Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another infected w/ AntispywareXP2009


  • This topic is locked This topic is locked
22 replies to this topic

#1 Brainbabe

Brainbabe

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 26 October 2008 - 08:08 AM

I am also infected with this virus. A window popped up saying I had to update Windows protection so I did and it installed this program called AntispywareXP2009. It is blocking my normal anti-virus program TREND MICRO, which now will not open. It keeps showing a message every 30 sec. saying "your computer is infected! Windows has detected a spyware infection. It is recommended to use special spyware tools to pervent [sic] data loss. ....Click here to protect your computer from spyware." I mistakenly thought it was a Windows Update and downloaded it. I tried to Restore the system to a previous state but it is still there. What can I do? Any help would be greatly appreciated!!
Brainbabe :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:27 PM

Posted 26 October 2008 - 10:23 AM

Hello Brainbabe

Welcome to BleepingComputer :thumbsup:
========================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      FIle - Lop check
      File - Purity Scan
      Under Basic scans:
      Rootkit Search -Yes
      Drivers -Non Microsoft
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Attach the information back here. I will review it when it comes in.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 Brainbabe

Brainbabe
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 26 October 2008 - 11:13 AM

As per your instructions, I have done the following:
1. I used CCCleaner, which I already had installed to clean my temporary files.
2. I couldn't find FIREFOX becuase the malware seems to have done something with it. I see the Direct access but it cannot find the .exe to open FIREFOX.
2. I donwloaded OTScan and scanned the drives and this is what I got:
OTScanIt logfile created on: 26/10/2008 16:57:03
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Documents and Settings\BUTRAGUEÑO\Escritorio\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040A | Country: España | Language: ESP | Date Format: dd/MM/yyyy
 
