Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DUO TROJANS


  • This topic is locked This topic is locked
15 replies to this topic

#1 saruro

saruro

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 20 October 2008 - 07:26 AM

Hi community,

I performed the prep guide before posting HJT log which follows:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:56, on 20/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Tellink\Routel Public\Routel Public.exe
C:\Archivos de programa\X Ciber\XSrv.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\_xdll.exe
C:\Archivos de programa\iTunes\iTunes.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.85.54.110:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Archivos de programa\myBabylon\tbmyBa.dll
R3 - URLSearchHook: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=explorer.exe
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE>
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0>
O1 - Hosts: <tr>
O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>
O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3>
O1 - Hosts: <tr>
O1 - Hosts: <td bgcolor=003399 colspan=2>
O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>
O1 - Hosts: </td>
O1 - Hosts: </tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1>
O1 - Hosts: <tr>
O1 - Hosts: <td valign=top width=229 bgcolor=ffffff>
O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>
O1 - Hosts: <tr bgcolor=white><td valign=top align=center>
O1 - Hosts: <form action="http://search.yahoo.com/search">
O1 - Hosts: <input size="14" name="p" value="">&nbsp;
O1 - Hosts: <input type="SUBMIT" value="Search">
O1 - Hosts: <font face=arial size=-2>•&nbsp;<a href="http://search.yahoo.com/search/options?p=">advanced search</a> •&nbsp;<a href="http://buzz.yahoo.com">most popular</a></font>
O1 - Hosts: </form></td></tr></table>
O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=ccccff><td>
O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font>
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td>
O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a>
O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.yahoo.com/ps/wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95.
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td align=right>
O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b>
O1 - Hosts: </td></tr>
O1 - Hosts: </table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: </td>
O1 - Hosts: <td width=1>&nbsp;</td>
O1 - Hosts: <td valign=top align=center width=445>
O1 - Hosts: <script language="JavaScript" type="text/javascript"
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr">
O1 - Hosts: </script>
O1 - Hosts: <noscript>
O1 - Hosts: <iframe
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff"
O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0
O1 - Hosts: vspace=0 frameborder=0 scrolling=no>
O1 - Hosts: </iframe>
O1 - Hosts: </noscript>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
O1 - Hosts: <font face=arial size=-2><A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
O1 - Hosts: </font></td></tr></table></td></tr></table>
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Archivos de programa\myBabylon\tbmyBa.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Archivos de programa\myBabylon\tbmyBa.dll
O3 - Toolbar: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [RecargaExpress] C:\Documents and Settings\Administrador\Escritorio\Recargaexpress.exe /s
O4 - HKCU\..\Run: [msnmsgr] "C:\ARCHIV~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Archivos de programa\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Archivos de programa\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD8758B7-57CB-4FA5-9B94-1DE6D0B2D120}: NameServer = 80.58.0.33,80.58.32.97
O20 - AppInit_DLLs: C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\adialhk.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 14615 bytes

I hope this will help clean my PC.

Thanks in advance,

Saruro.

BC AdBot (Login to Remove)

 


#2 saruro

saruro
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 24 October 2008 - 09:35 AM

Hi Rigel,

I´ve posted a new HJT log called DUO TROJANS on Oct 20 but i forgot to point out where this is coming from. It is from a post called Double Trojans-(win32_vb_dcz+win32qhost_akg) which i could not reply because is now locked.

Thanks in advance,

Saruro.

#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 30 October 2008 - 02:20 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner. If for some reason you cannot complete this scan, skip it.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.



Post back with:
-the OTViewIt log
-the Kaspersky log

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#4 saruro

saruro
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 31 October 2008 - 10:19 AM

Hi Panda,

Thank you for answering. I was given up hope about fixing this infection. Since my last posting on oct 20, i have scanned the system and scan/clean the registry several times with glary registry.

Here is OTViewIt.txt :

OTViewIt logfile created on: 31/10/2008 12:21:18 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Administrador\Escritorio
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040A | Country: España | Language: ESP | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 265.74 Mb Available Physical Memory | 51.95% Memory free
1.21 Gb Paging File | 0.91 Gb Available in Paging File | 75.31% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 37.30 Gb Total Space | 30.97 Gb Free Space | 83.03% Space Free | Partition Type: NTFS
Drive D: | 6.04 Gb Total Space | 4.61 Gb Free Space | 76.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: Administrador
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/07/29 19:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
[2008/07/29 19:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
[2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/06/24 15:45:00 | 01,634,816 | ---- | M] (Tellink) -- C:\Tellink\Routel Public\Routel Public.exe
[2008/07/17 14:44:40 | 03,670,016 | ---- | M] (X Soft) -- C:\Archivos de programa\X Ciber\XSrv.exe
[2008/09/25 10:04:58 | 00,028,672 | ---- | M] (Pablo Cavallo Software) -- C:\Documents and Settings\Administrador\Configuración local\Temp\_xdll.exe
[2008/07/10 09:51:26 | 20,246,824 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\iTunes\iTunes.exe
[2004/08/19 14:42:50 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
[2008/10/31 12:20:13 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/29 19:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP [Auto | Running])
[2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
[2005/01/28 00:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Stopped])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\MSN Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped])

========== Driver Services ==========

[2007/07/30 00:11:37 | 00,041,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Running])
[2004/10/15 04:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Running])
[2007/07/29 13:47:12 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BthEnum.sys -- (BthEnum [On_Demand | Stopped])
[2007/07/29 13:47:12 | 00,100,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2008/06/14 18:59:52 | 00,272,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2007/07/29 13:47:12 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Stopped])
[2007/07/29 14:46:56 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2007/07/29 14:47:12 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFBS2S2.sys -- (HSFHWBS2 [On_Demand | Running])
[2007/07/29 14:47:12 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFDPSP2.sys -- (HSF_DP [On_Demand | Running])
[2008/07/21 17:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
[2008/01/29 17:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
[2008/03/13 18:02:46 | 00,026,640 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV [On_Demand | Running])
[2008/10/05 12:07:21 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2008/04/30 17:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])
[2007/07/29 14:47:12 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2007/07/29 14:47:02 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
[2004/08/03 21:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2006/10/22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2001/08/24 17:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/07/29 13:47:12 | 00,059,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2007/07/29 14:47:04 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
[2004/07/17 10:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/07/17 09:15:28 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2007/08/01 21:47:26 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2005/08/03 14:16:10 | 00,202,112 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio [On_Demand | Running])
[2007/07/29 14:47:12 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFCXTS2.sys -- (winachsf [On_Demand | Running])
[2001/08/24 17:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.es/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\g]
""=http://www.google.es/custom?sa=B%FAsqueda+de+Google&client=pub-2788563222908654&forid=1&channel=0360347317&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=es&q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}" (HKLM) -- C:\Archivos de programa\myBabylon\tbmyBa.dll (Conduit Ltd.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.busca7.com/

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g]
""=http://www.google.es/custom?sa=B%FAsqueda+de+Google&client=pub-2788563222908654&forid=1&channel=0360347317&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=es&q=%s

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.busca7.com/

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g]
""=http://www.google.es/custom?sa=B%FAsqueda+de+Google&client=pub-2788563222908654&forid=1&channel=0360347317&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=es&q=%s

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.busca7.com/

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g]
""=http://www.google.es/custom?sa=B%FAsqueda+de+Google&client=pub-2788563222908654&forid=1&channel=0360347317&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=es&q=%s

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.busca7.com/

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g]
""=http://www.google.es/custom?sa=B%FAsqueda+de+Google&client=pub-2788563222908654&forid=1&channel=0360347317&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=es&q=%s

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.es/

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Internet Explorer\SearchURL\g]
""=http://www.google.es/custom?sa=B%FAsqueda+de+Google&client=pub-2788563222908654&forid=1&channel=0360347317&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=es&q=%s

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}" (HKLM) -- C:\Archivos de programa\myBabylon\tbmyBa.dll (Conduit Ltd.)

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

========== (O1) Hosts File ==========

HOSTS File = (6859 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
<HTML><HEAD><TITLE>Yahoo!</TITLE>
</HEAD><BODY BGCOLOR=white vlink=blue>
<!-- following code added by server. PLEASE REMOVE -->
<!-- preceding code added by server. PLEASE REMOVE --><center>
<table width=675 cellpadding=0 cellspacing=2 border=0>
<tr>
<td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>
<td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td>
</tr>
</table>
<br>
<table border=0 width=675 cellspacing=0 cellpadding=3>
<tr>
<td bgcolor=003399 colspan=2>
<font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>
</td>
</tr></table>
<br>
<table border=0 width=675 cellspacing=0 cellpadding=1>
<tr>
<td valign=top width=229 bgcolor=ffffff>
<table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
<td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
<tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>
<tr bgcolor=white><td valign=top align=center>
84 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{34ea1c70-42cc-42c5-aa29-ec58b95a343e} (HKLM) -- C:\Archivos de programa\myBabylon\tbmyBa.dll (Conduit Ltd.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (HKLM) -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (HKLM) -- C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}" (HKLM) -- C:\Archivos de programa\myBabylon\tbmyBa.dll (Conduit Ltd.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}" (HKLM) -- C:\Archivos de programa\myBabylon\tbmyBa.dll (Conduit Ltd.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}" (HKLM) -- C:\Archivos de programa\myBabylon\tbmyBa.dll (Conduit Ltd.)

