C:\Documents and Settings\Francisco\Datos de programa\Azureus
2008-09-24 18:45 --------- d-----w C:\Archivos de programa\eMule
2008-08-08 21:42 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Google Updater
2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-06-05 20:36 2,851,142 ----a-w C:\Archivos de programa\exiftool(-k).exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\hjth ----

2008-09-29 00:24 6260 --a------ C:\hjth\hijackthis.log
2007-06-28 14:36 401720 --a------ C:\hjth\HijackThis.exe

---- Directory of C:\pne ----

2004-04-19 03:10 348 --a------ C:\pne\LEER.txt
2003-07-25 08:54 51441 --a------ C:\pne\Pineal glandula15.mht
2003-07-25 08:54 45651 --a------ C:\pne\ayuda.mht
2003-07-25 08:54 42643 --a------ C:\pne\Pineal glandula17.mht
2003-07-25 08:54 41633 --a------ C:\pne\Pineal glandula16.mht
2003-07-25 08:54 40476 --a------ C:\pne\Pineal glandula18.mht
2003-07-25 08:53 43744 --a------ C:\pne\Pineal glandula13.mht
2003-07-25 08:53 40417 --a------ C:\pne\Pineal glandula14.mht
2003-07-25 08:52 90539 --a------ C:\pne\Pineal glandula19.mht
2003-07-25 08:52 43357 --a------ C:\pne\Pineal glandula12.mht
2003-07-25 08:52 39866 --a------ C:\pne\Pineal glandula11.mht
2003-07-25 08:51 45388 --a------ C:\pne\Pineal glandula8.mht
2003-07-25 08:51 44312 --a------ C:\pne\Pineal glandula10.mht
2003-07-25 08:51 41859 --a------ C:\pne\Pineal glandula9.mht
2003-07-25 08:50 44488 --a------ C:\pne\Pineal glandula6.mht
2003-07-25 08:50 41564 --a------ C:\pne\Pineal glandula7.mht
2003-07-25 08:49 41855 --a------ C:\pne\Pineal glandula5.mht
2003-07-25 08:49 41333 --a------ C:\pne\Pineal glandula4.mht
2003-07-25 08:49 40640 --a------ C:\pne\Pineal glandula3.mht
2003-07-25 08:48 68539 --a------ C:\pne\Pineal glandula2.mht
2003-07-25 08:48 107987 --a------ C:\pne\Pineal glandula.mht
2000-01-10 16:58 984311 --a------ C:\pne\Ejercicio de Elasticidad.mpg
2000-01-10 16:58 486305 --a------ C:\pne\Ejercicio de Precalentamiento.mpg
2000-01-10 16:58 333541 --a------ C:\pne\Ejercicio Musculo PC.mpg
2000-01-10 16:58 1791474 --a------ C:\pne\Ejercicio de Gimnasia.mpg
2000-01-10 16:58 1467519 --a------ C:\pne\Ejercicio de Curación 2.mpg
2000-01-10 16:57 489504 --a------ C:\pne\Ejercicio de Curación.mpg


((((((((((((((((((((((((((((( snapshot@2008-09-29_ 0.18.48.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-07-26 04:39:57 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
+ 2008-07-07 20:31:19 253,952 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
- 2007-08-21 06:17:25 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:51:06 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2004-08-19 13:42:16 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll
+ 2008-05-01 14:31:45 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll
- 2005-06-29 01:49:43 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
+ 2008-06-24 16:23:35 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
- 2007-08-21 06:17:25 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:51:06 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2005-06-29 01:49:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2008-06-24 16:23:35 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2008-09-29 01:50:04 1,536 ----a-w C:\WINDOWS\system32\TrueSoft.dat
+ 2008-09-29 21:27:46 1,536 ----a-w C:\WINDOWS\system32\TrueSoft.dat
- 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496]
"nod32kui"="C:\Archivos de programa\Eset\nod32kui.exe" [2007-06-25 949376]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"PCTVOICE"="pctspk.exe" [2003-01-06 C:\WINDOWS\system32\pctspk.exe]
"SiSPower"="SiSPower.dll" [2006-03-09 C:\WINDOWS\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.mjpg"= mcmjpg32.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Francisco^Menú Inicio^Programas^Inicio^PartMetBackup.lnk]
path=C:\Documents and Settings\Francisco\Menú Inicio\Programas\Inicio\PartMetBackup.lnk
backup=C:\WINDOWS\pss\PartMetBackup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Archivos de programa\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2007-03-13 16:38 39264 c:\ARCHIV~1\ARCHIV~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C43 Series]
--a------ 2002-12-25 03:00 75776 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S08IC1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Archivos de programa\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-06-08 15:18 23233576 C:\Archivos de programa\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tspcm]
--a------ 2005-02-16 16:32 94208 C:\Archivos de programa\Telefonica\Speedy\SATConMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 C:\Archivos de programa\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"NBService"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"idsvc"=3 (0x3)
"CCALib8"=2 (0x2)
"gusvc"=2 (0x2)
"WinDefend"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Archivos de programa\\eMule\\emule.exe"=
"C:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Archivos de programa\\Flickr Uploadr\\Flickr Uploadr.exe"=
"C:\\Archivos de programa\\Azureus\\Azureus.exe"=
"C:\\Archivos de programa\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Archivos de programa\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-15 6852]
R3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 alcan5ln;SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 36256]
S3 usbscan;Controlador de escáner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
.
Contenido de carpeta 'Tareas Programadas'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-29 19:03:28
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
------------------------ Otros procesos en ejecución ------------------------
.
C:\Archivos de programa\ESET\nod32krn.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\sistray.exe
.
**************************************************************************
.
Tiempo completado: 2008-09-29 19:10:30 - Reiniciando la máquina
ComboFix-quarantined-files.txt 2008-09-29 22:10:21
ComboFix2.txt 2008-09-29 03:19:48

Pre-Run: 2.252.046.336 bytes libres
Post-Run: 2,266,722,304 bytes libres

206 --- E O F --- 2008-09-29 15:50:24


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:46:10 p.m., on 29/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjth\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1182747246522
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1182737792120
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe

--
End of file - 5656 bytes

#13 flash110

flash110
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 29 September 2008 - 06:58 PM

I think my Pc is doing better, I could finally update Windows defender and run it detecting and removing a trojan, some simphtoms disappeared like slow pc speed and sudden internet connection requests, Thank you a lot for your help! if there´s anything else that´s wrong in the log files let me know what should I do

Edited by flash110, 29 September 2008 - 07:01 PM.


#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:10 PM

Posted 29 September 2008 - 09:11 PM

Just for good measure one more scan please:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 flash110

flash110
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 30 September 2008 - 12:17 AM

Malwarebytes' Anti-Malware 1.28
Versión de la Base de Datos: 1222
Windows 5.1.2600 Service Pack 2

30/09/2008 02:02:19 a.m.
mbam-log-2008-09-30 (02-02-19).txt

Tipo de examen : Examen Rápido
Objetos examinados: 45144
Tiempo transcurrido: 5 minute(s), 14 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users