511,48 Mb Total Physical Memory | 138,04 Mb Available Physical Memory | 26,99% Memory free
1,22 Gb Paging File | 0,81 Gb Available in Paging File | 66,77% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 53,89 Gb Total Space | 22,01 Gb Free Space | 40,85% Space Free | Partition Type: FAT32
Drive D: | 55,88 Gb Total Space | 11,94 Gb Free Space | 21,37% Space Free | Partition Type: FAT32
Drive E: | 452,18 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER
Current User Name: BUTRAGUEÑO
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 20/07/2007 0:40:48 | Attr =	]
lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 20/07/2007 0:38:54 | Attr =	]
lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 20/07/2007 0:38:54 | Attr =	]
wfwiz.exe -> %SystemDrive%\Program Files\Aspire\WFTVFM\WFWIZ.exe -> Acer [Ver = 5.13.01.2003-1.34 | Size = 135168 bytes | Modified Date = 09/09/2003 10:27:50 | Attr =	]
mps.exe -> %SystemDrive%\ACER\MPS.EXE ->  [Ver = 1, 5, 0, 0 | Size = 360448 bytes | Modified Date = 14/08/2003 17:10:52 | Attr =	]
communications_helper.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe ->  [Ver =  | Size = 563984 bytes | Modified Date = 25/07/2007 16:02:54 | Attr =	]
quickcam.exe -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe ->  [Ver =  | Size = 2027792 bytes | Modified Date = 25/07/2007 16:06:30 | Attr =	]
brastk.exe -> %SystemRoot%\system32\brastk.exe ->  [Ver =  | Size = 10240 bytes | Modified Date = 26/10/2008 13:35:44 | Attr =	]
smileboxtray.exe -> %AppData%\Smilebox\SmileboxTray.exe -> Smilebox, Inc. [Ver = 1, 0, 0, 1 | Size = 205448 bytes | Modified Date = 30/07/2008 20:53:02 | Attr =	]
cocimanager.exe -> %CommonProgramFiles%\Logishrd\LQCVFX\COCIManager.exe -> Logitech Inc. [Ver = 11.1.0.2030 | Size = 403728 bytes | Modified Date = 25/07/2007 16:02:32 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(AresChatServer) Ares Chatroom server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Ares\chatServer.exe -> File not found
(dmadmin) Servicio del administrador de discos lógicos [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., VERITAS Software [Ver = 2600.5512.503.0 | Size = 225792 bytes | Modified Date = 14/04/2008 4:18:56 | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> File not found
(KNOBSERV) Knob Service [Win32_Own | Auto | Stopped] -> %SystemDrive%\acer\KnobService.exe -> Acer Inc. [Ver = 1, 5, 4, 4 | Size = 275968 bytes | Modified Date = 23/09/2003 11:14:16 | Attr =	]
(LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 20/07/2007 0:38:54 | Attr =	]
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 20/07/2007 0:40:48 | Attr =	]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> File not found
(NMSAccessU) NMSAccessU [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Fotoprix\FotoLibro\NMSAccessU.exe -> File not found
(usnjsvc) Servicio Lector del diario USN de Carpetas para compartir de Messenger [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> File not found
AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> File not found
Aspire Schedule -> %SystemDrive%\Program Files\Aspire\WFTVFM\WFWIZ.exe [C:\Program Files\Aspire\WFTVFM\WFWIZ.exe] -> Acer [Ver = 5.13.01.2003-1.34 | Size = 135168 bytes | Modified Date = 09/09/2003 10:27:50 | Attr =	]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> Google [Ver = 5.7.806.10245 | Size = 29744 bytes | Modified Date = 07/09/2008 0:02:04 | Attr =	]
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"] -> File not found
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe [C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 19/02/2006 2:41:10 | Attr =	]
HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb07.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe] -> HP [Ver = 2,140,0,0 | Size = 188416 bytes | Modified Date = 22/11/2002 11:27:24 | Attr =	]
HPHmon04 -> %SystemRoot%\system32\hphmon04.exe [C:\WINDOWS\system32\hphmon04.exe] -> Hewlett-Packard [Ver = 4,2,41 | Size = 348160 bytes | Modified Date = 22/11/2002 21:26:22 | Attr =	]
HPHUPD04 -> %ProgramFiles%\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe ["C:\Archivos de programa\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"] -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Archivos de programa\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 8.0.1.11 | Size = 289576 bytes | Modified Date = 01/10/2008 18:57:12 | Attr =	]
KnobMonitor -> %SystemDrive%\acer\KnobMonitor.exe [C:\acer\KnobMonitor.exe] -> Acer Inc. [Ver = 1, 5, 4, 4 | Size = 270336 bytes | Modified Date = 24/09/2003 3:51:42 | Attr =	]
LogitechCommunicationsManager -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe ["C:\Archivos de programa\Archivos comunes\LogiShrd\LComMgr\Communications_Helper.exe"] ->  [Ver =  | Size = 563984 bytes | Modified Date = 25/07/2007 16:02:54 | Attr =	]
LogitechQuickCamRibbon -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe ["C:\Archivos de programa\Logitech\QuickCam\Quickcam.exe" /hide] ->  [Ver =  | Size = 2027792 bytes | Modified Date = 25/07/2007 16:06:30 | Attr =	]
LogitechVideo[inspector] -> %ProgramFiles%\Logitech\Video\InstallHelper.exe [C:\Archivos de programa\Logitech\Video\InstallHelper.exe /inspect] -> File not found
MPS -> %SystemDrive%\ACER\MPS.EXE [C:\ACER\MPS.EXE] ->  [Ver = 1, 5, 0, 0 | Size = 360448 bytes | Modified Date = 14/08/2003 17:10:52 | Attr =	]
NvCplDaemon -> %SystemRoot%\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 5058560 bytes | Modified Date = 06/10/2003 14:16:00 | Attr =	]