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" (Kaspersky Lab)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RecargaExpress"=C:\Documents and Settings\Administrador\Escritorio\Recargaexpress.exe /s ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\ARCHIV~1\MSNMES~1\msnmsgr.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\ARCHIV~1\MSNMES~1\msnmsgr.exe" /background (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0
"VerboseStatus"=0
"NoInternetOpenWith"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoStartBanner"=1
"NoSMHelp"=1
"NoSMConfigurePrograms"=1
"NoSMMyPictures"=1
"NoLowDiskSpaceChecks"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1
"NoFolderOptions"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableCMD"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=149
"ForceClassicControlPanel"=1
"NoStartBanner"=1
"NoSMHelp"=1
"NoSMConfigurePrograms"=1
"NoSMMyPictures"=1
"NoLowDiskSpaceChecks"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=149
"ForceClassicControlPanel"=1
"NoStartBanner"=1
"NoSMHelp"=1
"NoSMConfigurePrograms"=1
"NoSMMyPictures"=1
"NoLowDiskSpaceChecks"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoStartBanner"=1
"NoSMHelp"=1
"NoSMConfigurePrograms"=1
"NoSMMyPictures"=1
"NoLowDiskSpaceChecks"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoStartBanner"=1
"NoSMHelp"=1
"NoSMConfigurePrograms"=1
"NoSMMyPictures"=1
"NoLowDiskSpaceChecks"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoStartBanner"=1
"NoSMHelp"=1
"NoSMConfigurePrograms"=1
"NoSMMyPictures"=1
"NoLowDiskSpaceChecks"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1
"NoFolderOptions"=0

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableCMD"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to AMV Convert Tool...: C:\Archivos de programa\MP3 Player Utilities 4.00\AMVConverter\grab.html File not found
Add to Banner Ad Blocker: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm [2008/07/29 19:08:28 | 00,001,411 | ---- | M] ()
E&xportar a Microsoft Excel: C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 01:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
MediaManager tool grab multimedia file: C:\Archivos de programa\MP3 Player Utilities 4.00\MediaManager\grab.html File not found

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Internet Explorer\MenuExt\]
Add to AMV Convert Tool...: C:\Archivos de programa\MP3 Player Utilities 4.00\AMVConverter\grab.html File not found
Add to Banner Ad Blocker: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm [2008/07/29 19:08:28 | 00,001,411 | ---- | M] ()
E&xportar a Microsoft Excel: C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 01:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
MediaManager tool grab multimedia file: C:\Archivos de programa\MP3 Player Utilities 4.00\MediaManager\grab.html File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Consola de Sun Java -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web traffic protection statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [2008/07/29 19:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 14:01:48 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Referencia -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2007/07/29 13:46:37 | 00,557,568 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{04849C74-016E-4a43-8AA5-1F01DE57F4A1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Consola de Sun Java] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [Web traffic protection statistics] -> [2008/07/29 19:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2008/01/09 14:01:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referencia] -> [2003/07/15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2007/07/29 13:46:37 | 00,557,568 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{04849C74-016E-4a43-8AA5-1F01DE57F4A1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Consola de Sun Java] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [Web traffic protection statistics] -> [2008/07/29 19:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2008/01/09 14:01:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referencia] -> [2003/07/15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2007/07/29 13:46:37 | 00,557,568 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{556DDE35-E955-11D0-A707-000000521957}: http://www.xblock.com/download/xclean_micro.exe -- Reg Error: Key does not exist or could not be opened.
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
{E1E73B44-2D20-47A9-9CA2-B534CEBBF856}: http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab -- F-Secure Health Check 1.0

========== (O17) DNS Name Servers ==========

{ABF7995A-0203-4756-9E14-7757B680836C} (Servers: | Description: )
{AD8758B7-57CB-4FA5-9B94-1DE6D0B2D120} (Servers: 80.58.0.33,80.58.32.97 | Description: NIC Fast Ethernet PCI Familia RTL8139 de Realtek )

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\adialhk.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\kloehk.dll
>[2008/07/29 19:22:08 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll
>[2008/07/29 19:22:12 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll
>[2008/07/29 19:20:58 | 00,083,208 | ---- | M] (Kaspersky Lab) -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll
>[2008/07/29 19:21:40 | 00,011,016 | ---- | M] (Kaspersky Lab) -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [pause | ]
[2008/09/28 23:51:11 | 00,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorizacion.jpg [ÿØÿà | ]
[2008/10/21 16:51:26 | 00,436,344 | ---- | M] () -- C:\autorizacion.jpg -- [ NTFS ]

autorizacion.jpg [ÿØÿà | ]
[2008/06/22 12:42:13 | 00,036,285 | ---- | M] () -- D:\autorizacion.jpg -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b493c682-684c-11dd-8ab9-0040ca2ebfea}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b493c682-684c-11dd-8ab9-0040ca2ebfea}\Shell\AutoRun\command]
""=H:\AutoRun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b493c684-684c-11dd-8ab9-0040ca2ebfea}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b493c684-684c-11dd-8ab9-0040ca2ebfea}\Shell\AutoRun\command]
""=H:\AutoRun.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b493c686-684c-11dd-8ab9-0040ca2ebfea}\Shell\Auto\command]
""=activexdebugger32.exe f


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b493c686-684c-11dd-8ab9-0040ca2ebfea}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/07/29 13:46:20 | 08,500,736 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b493c686-684c-11dd-8ab9-0040ca2ebfea}\Shell\explore\Command]
""=activexdebugger32.exe f


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b493c686-684c-11dd-8ab9-0040ca2ebfea}\Shell\open\Command]
""=activexdebugger32.exe f


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbfd3c1c-6467-11dd-8ab4-0040ca2ebfea}\Shell\AutoRun\command]
""=H:\setupSNK.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2008/10/31 12:20:20 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTViewIt.exe
[2008/10/31 11:40:07 | 00,039,941 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\cambio 31-10-08.PDF
[2008/10/30 17:11:12 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm
[2008/10/30 17:11:12 | 00,000,232 | -H-- | C] () -- C:\sqmdata13.sqm
[2008/10/30 16:54:06 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2008/10/30 16:54:06 | 00,000,232 | -H-- | C] () -- C:\sqmdata12.sqm
[2008/10/30 12:55:21 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Kokorico fumigacion.doc
[2008/10/29 16:54:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\Autoruns
[2008/10/29 16:52:52 | 00,575,466 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Autoruns.zip
[2008/10/28 13:21:01 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\dos recuadros evangelica.doc
[2008/10/25 13:07:36 | 00,000,210 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\http--www.cantv.net-movilsms-envio.asp.url
[2008/10/25 11:56:22 | 00,339,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/25 11:51:55 | 00,001,936 | ---- | C] () -- C:\WINDOWS\System32\autoexec.nt
[2008/10/24 20:23:06 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm
[2008/10/24 20:23:06 | 00,000,232 | -H-- | C] () -- C:\sqmdata11.sqm
[2008/10/24 17:20:53 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\multa ruben dario.doc
[2008/10/24 10:34:47 | 00,000,000 | ---D | C] -- C:\enn
[2008/10/24 10:28:01 | 00,000,000 | ---D | C] -- C:\SRC
[2008/10/23 19:01:47 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\presupuesto pintura robert.doc
[2008/10/21 22:57:01 | 00,000,000 | ---D | C] -- C:\Archivos de programa\RegBoost
[2008/10/21 16:52:56 | 00,462,763 | ---- | C] () -- C:\carta.jpg
[2008/10/21 16:50:54 | 00,436,344 | ---- | C] () -- C:\autorizacion.jpg
[2008/10/21 16:43:12 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\autorizacion nuria.doc
[2008/10/21 16:19:12 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\antecedentes de nuria.doc
[2008/10/21 15:26:38 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm
[2008/10/21 15:26:38 | 00,000,232 | -H-- | C] () -- C:\sqmdata10.sqm
[2008/10/20 22:27:37 | 00,000,000 | ---D | C] -- C:\col boxer
[2008/10/20 10:33:27 | 00,000,268 | -H-- | C] () -- C:\sqmdata09.sqm
[2008/10/20 10:33:27 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
[2008/10/20 09:14:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2008/10/19 16:31:09 | 02,482,695 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Administrador\Escritorio\stinger.exe
[2008/10/19 14:38:55 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/10/19 14:38:33 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Panda Security
[2008/10/19 14:14:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/10/19 11:09:20 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/10/18 13:48:47 | 00,000,023 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\cleanmem.vbs
[2008/10/18 10:47:21 | 00,000,268 | -H-- | C] () -- C:\sqmdata08.sqm
[2008/10/18 10:47:21 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2008/10/18 10:26:46 | 00,000,982 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Spybot - Search & Destroy.lnk
[2008/10/18 10:26:34 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Spybot - Search & Destroy
[2008/10/18 09:36:49 | 00,000,268 | -H-- | C] () -- C:\sqmdata07.sqm
[2008/10/18 09:36:49 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2008/10/18 09:03:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Lavasoft
[2008/10/18 08:59:51 | 19,153,264 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\aaw2008.exe
[2008/10/17 16:11:51 | 00,054,272 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Carta de Bienvenida al cliente.doc
[2008/10/17 16:11:33 | 00,104,960 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\TARIFA ENNLAZA-T1-OCT08.xls
[2008/10/17 16:11:14 | 00,118,349 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\NUEVO_Contrato_VETE-08.pdf
[2008/10/16 19:38:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\Double Trojans-(win32_vb_dcz+win32qhost_akg)_archivos
[2008/10/16 19:38:26 | 00,116,760 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Double Trojans-(win32_vb_dcz+win32qhost_akg).htm
[2008/10/16 19:33:02 | 00,000,320 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Preparation Guide For Use Before Posting A Hijackthis Log.htm
[2008/10/16 12:24:45 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Kokorico cañerias.doc
[2008/10/16 09:49:35 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 18:20:00 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\guia mata bichos.doc
[2008/10/15 10:09:04 | 00,000,268 | -H-- | C] () -- C:\sqmdata06.sqm
[2008/10/15 10:09:04 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2008/10/15 09:06:14 | 01,847,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 09:06:08 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 09:06:06 | 02,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 09:06:06 | 02,065,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/15 09:06:04 | 02,023,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 08:55:20 | 00,000,268 | -H-- | C] () -- C:\sqmdata05.sqm
[2008/10/15 08:55:20 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2008/10/15 08:53:58 | 00,333,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 08:48:11 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2008/10/15 08:48:10 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/15 08:48:10 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/15 08:48:09 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2008/10/15 08:46:39 | 02,189,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrador\Escritorio\mbam-setup.exe
[2008/10/14 16:53:43 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Complemento 3er trimestre 08 malena.doc
[2008/10/14 15:21:45 | 00,033,666 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Cabiva_sep08.pdf
[2008/10/14 15:21:26 | 00,033,665 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Cabiva_ago08.pdf
[2008/10/14 15:20:18 | 00,033,667 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Cabiva_jul08.pdf
[2008/10/13 23:08:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Datos de programa\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2008/10/13 23:04:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\GlarySoft
[2008/10/13 23:01:34 | 00,000,735 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Glary Registry Repair.lnk
[2008/10/13 23:01:33 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Glary Registry Repair
[2008/10/13 17:22:59 | 01,909,574 | ---- | C] (GlarySoft.com ) -- C:\Documents and Settings\Administrador\Escritorio\rrsetup.exe
[2008/10/12 22:51:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Uniblue
[2008/10/12 21:18:45 | 00,000,186 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\AVG Free Forum Removing Viruses, Virus Removal Tools HOW TO CLEAN AN INFECTED COMPUTER....(REVISED 30-08-08).url
[2008/10/12 21:13:41 | 00,038,400 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\HOW TO CLEAN AN INFECTED COMPUTER.doc
[2008/10/12 16:31:07 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\La voz de dios.doc
[2008/10/12 13:11:54 | 03,520,552 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Administrador\Escritorio\procexp.exe
[2008/10/11 19:50:02 | 00,307,712 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Curr_culo Bereciartu 2008.doc
[2008/10/11 19:49:35 | 00,433,982 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\AFICHE EL REY DEL GALERON FCN.jpg
[2008/10/11 19:49:13 | 00,515,254 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\AFICHE_REY DEL GALERON.jpg
[2008/10/11 19:46:58 | 00,032,503 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\ESTRENO_DE__MAMA_PANCHITA[1].1_10_08._009.jpg
[2008/10/10 18:22:36 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2008/10/10 18:22:36 | 00,000,232 | -H-- | C] () -- C:\sqmdata04.sqm
[2008/10/07 20:13:46 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2008/10/07 20:13:46 | 00,000,232 | -H-- | C] () -- C:\sqmdata03.sqm
[2008/10/05 12:28:36 | 00,000,268 | -H-- | C] () -- C:\sqmdata02.sqm
[2008/10/05 12:28:36 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2008/10/05 12:09:19 | 00,096,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/10/05 12:09:19 | 00,087,855 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/10/05 12:08:21 | 01,641,504 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/05 12:08:21 | 00,319,520 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/10/05 12:08:21 | 00,014,952 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/05 12:08:21 | 00,002,172 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/10/05 12:08:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
[2008/10/05 12:08:20 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Kaspersky Lab
[2008/10/05 12:07:21 | 00,213,008 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/10/05 11:59:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files
[2008/10/05 11:56:38 | 38,507,080 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Administrador\Escritorio\kis8.0.0.454en.exe
[2008/10/05 11:09:03 | 00,003,446 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\kreport critical areas.html
[2008/10/03 17:13:29 | 25,085,704 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\antivir_workstation_winu_en_h.exe
[2008/10/03 16:03:48 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrador\Escritorio\spybotsd160.exe
[2008/10/03 10:18:30 | 00,000,000 | ---D | C] -- C:\Descargas
[2008/10/03 10:13:32 | 00,000,268 | -H-- | C] () -- C:\sqmdata01.sqm
[2008/10/03 10:13:32 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2008/10/03 09:52:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
[2008/10/03 09:52:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2008/10/02 21:19:47 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2008/10/02 21:19:47 | 00,000,232 | -H-- | C] () -- C:\sqmdata00.sqm
[2008/10/02 17:00:17 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Kokorico horario normal.doc
[2008/10/02 12:45:45 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Horario primaria.doc
[2008/10/02 12:07:37 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\REFORMAS COLOMBO seguro 2.doc
[2008/10/02 11:49:32 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\REFORMAS COLOMBO seguro 1.doc
[2008/10/01 21:07:22 | 00,054,927 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\malena 2cab sep08.xls
[2008/10/01 21:06:04 | 00,216,270 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\malena 6cab sep08.xls
[2008/10/01 18:53:38 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Contrato local locu 1ra pag.doc

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/31 12:20:44 | 00,319,520 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/10/31 12:20:44 | 00,002,172 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/10/31 12:20:13 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTViewIt.exe
[2008/10/31 11:40:07 | 00,039,941 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\cambio 31-10-08.PDF
[2008/10/31 11:24:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/31 11:21:27 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/31 11:21:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/31 11:20:14 | 01,641,504 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/31 11:20:14 | 00,014,952 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/31 11:16:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/30 17:11:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/10/30 17:11:12 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/10/30 16:54:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/10/30 16:54:06 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/10/30 12:55:21 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Kokorico fumigacion.doc
[2008/10/29 16:53:02 | 00,575,466 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Autoruns.zip
[2008/10/28 13:21:01 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\dos recuadros evangelica.doc
[2008/10/26 10:41:50 | 00,362,534 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2008/10/26 10:41:50 | 00,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/26 10:41:50 | 00,051,272 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2008/10/26 10:41:50 | 00,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/26 10:41:47 | 00,772,234 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/25 13:07:37 | 00,000,210 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\http--www.cantv.net-movilsms-envio.asp.url
[2008/10/25 11:51:55 | 00,001,936 | ---- | M] () -- C:\WINDOWS\System32\autoexec.nt
[2008/10/24 20:23:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/10/24 20:23:06 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/10/24 17:20:54 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\multa ruben dario.doc
[2008/10/24 12:24:20 | 00,104,960 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\TARIFA ENNLAZA-T1-OCT08.xls
[2008/10/24 10:38:07 | 00,000,304 | ---- | M] () -- C:\WINDOWS\System32\pcimsg.err
[2008/10/23 20:42:09 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\presupuesto pintura robert.doc
[2008/10/21 16:53:27 | 00,462,763 | ---- | M] () -- C:\carta.jpg
[2008/10/21 16:51:26 | 00,436,344 | ---- | M] () -- C:\autorizacion.jpg
[2008/10/21 16:43:12 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\autorizacion nuria.doc
[2008/10/21 16:19:13 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\antecedentes de nuria.doc
[2008/10/21 15:26:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/10/21 15:26:38 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/10/20 20:36:38 | 00,021,504 | -HS- | M] () -- C:\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Thumbs.db:encryptable
[2008/10/20 12:51:37 | 00,001,797 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\HijackThis.lnk
[2008/10/20 12:51:13 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrador\Escritorio\HJTInstall.exe
[2008/10/20 10:33:27 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/10/20 10:33:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/10/20 08:47:50 | 02,482,695 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Administrador\Escritorio\stinger.exe
[2008/10/19 09:45:41 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/18 13:48:47 | 00,000,023 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\cleanmem.vbs
[2008/10/18 10:47:21 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/10/18 10:47:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/10/18 10:26:46 | 00,000,982 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Spybot - Search & Destroy.lnk
[2008/10/18 10:22:53 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrador\Escritorio\spybotsd160.exe
[2008/10/18 09:36:49 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/10/18 09:36:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/10/18 08:59:51 | 19,153,264 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\aaw2008.exe
[2008/10/17 19:07:37 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\guia mata bichos.doc
[2008/10/17 16:11:49 | 00,054,272 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Carta de Bienvenida al cliente.doc
[2008/10/17 16:11:06 | 00,118,349 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\NUEVO_Contrato_VETE-08.pdf
[2008/10/17 10:28:44 | 00,207,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/16 19:38:34 | 00,116,760 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Double Trojans-(win32_vb_dcz+win32qhost_akg).htm
[2008/10/16 19:33:02 | 00,000,320 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Preparation Guide For Use Before Posting A Hijackthis Log.htm
[2008/10/16 12:24:46 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Kokorico cañerias.doc
[2008/10/15 17:55:54 | 00,339,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 17:55:54 | 00,339,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 10:09:04 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/10/15 10:09:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/10/15 08:55:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/10/15 08:55:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/10/15 08:48:11 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2008/10/15 08:46:45 | 02,189,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrador\Escritorio\mbam-setup.exe
[2008/10/14 20:42:33 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\La voz de dios.doc
[2008/10/14 16:59:06 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Complemento 3er trimestre 08 malena.doc
[2008/10/14 15:21:32 | 00,033,666 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Cabiva_sep08.pdf
[2008/10/14 15:21:09 | 00,033,665 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Cabiva_ago08.pdf
[2008/10/14 15:19:41 | 00,033,667 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Cabiva_jul08.pdf
[2008/10/13 23:01:34 | 00,000,735 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Glary Registry Repair.lnk
[2008/10/13 21:08:08 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\ctfmon.exe:SummaryInformation
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\System32\ctfmon.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
[2008/10/13 17:23:10 | 01,909,574 | ---- | M] (GlarySoft.com ) -- C:\Documents and Settings\Administrador\Escritorio\rrsetup.exe
[2008/10/12 21:34:45 | 00,038,400 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\HOW TO CLEAN AN INFECTED COMPUTER.doc
[2008/10/12 21:18:45 | 00,000,186 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\AVG Free Forum Removing Viruses, Virus Removal Tools HOW TO CLEAN AN INFECTED COMPUTER....(REVISED 30-08-08).url
[2008/10/12 13:11:59 | 03,520,552 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Administrador\Escritorio\procexp.exe
[2008/10/11 19:49:56 | 00,307,712 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Curr_culo Bereciartu 2008.doc
[2008/10/11 19:49:35 | 00,433,982 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\AFICHE EL REY DEL GALERON FCN.jpg
[2008/10/11 19:49:13 | 00,515,254 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\AFICHE_REY DEL GALERON.jpg
[2008/10/11 19:46:55 | 00,032,503 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\ESTRENO_DE__MAMA_PANCHITA[1].1_10_08._009.jpg
[2008/10/10 18:22:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/10/10 18:22:36 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/10/07 20:13:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/10/07 20:13:46 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/10/06 13:06:34 | 00,001,196 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2008/10/06 10:02:20 | 00,000,566 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/06 10:02:20 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/06 10:02:20 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/10/05 12:28:36 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/10/05 12:28:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/10/05 12:21:26 | 00,096,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/10/05 12:12:48 | 05,366,528 | -H-- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\IconCache.db
[2008/10/05 12:09:19 | 00,087,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/10/05 12:07:21 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/10/05 11:56:38 | 38,507,080 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Administrador\Escritorio\kis8.0.0.454en.exe
[2008/10/05 11:09:04 | 00,003,446 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\kreport critical areas.html
[2008/10/03 17:13:29 | 25,085,704 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\antivir_workstation_winu_en_h.exe
[2008/10/03 10:13:32 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/10/03 10:13:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/10/02 21:19:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/10/02 21:19:47 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/10/02 17:06:58 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Kokorico horario normal.doc
[2008/10/02 16:22:14 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Horario primaria.doc
[2008/10/02 12:27:38 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\REFORMAS COLOMBO seguro 2.doc
[2008/10/02 12:07:04 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\REFORMAS COLOMBO seguro 1.doc
[2008/10/01 21:06:46 | 00,054,927 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\malena 2cab sep08.xls
[2008/10/01 21:06:04 | 00,216,270 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\malena 6cab sep08.xls
[2008/10/01 18:53:39 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Contrato local locu 1ra pag.doc
< End of report >