pccguide.exe -> %ProgramFiles%\Trend Micro\Internet Security 2007\pccguide.exe ["C:\Archivos de programa\Trend Micro\Internet Security 2007\pccguide.exe"] -> Trend Micro Inc. [Ver = 15.30.0.1231 | Size = 3434000 bytes | Modified Date = 08/03/2007 0:29:46 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime] -> File not found
SoundMan -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5.0.21 | Size = 53248 bytes | Modified Date = 27/03/2003 16:34:58 | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10/06/2008 4:27:04 | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe"  -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.4279 | Size = 185896 bytes | Modified Date = 08/03/2008 21:47:18 | Attr =	]
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx -> 
Flag ->  [] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 19/02/2007 23:03:02 | Attr =	]
NvMediaCenter -> %SystemRoot%\System32\NVMCTRAY.DLL [RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 49152 bytes | Modified Date = 06/10/2003 14:16:00 | Attr =	]
SmileboxTray -> %AppData%\Smilebox\SmileboxTray.exe ["C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Smilebox\SmileboxTray.exe"] -> Smilebox, Inc. [Ver = 1, 0, 0, 1 | Size = 205448 bytes | Modified Date = 30/07/2008 20:53:02 | Attr =	]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 15/07/2007 12:10:32 | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio -> 
%AllUsersProfile%\Menú Inicio\Programas\Inicio\BTTray.lnk -> %ProgramFiles%\Belkin\Software Bluetooth\BTTray.exe -> Broadcom Corporation [Ver = 3.0.1.912 | Size = 565309 bytes | Modified Date = 01/10/2004 15:12:18 | Attr =	]
%AllUsersProfile%\Menú Inicio\Programas\Inicio\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 19/02/2007 23:03:02 | Attr =	]
%AllUsersProfile%\Menú Inicio\Programas\Inicio\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 19/02/2006 4:21:22 | Attr =	]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
karna.datOS -> %SystemRoot%\karna.dat -> File not found
DE ->  -> File not found
PRO ->  -> File not found
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1036288 bytes | Modified Date = 14/04/2008 4:18:58 | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26624 bytes | Modified Date = 14/04/2008 4:19:14 | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 515584 bytes | Modified Date = 14/04/2008 4:19:02 | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8503296 bytes | Modified Date = 14/04/2008 4:18:36 | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 304640 bytes | Modified Date = 14/04/2008 4:19:18 | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
__c0079604 ->  -> File not found
WgaLogon ->  -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Controlador de CD-ROM -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 13/04/2008 20:40:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTORUN.INF [[autorun] | OPEN=instapls.exe /AUTORUN | ICON=instapls.exe,1 |  | shell\configure=&Configurar... | shell\configure\command=instapls.exe |  | shell\install=&Instalar... | shell\install\command=instapls.exe | ] -> E:\AUTORUN.INF [ CDFS ] ->  [Ver =  | Size = 198 bytes | Modified Date = 08/06/2001 18:48:54 | Attr = R  ]
< HOSTS File > (792 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1	   localhost
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://global.acer.com/ -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_CURRENT_USER\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[gogl] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Freecorder\tbFre1.dll [Freecorder Toolbar] -> File not found
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Barra Yahoo! con bloqueador de ventanas emergentes] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
www_plaxo.com [https] -> Sitios de confianza -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{9455301C-CF6B-11D3-A266-00C04F689C50} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Microsoft Shared\Reference 2001\EROProj.dll [&Investigador de Encarta] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{1392b8d2-5c05-419f-a8f6-b9f15a596612} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Freecorder\tbFre1.dll [Freecorder Toolbar] -> File not found
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2427968 bytes | Modified Date = 15/07/2007 12:11:32 | Attr = R  ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Freecorder\tbFre1.dll [Freecorder Toolbar] -> File not found
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2427968 bytes | Modified Date = 15/07/2007 12:11:32 | Attr = R  ]
ShellBrowser\\{5776A2BC-D803-47F6-9DC0-8344DB8D604C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Freecorder\tbFre1.dll [Freecorder Toolbar] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2427968 bytes | Modified Date = 15/07/2007 12:11:32 | Attr = R  ]
WebBrowser\\{5776A2BC-D803-47F6-9DC0-8344DB8D604C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{871F91FD-3A92-4988-A842-16AB2CFF5AF1} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Barra Yahoo! con bloqueador de ventanas emergentes] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Consola de Sun Java] -> File not found
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Consola de Sun Java] -> File not found
{9455301C-CF6B-11D3-A266-00C04F689C50}:BandCLSID -> %CommonProgramFiles%\Microsoft Shared\Reference 2001\EROProj.dll [Investigador] -> File not found
{CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Consola de Sun Java] -> File not found
CmdMapping\\{9455301C-CF6B-11D3-A266-00C04F689C50} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Microsoft Shared\Reference 2001\EROProj.dll [&Investigador de Encarta] -> File not found
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] ->  [@btrez.dll,-4015] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> %SystemRoot%\system32\GPhotos.scr -> Google Inc. [Ver = 3.0.57.24 | Size = 2302017 bytes | Modified Date = 18/09/2008 18:44:16 | Attr =	]
Add to Windows &Live Favorites ->  -> File not found
Enviar a &Bluetooth -> %ProgramFiles%\Belkin\Software Bluetooth\btsendto_ie_ctx.htm -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{16784249-389F-42C0-94D7-1E371F637CA1} ->	() -> 
{D9DC91C7-EA53-4A0C-8AF0-80FE49299E18} ->	() -> 
{E5FF141F-97BF-4B91-9DFC-7FE6E5E6EAFC} -> 80.58.61.250,80.58.61.254   (Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
{FA379699-34F6-4D07-B4DF-99772720A6F4} ->	() -> 
{FD609398-E1F3-408E-AB3A-FEA38C879C2C} ->	(Adaptador de red 1394) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,5,11 | Size = 147456 bytes | Modified Date = 29/08/2008 9:53:50 | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> File not found
cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> File not found
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msencarta:{74D92DF3-6D9D-11D1-8B38-006097DBED7A} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Microsoft Shared\Reference 2001\MSREF.DLL[MSFT RefBU IE4+ Pluggable Protocol] -> File not found
msero:{B0D92A71-886B-453B-A649-1B91F93801E7} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Microsoft Shared\Reference 2001\msero.dll[Protocol Class] -> File not found
ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Microsoft Shared\Information Retrieval\msitss.dll[Microsoft Infotech Storage Protocol for IE 4.0] -> File not found
msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL[Reg Error: Value  does not exist or could not be read.] -> File not found
msref:{74D92DF3-6D9D-11D1-8B38-006097DBED7A} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Microsoft Shared\Reference 2001\MSREF.DLL[MSFT RefBU IE4+ Pluggable Protocol] -> File not found
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 13/09/2007 13:31:38 | Attr = R  ]
widimg:{EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\btxppanel.dll[WidImg Class] -> Broadcom Corporation [Ver = 3.0.1.912 | Size = 110592 bytes | Modified Date = 01/10/2004 14:54:44 | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{00B71CFB-6864-4346-A978-C0A14556272C}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[Checkers Class] -> 
{02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{2917297F-F02B-4B9D-81DF-494B6333150B}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab[Minesweeper Flags Class] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] -> 
{474F00F5-3853-492C-AC3A-476512BBC336}[HKEY_LOCAL_MACHINE] -> http://picasaweb.google.com/s/v/e/37.09/HboD-mApHAo/uploader2.cab[UploadListView Class] -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://andy-gonuts90.spaces.msn.com//PhotoUpload/MsnPUpld.cab[MSN Photo Upload Tool] -> 
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://go.divx.com/plugin/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> 
{7FC1B346-83E6-4774-8D20-1A6B09B0E737}[HKEY_LOCAL_MACHINE] -> http://andy-gonuts90.spaces.live.com/PhotoUpload/MsnPUpld.cab[Windows Live Photo Upload Control] -> 
{8436FE12-31DB-48BF-83BF-FE682F9160B4}[HKEY_LOCAL_MACHINE] -> http://www.nanoscan.com/cabs/nanoinst.cab[NanoInstaller Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[MessengerStatsClient Class] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_07] -> 
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] -> 
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[Java Plug-in 1.5.0_04] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab[Java Plug-in 1.5.0_08] -> 
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[Java Plug-in 1.5.0_09] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}[HKEY_LOCAL_MACHINE] -> http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MsnPUpld.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MsnPUpld.dll\\.Owner -> {7FC1B346-83E6-4774-8D20-1A6B09B0E737} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MsnPUpld.dll\\{7FC1B346-83E6-4774-8D20-1A6B09B0E737} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/PURen-us.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/PURen-us.dll\\.Owner -> {7FC1B346-83E6-4774-8D20-1A6B09B0E737} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/PURen-us.dll\\{7FC1B346-83E6-4774-8D20-1A6B09B0E737} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\.Owner -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\.Owner -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\{02BCC737-B171-4746-94C9-0D8A0B2C0089} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LibComm.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LibComm.dll\\.Owner -> {8436FE12-31DB-48BF-83BF-FE682F9160B4} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LibComm.dll\\{8436FE12-31DB-48BF-83BF-FE682F9160B4} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/messengerstatsclient.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/messengerstatsclient.dll\\.Owner -> {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/messengerstatsclient.dll\\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/minesweeper.