Here is Extra.txt

OTViewIt Extras logfile created on: 31/10/2008 12:21:18 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Administrador\Escritorio
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040A | Country: España | Language: ESP | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 265.74 Mb Available Physical Memory | 51.95% Memory free
1.21 Gb Paging File | 0.91 Gb Available in Paging File | 75.31% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 37.30 Gb Total Space | 30.97 Gb Free Space | 83.03% Space Free | Partition Type: NTFS
Drive D: | 6.04 Gb Total Space | 4.61 Gb Free Space | 76.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: Administrador
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=1
""=

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
"DisableUnicastResponsesToMulticastBroadcast"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/19 14:43:10 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/07/29 13:46:37 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 11:55:06 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/19 14:43:10 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/07/29 13:46:37 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 11:55:06 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/07/10 09:51:26 | 20,246,824 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Archivos de programa\eMule\emule.exe:*:Enabled:eMule
File not found -- C:\Archivos de programa\NetSupport Manager\client32.exe:*:Enabled:NetSupport Client

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [Espacio de nombre de Bluetooth] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/04/25 13:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 05:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HijackThis"=HijackThis 2.0.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/09/2008 9:09:23 | Computer Name = DESKTOP | Source = EventSystem | ID = 4609
Description = El sistema de sucesos COM+ detectó un código de retorno incorrecto
durante el procesamiento interno. HRESULT fue 800706BF en la línea 44 de d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Póngase en contacto con el departamento de Soporte técnico de Microsoft para informar
de este erro

Error - 28/09/2008 9:09:23 | Computer Name = DESKTOP | Source = VSS | ID = 8193
Description = Error del Servicio de instantáneas de volumen: error inesperado al
llamar a la rutina CoCreateInstance. HR = 0x80040206.

Error - 05/10/2008 7:08:06 | Computer Name = DESKTOP | Source = MsiInstaller | ID = 1013
Description = Product: Kaspersky Internet Security 2009 -- You must restart your
computer before proceeding with the installation.

Error - 05/10/2008 7:23:23 | Computer Name = DESKTOP | Source = EventSystem | ID = 4609
Description = El sistema de sucesos COM+ detectó un código de retorno incorrecto
durante el procesamiento interno. HRESULT fue 800706BA en la línea 44 de d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Póngase en contacto con el departamento de Soporte técnico de Microsoft para informar
de este erro

Error - 05/10/2008 7:23:23 | Computer Name = DESKTOP | Source = VSS | ID = 8193
Description = Error del Servicio de instantáneas de volumen: error inesperado al
llamar a la rutina CoCreateInstance. HR = 0x80040206.

Error - 06/10/2008 4:58:29 | Computer Name = DESKTOP | Source = EventSystem | ID = 4609
Description = El sistema de sucesos COM+ detectó un código de retorno incorrecto
durante el procesamiento interno. HRESULT fue 80070005 en la línea 44 de d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Póngase en contacto con el departamento de Soporte técnico de Microsoft para informar
de este erro

Error - 06/10/2008 4:58:29 | Computer Name = DESKTOP | Source = VSS | ID = 8193
Description = Error del Servicio de instantáneas de volumen: error inesperado al
llamar a la rutina CoCreateInstance. HR = 0x80040206.

Error - 06/10/2008 5:02:25 | Computer Name = DESKTOP | Source = EventSystem | ID = 4609
Description = El sistema de sucesos COM+ detectó un código de retorno incorrecto
durante el procesamiento interno. HRESULT fue 800706BA en la línea 44 de d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Póngase en contacto con el departamento de Soporte técnico de Microsoft para informar
de este erro

Error - 08/10/2008 10:16:33 | Computer Name = DESKTOP | Source = EventSystem | ID = 4609
Description = El sistema de sucesos COM+ detectó un código de retorno incorrecto
durante el procesamiento interno. HRESULT fue 800706BF en la línea 44 de d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Póngase en contacto con el departamento de Soporte técnico de Microsoft para informar
de este erro

Error - 08/10/2008 10:16:34 | Computer Name = DESKTOP | Source = VSS | ID = 8193
Description = Error del Servicio de instantáneas de volumen: error inesperado al
llamar a la rutina CoCreateInstance. HR = 0x80040206.

[ System Events ]
Error - 31/10/2008 6:22:52 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = El servicio Windows User Mode Driver Framework se terminó de manera
inesperada. Esto ha sucedido 1 veces.

Error - 31/10/2008 6:22:52 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = El servicio Servicio de puerta de enlace de capa de aplicación se
terminó de manera inesperada. Esto ha sucedido 1 veces.

Error - 31/10/2008 6:23:04 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = El servicio Bluetooth Support Service se terminó de manera inesperada.
Esto ha sucedido 1 veces.

Error - 31/10/2008 6:26:21 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = El servicio Horario de Windows se terminó de manera inesperada. Esto
ha sucedido 1 veces.

Error - 31/10/2008 6:26:21 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7031
Description = El servicio Instrumental de administración de Windows terminó inesperadamente.
Lo ha hecho 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos:
Reiniciar el servicio.

Error - 31/10/2008 6:30:53 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7032
Description = El Administrador de control de servicios intentó realizar una acción
correctora (Reiniciar el servicio) después de la terminación inesperada del servicio
Instrumental de administración de Windows, pero ocurrió el siguiente error: %%1056

Error - 31/10/2008 6:34:22 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7032
Description = El Administrador de control de servicios intentó realizar una acción
correctora (Reiniciar el servicio) después de la terminación inesperada del servicio
Instrumental de administración de Windows, pero ocurrió el siguiente error: %%1056

Error - 31/10/2008 6:35:08 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = El servicio iPod Service se terminó de manera inesperada. Esto ha
sucedido 2 veces.

Error - 31/10/2008 6:37:18 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = El servicio Adquisición de imágenes de Windows (WIA) se terminó de
manera inesperada. Esto ha sucedido 2 veces.

Error - 31/10/2008 6:48:07 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = El servicio Adquisición de imágenes de Windows (WIA) se terminó de
manera inesperada. Esto ha sucedido 3 veces.


< End of report >

As far as Karpesky, i got a blue screen caused by Klif.sys when downloading the latest definition files. Should i run it again?. Please advice.

Thank you,

Saruro.

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 31 October 2008 - 10:47 AM

Hello.

I'm not seeing anything in those logs. What symptoms are you experiencing right now?

F-Secure Online Scan
Please run F-Secure Online Scanner to check.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

With Regards,
The Panda

#6 saruro

saruro
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 02 November 2008 - 05:30 AM

Hi the Panda,

On oct 20, Kaspersky detected & quarentine win32_vb_dcz & win32qhost_akg and in 2 days my trial K version will expired, leaving the malware free. This malware has not been killed yet and since oct 20, i´ve been waiting for the cure. My system is very unstable, it goes from 0% to 10%, sometimes 20% without doing nothing; just sitting there watching it go. Sometimes web pages pop up fast and sometimes, it just crawls and then get a not found page. I read something about embedded infection and took a look at C:\......\hosts and did not see an IP address instead there was a bunch of text which was detected by HJT on my oct 20 post, bellow.

Tried F-Secure 5 times and had nerwork error before downloading scanner components and databases. I went back and tried Kaspersky online scanner making sure to disable my 30 days K trial version properly but still got the blue screen caused by Klif.sys program.

I´m sorry but this is all i got.

Thanks in advance,

Saruro.

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 02 November 2008 - 08:57 AM

Hello Saruro.

That's not a problem. I wonder if there is anything hiding... let's check.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
Important!:Please do not select the Show all checkbox during the scan..

Please also include a new OTViewIt log. Just OTViewIt.txt

With Regards,
The Panda

#8 saruro

saruro
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 03 November 2008 - 06:40 AM

Hello the Panda,

The procedure was done with no problems and here are the logs:

1- GMER:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-03 00:22:18
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF5C6D81A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xF5C6DDC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xF5C6F82A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xF5C6F1E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xF5C6CF90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF5C7118C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xF5C6DBC2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xF5C6D3D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xF5C6D5D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xF5C6F4EC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xF5C71698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xF5C6D6E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xF5C6D750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xF5C6F3A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xF5C70C50]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xF5C6F03C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xF5C6D0F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xF5C6D9E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xF5C711B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xF5C6D93E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xF5C6D7B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xF5C6D4BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xF5C6D29A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xF5C70EB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xF5C6CC12]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xF5C700B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xF5C6CD74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xF5C71568]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xF5C6CA10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xF5C6F6CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xF5C6DCC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xF5C70D4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xF5C711E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xF5C6D148]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xF5C712C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xF5C713F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xF5C70B7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xF5C6DA92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xF5C6DB04]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [ C4, 12, C7, F5, F0, 13, C7, ... ]
.text ntoskrnl.exe!IoIsOperationSynchronous 804E875A 5 Bytes JMP F5C843D6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80503289 5 Bytes JMP F5C8401C \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
? C:\WINDOWS\system32\drivers\sptd.sys El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
.text USBPORT.SYS!DllUnload F79887AE 5 Bytes JMP 82C401C8

---- User code sections - GMER 1.0.14 ----

? C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[364] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[364] USER32.dll!VRipOutput + FFFA4C6F 7E392A78 4 Bytes [ 70, 11, 41, 6D ]
.text C:\ARCHIV~1\MSNMES~1\msnmsgr.exe[388] kernel32.dll!SetUnhandledExceptionFilter 7C84480D 5 Bytes JMP 004DE392 C:\ARCHIV~1\MSNMES~1\msnmsgr.exe (Messenger/Microsoft Corporation)
? C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[820] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[820] USER32.dll!VRipOutput + FFFA4C6F 7E392A78 4 Bytes [ 70, 11, 41, 6D ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F872406C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8724018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F87469AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F872406C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F870DAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F870DC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F870DB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F870E748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F870E61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F872329A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F8053DF0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F8053DF0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [F8053D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 82F691E8

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbuhci \Device\USBPDO-0 82C3F1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82FD71E8
Device \Driver\dmio \Device\DmControl\DmConfig 82FD71E8
Device \Driver\dmio \Device\DmControl\DmPnP 82FD71E8
Device \Driver\dmio \Device\DmControl\DmInfo 82FD71E8
Device \Driver\usbuhci \Device\USBPDO-1 82C3F1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{AD8758B7-57CB-4FA5-9B94-1DE6D0B2D120} 82AF3790

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\Ftdisk \Device\HarddiskVolume1 82F6B1E8
Device \Driver\CDRom \Device\CdRom0 82C4A1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 82F6B1E8
Device \Driver\CDRom \Device\CdRom1 82C4A1E8
Device \Driver\atapi \Device\Ide\IdePort0 82F6A1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 82F6A1E8
Device \Driver\atapi \Device\Ide\IdePort1 82F6A1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 82F6A1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 82F6A1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 82F6A1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82AF3790
Device \Driver\NetBT \Device\NetbiosSmb 82AF3790

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbuhci \Device\USBFDO-0 82C3F1E8
Device \Driver\usbuhci \Device\USBFDO-1 82C3F1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82AFB790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82AFB790
Device \Driver\Ftdisk \Device\FtControl 82F6B1E8
Device \FileSystem\Cdfs \Cdfs 82CAA790

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d0c6df9
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000b0d0c6df9

---- EOF - GMER 1.0.14 ----

2- OTViewIt:

OTViewIt logfile created on: 03/11/2008 0:27:41 - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Administrador\Escritorio
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040A | Country: España | Language: ESP | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 340.92 Mb Available Physical Memory | 66.65% Memory free
1.21 Gb Paging File | 1.01 Gb Available in Paging File | 83.48% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 37.30 Gb Total Space | 31.38 Gb Free Space | 84.13% Space Free | Partition Type: NTFS
Drive D: | 6.04 Gb Total Space | 4.61 Gb Free Space | 76.30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: Administrador
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/07/29 19:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
[2007/01/19 11:55:06 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\MSN Messenger\msnmsgr.exe
[2008/07/29 19:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
[2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2005/01/28 00:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/07/18 21:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004/08/19 14:42:50 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
[2008/11/03 00:26:44 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/29 19:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP [Auto | Running])
[2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
[2005/01/28 00:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\MSN Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped])

========== Driver Services ==========

[2007/07/30 00:11:37 | 00,041,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Running])
[2004/10/15 04:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
[2007/07/29 13:47:12 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BthEnum.sys -- (BthEnum [On_Demand | Stopped])
[2007/07/29 13:47:12 | 00,100,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2008/06/14 18:59:52 | 00,272,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2007/07/29 13:47:12 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Stopped])
[2007/07/29 14:46:56 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/11/02 23:54:46 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2007/07/29 14:47:12 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFBS2S2.sys -- (HSFHWBS2 [On_Demand | Running])
[2007/07/29 14:47:12 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFDPSP2.sys -- (HSF_DP [On_Demand | Running])
[2008/07/21 17:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
[2008/01/29 17:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
[2008/03/13 18:02:46 | 00,026,640 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV [On_Demand | Running])
[2008/10/05 12:07:21 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2008/04/30 17:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])
[2007/07/29 14:47:12 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2007/07/29 14:47:02 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
[2004/08/03 21:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2006/10/22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2001/08/24 17:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/07/29 13:47:12 | 00,059,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2007/07/29 14:47:04 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
[2004/07/17 10:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/07/17 09:15:28 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2007/08/01 21:47:26 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/10/05 12:07:21 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (TSP [On_Demand | Stopped])
[2005/08/03 14:16:10 | 00,202,112 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio [On_Demand | Running])
[2007/07/29 14:47:12 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFCXTS2.sys -- (winachsf [On_Demand | Running])
[2001/08/24 17:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.es/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\g]
""=http://www.google.es/custom?sa=B%FAsqueda+de+Google&client=pub-2788563222908654&forid=1&channel=0360347317&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=es&q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}" (HKLM) -- C:\Archivos de programa\myBabylon\tbmyBa.dll (Conduit Ltd.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.busca7.com/

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g]
""=http://www.google.es/custom?sa=B%FAsqueda+de+Google&client=pub-2788563222908654&forid=1&channel=0360347317&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=es&q=%s

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.busca7.com/

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g]
""=http://www.google.es/custom?sa=B%FAsqueda+de+Google&client=pub-2788563222908654&forid=1&channel=0360347317&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=es&q=%s

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.busca7.com/

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g]
""=http://www.google.es/custom?sa=B%FAsqueda+de+Google&client=pub-2788563222908654&forid=1&channel=0360347317&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=es&q=%s

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.busca7.com/

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g]
""=http://www.google.es/custom?sa=B%FAsqueda+de+Google&client=pub-2788563222908654&forid=1&channel=0360347317&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=es&q=%s

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.es/

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Internet Explorer\SearchURL\g]
""=http://www.google.es/custom?sa=B%FAsqueda+de+Google&client=pub-2788563222908654&forid=1&channel=0360347317&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=es&q=%s

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}" (HKLM) -- C:\Archivos de programa\myBabylon\tbmyBa.dll (Conduit Ltd.)

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

========== (O1) Hosts File ==========

HOSTS File = (6859 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
<HTML><HEAD><TITLE>Yahoo!</TITLE>
</HEAD><BODY BGCOLOR=white vlink=blue>
<!-- following code added by server. PLEASE REMOVE -->
<!-- preceding code added by server. PLEASE REMOVE --><center>
<table width=675 cellpadding=0 cellspacing=2 border=0>
<tr>
<td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>
<td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td>
</tr>
</table>
<br>
<table border=0 width=675 cellspacing=0 cellpadding=3>
<tr>
<td bgcolor=003399 colspan=2>
<font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>
</td>
</tr></table>
<br>
<table border=0 width=675 cellspacing=0 cellpadding=1>
<tr>
<td valign=top width=229 bgcolor=ffffff>
<table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
<td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
<tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>
<tr bgcolor=white><td valign=top align=center>
84 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{34ea1c70-42cc-42c5-aa29-ec58b95a343e} (HKLM) -- C:\Archivos de programa\myBabylon\tbmyBa.dll (Conduit Ltd.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (HKLM) -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (HKLM) -- C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}" (HKLM) -- C:\Archivos de programa\myBabylon\tbmyBa.dll (Conduit Ltd.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}" (HKLM) -- C:\Archivos de programa\myBabylon\tbmyBa.dll (Conduit Ltd.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}" (HKLM) -- C:\Archivos de programa\myBabylon\tbmyBa.dll (Conduit Ltd.)

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" (Kaspersky Lab)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RecargaExpress"=C:\Documents and Settings\Administrador\Escritorio\Recargaexpress.exe /s ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\ARCHIV~1\MSNMES~1\msnmsgr.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\ARCHIV~1\MSNMES~1\msnmsgr.exe" /background (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0
"VerboseStatus"=0
"NoInternetOpenWith"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoStartBanner"=1
"NoSMHelp"=1
"NoSMConfigurePrograms"=1
"NoSMMyPictures"=1
"NoLowDiskSpaceChecks"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1
"NoFolderOptions"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableCMD"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=149
"ForceClassicControlPanel"=1
"NoStartBanner"=1
"NoSMHelp"=1
"NoSMConfigurePrograms"=1
"NoSMMyPictures"=1
"NoLowDiskSpaceChecks"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=149
"ForceClassicControlPanel"=1
"NoStartBanner"=1
"NoSMHelp"=1
"NoSMConfigurePrograms"=1
"NoSMMyPictures"=1
"NoLowDiskSpaceChecks"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoStartBanner"=1
"NoSMHelp"=1
"NoSMConfigurePrograms"=1
"NoSMMyPictures"=1
"NoLowDiskSpaceChecks"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoStartBanner"=1
"NoSMHelp"=1
"NoSMConfigurePrograms"=1
"NoSMMyPictures"=1
"NoLowDiskSpaceChecks"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoStartBanner"=1
"NoSMHelp"=1
"NoSMConfigurePrograms"=1
"NoSMMyPictures"=1
"NoLowDiskSpaceChecks"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1
"NoFolderOptions"=0

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableCMD"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to AMV Convert Tool...: C:\Archivos de programa\MP3 Player Utilities 4.00\AMVConverter\grab.html File not found
Add to Banner Ad Blocker: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm [2008/07/29 19:08:28 | 00,001,411 | ---- | M] ()
E&xportar a Microsoft Excel: C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 01:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
MediaManager tool grab multimedia file: C:\Archivos de programa\MP3 Player Utilities 4.00\MediaManager\grab.html File not found

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\Software\Microsoft\Internet Explorer\MenuExt\]
Add to AMV Convert Tool...: C:\Archivos de programa\MP3 Player Utilities 4.00\AMVConverter\grab.html File not found
Add to Banner Ad Blocker: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm [2008/07/29 19:08:28 | 00,001,411 | ---- | M] ()
E&xportar a Microsoft Excel: C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 01:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
MediaManager tool grab multimedia file: C:\Archivos de programa\MP3 Player Utilities 4.00\MediaManager\grab.html File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Consola de Sun Java -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web traffic protection statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [2008/07/29 19:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 14:01:48 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Referencia -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2007/07/29 13:46:37 | 00,557,568 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{04849C74-016E-4a43-8AA5-1F01DE57F4A1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Consola de Sun Java] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [Web traffic protection statistics] -> [2008/07/29 19:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2008/01/09 14:01:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referencia] -> [2003/07/15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2007/07/29 13:46:37 | 00,557,568 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{04849C74-016E-4a43-8AA5-1F01DE57F4A1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Consola de Sun Java] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [Web traffic protection statistics] -> [2008/07/29 19:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2008/01/09 14:01:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referencia] -> [2003/07/15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2007/07/29 13:46:37 | 00,557,568 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-682003330-1708537768-1694037107-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{556DDE35-E955-11D0-A707-000000521957}: http://www.xblock.com/download/xclean_micro.exe -- Reg Error: Key does not exist or could not be opened.
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
{E1E73B44-2D20-47A9-9CA2-B534CEBBF856}: http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab -- F-Secure Health Check 1.0

========== (O17) DNS Name Servers ==========

{ABF7995A-0203-4756-9E14-7757B680836C} (Servers: | Description: )
{AD8758B7-57CB-4FA5-9B94-1DE6D0B2D120} (Servers: 80.58.0.33,80.58.32.97 | Description: NIC Fast Ethernet PCI Familia RTL8139 de Realtek )

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\adialhk.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\kloehk.dll
>[2008/07/29 19:22:08 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll
>[2008/07/29 19:22:12 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll
>[2008/07/29 19:20:58 | 00,083,208 | ---- | M] (Kaspersky Lab) -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll
>[2008/07/29 19:21:40 | 00,011,016 | ---- | M] (Kaspersky Lab) -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [pause | ]
[2008/09/28 23:51:11 | 00,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorizacion.jpg [ÿØÿà | ]
[2008/10/21 16:51:26 | 00,436,344 | ---- | M] () -- C:\autorizacion.jpg -- [ NTFS ]

autorizacion.jpg [ÿØÿà | ]
[2008/06/22 12:42:13 | 00,036,285 | ---- | M] () -- D:\autorizacion.jpg -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b493c682-684c-11dd-8ab9-0040ca2ebfea}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b493c682-684c-11dd-8ab9-0040ca2ebfea}\Shell\AutoRun\command]
""=H:\AutoRun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b493c684-684c-11dd-8ab9-0040ca2ebfea}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b493c684-684c-11dd-8ab9-0040ca2ebfea}\Shell\AutoRun\command]
""=H:\AutoRun.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b493c686-684c-11dd-8ab9-0040ca2ebfea}\Shell\Auto\command]
""=activexdebugger32.exe f


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b493c686-684c-11dd-8ab9-0040ca2ebfea}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/07/29 13:46:20 | 08,500,736 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b493c686-684c-11dd-8ab9-0040ca2ebfea}\Shell\explore\Command]
""=activexdebugger32.exe f


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b493c686-684c-11dd-8ab9-0040ca2ebfea}\Shell\open\Command]
""=activexdebugger32.exe f


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbfd3c1c-6467-11dd-8ab4-0040ca2ebfea}\Shell\AutoRun\command]
""=H:\setupSNK.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2008/11/02 23:54:49 | 00,000,365 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/11/02 23:54:46 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/11/02 23:54:46 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/11/02 23:54:46 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/11/02 23:54:46 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/11/02 23:54:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\gmer
[2008/11/02 23:53:40 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\gmer.zip
[2008/11/02 12:35:54 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt17.sqm
[2008/11/02 12:35:54 | 00,000,232 | -H-- | C] () -- C:\sqmdata17.sqm
[2008/11/02 10:25:52 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2008/11/01 14:24:35 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2008/11/01 14:24:35 | 00,000,232 | -H-- | C] () -- C:\sqmdata16.sqm
[2008/11/01 14:23:30 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2008/11/01 14:23:30 | 00,000,232 | -H-- | C] () -- C:\sqmdata15.sqm
[2008/11/01 14:17:57 | 00,000,232 | -H-- | C] () -- C:\sqmdata14.sqm
[2008/11/01 14:17:56 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm
[2008/11/01 12:19:51 | 00,039,629 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\cambio 01-11-08.PDF
[2008/10/31 23:21:09 | 00,294,272 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\recargas_internacionales.jpg
[2008/10/31 12:20:20 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTViewIt.exe
[2008/10/30 17:11:12 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm
[2008/10/30 17:11:12 | 00,000,232 | -H-- | C] () -- C:\sqmdata13.sqm
[2008/10/30 16:54:06 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2008/10/30 16:54:06 | 00,000,232 | -H-- | C] () -- C:\sqmdata12.sqm
[2008/10/30 12:55:21 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Kokorico fumigacion.doc
[2008/10/29 16:54:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\Autoruns
[2008/10/29 16:52:52 | 00,575,466 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Autoruns.zip
[2008/10/28 13:21:01 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\dos recuadros evangelica.doc
[2008/10/25 13:07:36 | 00,000,210 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\http--www.cantv.net-movilsms-envio.asp.url
[2008/10/25 11:56:22 | 00,339,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/25 11:51:55 | 00,001,936 | ---- | C] () -- C:\WINDOWS\System32\autoexec.nt
[2008/10/24 20:23:06 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm
[2008/10/24 20:23:06 | 00,000,232 | -H-- | C] () -- C:\sqmdata11.sqm
[2008/10/24 17:20:53 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\multa ruben dario.doc
[2008/10/24 10:34:47 | 00,000,000 | ---D | C] -- C:\enn
[2008/10/24 10:28:01 | 00,000,000 | ---D | C] -- C:\SRC
[2008/10/23 19:01:47 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\presupuesto pintura robert.doc
[2008/10/21 22:57:01 | 00,000,000 | ---D | C] -- C:\Archivos de programa\RegBoost
[2008/10/21 16:52:56 | 00,462,763 | ---- | C] () -- C:\carta.jpg
[2008/10/21 16:50:54 | 00,436,344 | ---- | C] () -- C:\autorizacion.jpg
[2008/10/21 16:43:12 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\autorizacion nuria.doc
[2008/10/21 16:19:12 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\antecedentes de nuria.doc
[2008/10/21 15:26:38 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm
[2008/10/21 15:26:38 | 00,000,232 | -H-- | C] () -- C:\sqmdata10.sqm
[2008/10/20 22:27:37 | 00,000,000 | ---D | C] -- C:\col boxer
[2008/10/20 10:33:27 | 00,000,268 | -H-- | C] () -- C:\sqmdata09.sqm
[2008/10/20 10:33:27 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
[2008/10/20 09:14:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2008/10/19 16:31:09 | 02,482,695 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Administrador\Escritorio\stinger.exe
[2008/10/19 14:38:55 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/10/19 14:38:33 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Panda Security
[2008/10/19 14:14:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/10/19 11:09:20 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/10/18 13:48:47 | 00,000,023 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\cleanmem.vbs
[2008/10/18 10:47:21 | 00,000,268 | -H-- | C] () -- C:\sqmdata08.sqm
[2008/10/18 10:47:21 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2008/10/18 10:26:46 | 00,000,982 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Spybot - Search & Destroy.lnk
[2008/10/18 10:26:34 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Spybot - Search & Destroy
[2008/10/18 09:36:49 | 00,000,268 | -H-- | C] () -- C:\sqmdata07.sqm
[2008/10/18 09:36:49 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2008/10/18 09:03:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Lavasoft
[2008/10/18 08:59:51 | 19,153,264 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\aaw2008.exe
[2008/10/17 16:11:51 | 00,054,272 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Carta de Bienvenida al cliente.doc
[2008/10/17 16:11:33 | 00,104,960 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\TARIFA ENNLAZA-T1-OCT08.xls
[2008/10/17 16:11:14 | 00,118,349 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\NUEVO_Contrato_VETE-08.pdf
[2008/10/16 19:38:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\Double Trojans-(win32_vb_dcz+win32qhost_akg)_archivos
[2008/10/16 19:38:26 | 00,116,760 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Double Trojans-(win32_vb_dcz+win32qhost_akg).htm
[2008/10/16 19:33:02 | 00,000,320 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Preparation Guide For Use Before Posting A Hijackthis Log.htm
[2008/10/16 12:24:45 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Kokorico cañerias.doc
[2008/10/16 09:49:35 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 18:20:00 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\guia mata bichos.doc
[2008/10/15 10:09:04 | 00,000,268 | -H-- | C] () -- C:\sqmdata06.sqm
[2008/10/15 10:09:04 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2008/10/15 09:06:14 | 01,847,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 09:06:08 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 09:06:06 | 02,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 09:06:06 | 02,065,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/15 09:06:04 | 02,023,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 08:55:20 | 00,000,268 | -H-- | C] () -- C:\sqmdata05.sqm
[2008/10/15 08:55:20 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2008/10/15 08:53:58 | 00,333,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 08:48:11 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2008/10/15 08:48:10 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/15 08:48:10 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/15 08:48:09 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2008/10/15 08:46:39 | 02,189,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrador\Escritorio\mbam-setup.exe
[2008/10/14 16:53:43 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Complemento 3er trimestre 08 malena.doc
[2008/10/14 15:21:45 | 00,033,666 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Cabiva_sep08.pdf
[2008/10/14 15:21:26 | 00,033,665 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Cabiva_ago08.pdf
[2008/10/14 15:20:18 | 00,033,667 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Cabiva_jul08.pdf
[2008/10/13 23:08:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Datos de programa\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2008/10/13 23:04:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\GlarySoft
[2008/10/13 23:01:34 | 00,000,735 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Glary Registry Repair.lnk
[2008/10/13 23:01:33 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Glary Registry Repair
[2008/10/13 17:22:59 | 01,909,574 | ---- | C] (GlarySoft.com ) -- C:\Documents and Settings\Administrador\Escritorio\rrsetup.exe
[2008/10/12 22:51:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Uniblue
[2008/10/12 21:18:45 | 00,000,186 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\AVG Free Forum Removing Viruses, Virus Removal Tools HOW TO CLEAN AN INFECTED COMPUTER....(REVISED 30-08-08).url
[2008/10/12 21:13:41 | 00,038,400 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\HOW TO CLEAN AN INFECTED COMPUTER.doc
[2008/10/12 16:31:07 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\La voz de dios.doc
[2008/10/12 13:11:54 | 03,520,552 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Administrador\Escritorio\procexp.exe
[2008/10/11 19:50:02 | 00,307,712 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Curr_culo Bereciartu 2008.doc
[2008/10/11 19:49:35 | 00,433,982 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\AFICHE EL REY DEL GALERON FCN.jpg
[2008/10/11 19:49:13 | 00,515,254 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\AFICHE_REY DEL GALERON.jpg
[2008/10/11 19:46:58 | 00,032,503 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\ESTRENO_DE__MAMA_PANCHITA[1].1_10_08._009.jpg
[2008/10/10 18:22:36 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2008/10/10 18:22:36 | 00,000,232 | -H-- | C] () -- C:\sqmdata04.sqm
[2008/10/07 20:13:46 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2008/10/07 20:13:46 | 00,000,232 | -H-- | C] () -- C:\sqmdata03.sqm
[2008/10/05 12:28:36 | 00,000,268 | -H-- | C] () -- C:\sqmdata02.sqm
[2008/10/05 12:28:36 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2008/10/05 12:09:19 | 00,096,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/10/05 12:09:19 | 00,087,855 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/10/05 12:08:21 | 01,641,504 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/05 12:08:21 | 00,319,520 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/10/05 12:08:21 | 00,014,952 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/05 12:08:21 | 00,002,172 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/10/05 12:08:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
[2008/10/05 12:08:20 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Kaspersky Lab
[2008/10/05 12:07:21 | 00,213,008 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/10/05 11:59:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files
[2008/10/05 11:56:38 | 38,507,080 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Administrador\Escritorio\kis8.0.0.454en.exe
[2008/10/05 11:09:03 | 00,003,446 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\kreport critical areas.html

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/11/03 00:26:44 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTViewIt.exe
[2008/11/03 00:06:41 | 00,000,365 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/11/03 00:01:32 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/11/03 00:01:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/03 00:01:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/03 00:00:09 | 01,641,504 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/11/03 00:00:09 | 00,319,520 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/11/03 00:00:09 | 00,014,952 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/11/03 00:00:09 | 00,002,172 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/11/02 23:54:46 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/11/02 23:54:46 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/11/02 23:54:46 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/11/02 23:53:46 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\gmer.zip
[2008/11/02 12:35:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/11/02 12:35:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/11/01 15:13:11 | 00,023,552 | -HS- | M] () -- C:\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Thumbs.db:encryptable
[2008/11/01 14:24:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/11/01 14:24:35 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/11/01 14:23:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/11/01 14:23:30 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/11/01 14:17:57 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/11/01 14:17:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/11/01 12:19:51 | 00,039,629 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\cambio 01-11-08.PDF
[2008/10/31 23:21:04 | 00,294,272 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\recargas_internacionales.jpg
[2008/10/31 11:16:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/30 17:11:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/10/30 17:11:12 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/10/30 16:54:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/10/30 16:54:06 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/10/30 12:55:21 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Kokorico fumigacion.doc
[2008/10/29 16:53:02 | 00,575,466 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Autoruns.zip
[2008/10/28 13:21:01 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\dos recuadros evangelica.doc
[2008/10/26 10:41:50 | 00,362,534 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2008/10/26 10:41:50 | 00,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/26 10:41:50 | 00,051,272 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2008/10/26 10:41:50 | 00,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/26 10:41:47 | 00,772,234 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/25 13:07:37 | 00,000,210 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\http--www.cantv.net-movilsms-envio.asp.url
[2008/10/25 11:51:55 | 00,001,936 | ---- | M] () -- C:\WINDOWS\System32\autoexec.nt
[2008/10/24 20:23:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/10/24 20:23:06 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/10/24 17:20:54 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\multa ruben dario.doc
[2008/10/24 12:24:20 | 00,104,960 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\TARIFA ENNLAZA-T1-OCT08.xls
[2008/10/24 10:38:07 | 00,000,304 | ---- | M] () -- C:\WINDOWS\System32\pcimsg.err
[2008/10/23 20:42:09 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\presupuesto pintura robert.doc
[2008/10/21 16:53:27 | 00,462,763 | ---- | M] () -- C:\carta.jpg
[2008/10/21 16:51:26 | 00,436,344 | ---- | M] () -- C:\autorizacion.jpg
[2008/10/21 16:43:12 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\autorizacion nuria.doc
[2008/10/21 16:19:13 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\antecedentes de nuria.doc
[2008/10/21 15:26:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/10/21 15:26:38 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/10/20 12:51:37 | 00,001,797 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\HijackThis.lnk
[2008/10/20 12:51:13 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrador\Escritorio\HJTInstall.exe
[2008/10/20 10:33:27 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/10/20 10:33:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/10/20 08:47:50 | 02,482,695 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Administrador\Escritorio\stinger.exe
[2008/10/19 09:45:41 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/18 13:48:47 | 00,000,023 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\cleanmem.vbs
[2008/10/18 10:47:21 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/10/18 10:47:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/10/18 10:26:46 | 00,000,982 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Spybot - Search & Destroy.lnk
[2008/10/18 10:22:53 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrador\Escritorio\spybotsd160.exe
[2008/10/18 09:36:49 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/10/18 09:36:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/10/18 08:59:51 | 19,153,264 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\aaw2008.exe
[2008/10/17 19:07:37 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\guia mata bichos.doc
[2008/10/17 16:11:49 | 00,054,272 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Carta de Bienvenida al cliente.doc
[2008/10/17 16:11:06 | 00,118,349 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\NUEVO_Contrato_VETE-08.pdf
[2008/10/17 10:28:44 | 00,207,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/16 19:38:34 | 00,116,760 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Double Trojans-(win32_vb_dcz+win32qhost_akg).htm
[2008/10/16 19:33:02 | 00,000,320 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Preparation Guide For Use Before Posting A Hijackthis Log.htm
[2008/10/16 12:24:46 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Kokorico cañerias.doc
[2008/10/15 17:55:54 | 00,339,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 17:55:54 | 00,339,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 10:09:04 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/10/15 10:09:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/10/15 08:55:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/10/15 08:55:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/10/15 08:48:11 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2008/10/15 08:46:45 | 02,189,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrador\Escritorio\mbam-setup.exe
[2008/10/14 20:42:33 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\La voz de dios.doc
[2008/10/14 16:59:06 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Complemento 3er trimestre 08 malena.doc
[2008/10/14 15:21:32 | 00,033,666 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Cabiva_sep08.pdf
[2008/10/14 15:21:09 | 00,033,665 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Cabiva_ago08.pdf
[2008/10/14 15:19:41 | 00,033,667 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Cabiva_jul08.pdf
[2008/10/13 23:01:34 | 00,000,735 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Glary Registry Repair.lnk
[2008/10/13 21:08:08 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\ctfmon.exe:SummaryInformation
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\System32\ctfmon.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
[2008/10/13 17:23:10 | 01,909,574 | ---- | M] (GlarySoft.com ) -- C:\Documents and Settings\Administrador\Escritorio\rrsetup.exe
[2008/10/12 21:34:45 | 00,038,400 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\HOW TO CLEAN AN INFECTED COMPUTER.doc
[2008/10/12 21:18:45 | 00,000,186 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\AVG Free Forum Removing Viruses, Virus Removal Tools HOW TO CLEAN AN INFECTED COMPUTER....(REVISED 30-08-08).url
[2008/10/12 13:11:59 | 03,520,552 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Administrador\Escritorio\procexp.exe
[2008/10/11 19:49:56 | 00,307,712 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Curr_culo Bereciartu 2008.doc
[2008/10/11 19:49:35 | 00,433,982 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\AFICHE EL REY DEL GALERON FCN.jpg
[2008/10/11 19:49:13 | 00,515,254 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\AFICHE_REY DEL GALERON.jpg
[2008/10/11 19:46:55 | 00,032,503 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\ESTRENO_DE__MAMA_PANCHITA[1].1_10_08._009.jpg
[2008/10/10 18:22:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/10/10 18:22:36 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/10/07 20:13:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/10/07 20:13:46 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/10/06 13:06:34 | 00,001,196 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2008/10/06 10:02:20 | 00,000,566 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/06 10:02:20 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/06 10:02:20 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/10/05 12:28:36 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/10/05 12:28:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/10/05 12:21:26 | 00,096,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/10/05 12:12:48 | 05,366,528 | -H-- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\IconCache.db
[2008/10/05 12:09:19 | 00,087,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/10/05 12:07:21 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/10/05 11:56:38 | 38,507,080 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Administrador\Escritorio\kis8.0.0.454en.exe
[2008/10/05 11:09:04 | 00,003,446 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\kreport critical areas.html
< End of report >

3- Extras:

OTViewIt Extras logfile created on: 03/11/2008 0:27:41 - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Administrador\Escritorio
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040A | Country: España | Language: ESP | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 340.92 Mb Available Physical Memory | 66.65% Memory free
1.21 Gb Paging File | 1.01 Gb Available in Paging File | 83.48% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 37.30 Gb Total Space | 31.38 Gb Free Space | 84.13% Space Free | Partition Type: NTFS
Drive D: | 6.04 Gb Total Space | 4.61 Gb Free Space | 76.30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: Administrador
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=1
""=

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
"DisableUnicastResponsesToMulticastBroadcast"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/19 14:43:10 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/07/29 13:46:37 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 11:55:06 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/19 14:43:10 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/07/29 13:46:37 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 11:55:06 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/07/10 09:51:26 | 20,246,824 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Archivos de programa\eMule\emule.exe:*:Enabled:eMule
File not found -- C:\Archivos de programa\NetSupport Manager\client32.exe:*:Enabled:NetSupport Client

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [Espacio de nombre de Bluetooth] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/04/25 13:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 05:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HijackThis"=HijackThis 2.0.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/09/2008 9:09:23 | Computer Name = DESKTOP | Source = EventSystem | ID = 4609
Description = El sistema de sucesos COM+ detectó un código de retorno incorrecto
durante el procesamiento interno. HRESULT fue 800706BF en la línea 44 de d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Póngase en contacto con el departamento de Soporte técnico de Microsoft para informar
de este erro

Error - 28/09/2008 9:09:23 | Computer Name = DESKTOP | Source = VSS | ID = 8193
Description = Error del Servicio de instantáneas de volumen: error inesperado al
llamar a la rutina CoCreateInstance. HR = 0x80040206.

Error - 05/10/2008 7:08:06 | Computer Name = DESKTOP | Source = MsiInstaller | ID = 1013
Description = Product: Kaspersky Internet Security 2009 -- You must restart your
computer before proceeding with the installation.

Error - 05/10/2008 7:23:23 | Computer Name = DESKTOP | Source = EventSystem | ID = 4609
Description = El sistema de sucesos COM+ detectó un código de retorno incorrecto
durante el procesamiento interno. HRESULT fue 800706BA en la línea 44 de d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Póngase en contacto con el departamento de Soporte técnico de Microsoft para informar
de este erro

Error - 05/10/2008 7:23:23 | Computer Name = DESKTOP | Source = VSS | ID = 8193
Description = Error del Servicio de instantáneas de volumen: error inesperado al
llamar a la rutina CoCreateInstance. HR = 0x80040206.

Error - 06/10/2008 4:58:29 | Computer Name = DESKTOP | Source = EventSystem | ID = 4609
Description = El sistema de sucesos COM+ detectó un código de retorno incorrecto
durante el procesamiento interno. HRESULT fue 80070005 en la línea 44 de d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Póngase en contacto con el departamento de Soporte técnico de Microsoft para informar
de este erro

Error - 06/10/2008 4:58:29 | Computer Name = DESKTOP | Source = VSS | ID = 8193
Description = Error del Servicio de instantáneas de volumen: error inesperado al
llamar a la rutina CoCreateInstance. HR = 0x80040206.

Error - 06/10/2008 5:02:25 | Computer Name = DESKTOP | Source = EventSystem | ID = 4609
Description = El sistema de sucesos COM+ detectó un código de retorno incorrecto
durante el procesamiento interno. HRESULT fue 800706BA en la línea 44 de d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Póngase en contacto con el departamento de Soporte técnico de Microsoft para informar
de este erro

Error - 08/10/2008 10:16:33 | Computer Name = DESKTOP | Source = EventSystem | ID = 4609
Description = El sistema de sucesos COM+ detectó un código de retorno incorrecto
durante el procesamiento interno. HRESULT fue 800706BF en la línea 44 de d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Póngase en contacto con el departamento de Soporte técnico de Microsoft para informar
de este erro

Error - 08/10/2008 10:16:34 | Computer Name = DESKTOP | Source = VSS | ID = 8193
Description = Error del Servicio de instantáneas de volumen: error inesperado al
llamar a la rutina CoCreateInstance. HR = 0x80040206.

[ System Events ]
Error - 02/11/2008 5:51:39 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = El servicio Adquisición de imágenes de Windows (WIA) se terminó de
manera inesperada. Esto ha sucedido 1 veces.

Error - 02/11/2008 7:08:52 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7032
Description = El Administrador de control de servicios intentó realizar una acción
correctora (Reiniciar el servicio) después de la terminación inesperada del servicio
Instrumental de administración de Windows, pero ocurrió el siguiente error: %%1056

Error - 02/11/2008 7:19:45 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = El servicio iPod Service se terminó de manera inesperada. Esto ha
sucedido 1 veces.

Error - 02/11/2008 7:31:27 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = El servicio Adquisición de imágenes de Windows (WIA) se terminó de
manera inesperada. Esto ha sucedido 3 veces.

Error - 02/11/2008 10:19:48 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = El servicio iPod Service se terminó de manera inesperada. Esto ha
sucedido 3 veces.

Error - 02/11/2008 10:20:52 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7032
Description = El Administrador de control de servicios intentó realizar una acción
correctora (Reiniciar el servicio) después de la terminación inesperada del servicio
Instrumental de administración de Windows, pero ocurrió el siguiente error: %%1056

Error - 02/11/2008 10:21:38 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = El servicio iPod Service se terminó de manera inesperada. Esto ha
sucedido 4 veces.

Error - 02/11/2008 17:23:17 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = El servicio Adquisición de imágenes de Windows (WIA) se terminó de
manera inesperada. Esto ha sucedido 5 veces.

Error - 02/11/2008 17:24:17 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = El servicio Adquisición de imágenes de Windows (WIA) se terminó de
manera inesperada. Esto ha sucedido 6 veces.

Error - 02/11/2008 17:25:17 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = El servicio Adquisición de imágenes de Windows (WIA) se terminó de
manera inesperada. Esto ha sucedido 7 veces.


< End of report >


Thanks in advance,

Saruro.

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 03 November 2008 - 08:18 AM

Hello Saruro.

Those logs are clean. Whatever it was must have been removed already.

Can you tell me which processes are taking up the CPU? Open Task Manage, and go to Processes.

I suspect it may be the Kaspersky suite.

With Regards,
The Panda

#10 saruro

saruro
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 03 November 2008 - 04:05 PM

Hi the panda,

I do that every morning since i got infected (look at the process list). Then i start killing the following processes to make it go faster:

- alg.exe => memory usage 2250 KB
- wdfmgr.exe => memory usage 2565 KB
- svchost.exe (system) => memory usage 20528 KB
- svchost.exe (local service) => memory usage 3446 KB
- svchost.exe (system) => memory usage 4508 KB

In the process list remains 3 svchost.exe (local service, network system & system) that are different from the killed ones ´cause once i killed one of these by mistake and it (svchost.exe) did a shutdown. These killed ones keep poping up in pairs in the process list with memory usage of 4763 KB and 9732 KB each. Alg.exe and wdfmgr.exe are not restarted once killed.

I hope this helps.

Thanks in advance,

Saruro.

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 03 November 2008 - 04:11 PM

Hello.

Um... this definately not something you should be doing.

Svchost is the service host. It is legit and may be required for your computer to function.

alg.exe is related to Windows Firewall.
--
I was looking more the the CPU usage of the processes, rather than the memory usage. You say that it fluctuates.

With Regards,
The Panda

#12 saruro

saruro
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 03 November 2008 - 05:30 PM

Hi The Panda,

I was looking at the cpu usage graph and with only 3 svchost.exe, the line is like a small ripple which oscillates between 8% to 15% (with iTunes and iexplorer on). But after a 4th svchost.exe is restarted, the small ripple grows bigger and random (15%,65%,37%,28%,45%) until i kill it and cpu usage goes back to small ripple.

Thanks in advance,

Saruro.

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 03 November 2008 - 06:02 PM

Hello.

Let's pinpoint which service it is exactly. First restart your computer and keep all the processes running.
  • Please download Processexplorer.zip by SysInternals to your desktop.
  • Unzip the contents into a folder on your desktop.
  • Double click procexp.exe to start process explorer.

    The screen you see will be very similar to the Task Manager. Right click the SvcHost entry that is "jumpy". Select the Image tab. Copy the contents of the Commandline box.

    Repeat for any other suspiciouis processes.
--
Post them back to me giving a description of each entry (why you thought it was suspicious).

With Regards,
The Panda

#14 saruro

saruro
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 05 November 2008 - 05:10 AM

Hi The Panda,

Ran Processexplorer and svchost.exe i thought suspicious were not but you were right about Karpesky being the one unstabling my system. I got iTunes & iexplorer on and cpu usage oscillates between 3% and 11% sinewavewise with K disabled. I will uninstall K but i need to install & scan my pc with an antimalware just to make sure there is no infection. Which one do you suggest?.

Here is the commandlines:

1- C:\WINDOWS\system32\svchost -k DcomLaunch
2- C:\WINDOWS\system32\svchost -k rpcss
3- C:\WINDOWS\System32\svchost.exe -k netsvcs
4- C:\WINDOWS\system32\svchost.exe -k LocalService
5- C:\WINDOWS\system32\svchost.exe -k bthsvcs
6- C:\WINDOWS\system32\svchost.exe -k imgsvc
7- C:\WINDOWS\system32\wdfmgr.exe
8- C:\WINDOWS\System32\alg.exe

Thanks in advance,

Saruro.

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 05 November 2008 - 02:43 PM

Hello.

All those listed above are legit windows processes.

I don't think this problem is malware related.

Try going to windows updates and installing all updates, including SP3.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users