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/minesweeper.dll\\.Owner -> {2917297F-F02B-4B9D-81DF-494B6333150B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/minesweeper.dll\\{2917297F-F02B-4B9D-81DF-494B6333150B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\.Owner -> {00B71CFB-6864-4346-A978-C0A14556272C} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\{00B71CFB-6864-4346-A978-C0A14556272C} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NanoInst.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NanoInst.dll\\.Owner -> {8436FE12-31DB-48BF-83BF-FE682F9160B4} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NanoInst.dll\\{8436FE12-31DB-48BF-83BF-FE682F9160B4} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PSComm.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PSComm.dll\\.Owner -> {8436FE12-31DB-48BF-83BF-FE682F9160B4} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PSComm.dll\\{8436FE12-31DB-48BF-83BF-FE682F9160B4} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PSNAdbrk.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PSNAdbrk.dll\\.Owner -> {8436FE12-31DB-48BF-83BF-FE682F9160B4} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PSNAdbrk.dll\\{8436FE12-31DB-48BF-83BF-FE682F9160B4} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\\.Owner -> {474F00F5-3853-492C-AC3A-476512BBC336} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\\{474F00F5-3853-492C-AC3A-476512BBC336} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\PCF2000 -> PCF2000 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\PCF2000 -> PCF2000 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\.Owner -> PCF2000 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\PCF2000 -> PCF2000 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> PCF2000 -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 4:18:28 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\System32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 14/04/2008 4:18:24 | Attr =	]
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 4:18:28 | Attr =	]
schannel -> %SystemRoot%\System32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 14/04/2008 4:18:36 | Attr =	]
wdigest -> %SystemRoot%\System32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 14/04/2008 4:18:46 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 540 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\System32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 185856 bytes | Modified Date = 14/04/2008 4:18:36 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 119808 bytes | Modified Date = 14/04/2008 4:18:30 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> E0 21 B7 8A F4 05 27 63 CA F8 88 EA 89 84 BB 4B 32 38 31 65 62 65 61 32 00 00 00 00 01 00 00 00 C8 01 00 00 CC 01 00 00 34 CA 06 00 45 9D B9 71 04 00 00 00 10 00 00 00 00 00 00 00 5C 22 B8 46  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> BC 88 E4 54 F9 D6 61 33 A0  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 84 9E 7D 4A 20 47  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> EF 02 7A 17 0F 3A 4A DB 7D 1B DA 48 DF E2 6C 32  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 8A 8E 27 6A 67 37 C9 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 A6 60 30 DE 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 2D F4 33 DE 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 5A 25 35 DE 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 4:19:12 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Firewall de Windows/Conexión compartida a Internet (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Ofrece servicios de traducción de direcciones, direccionamiento, resolución de nombres y/o servicios de prevención de intrusión para una red doméstica o de pequeña empresa. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 7070 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 332288 bytes | Modified Date = 14/04/2008 4:18:24 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 143360 bytes | Modified Date = 14/04/2008 4:19:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 19/02/2007 23:03:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Archivos de programa\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Archivos de programa\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 13/04/2008 20:53:32 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 143360 bytes | Modified Date = 14/04/2008 4:19:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Messenger\MSMSGS.EXE -> %ProgramFiles%\Messenger\MSMSGS.EXE [C:\Archivos de programa\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 14/04/2008 4:19:04 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\eMule\emule.exe -> %ProgramFiles%\eMule\emule.exe [C:\Archivos de programa\eMule\emule.exe:*:Enabled:eMule] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\System32\mshta.exe -> %SystemRoot%\System32\mshta.exe [C:\WINDOWS\System32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 29184 bytes | Modified Date = 14/04/2008 4:19:04 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\HP\HP Software Update\HPWUCli.exe -> %ProgramFiles%\HP\HP Software Update\HPWUCli.exe [C:\Archivos de programa\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\SmartFTP\SmartFTP.exe -> %ProgramFiles%\SmartFTP\SmartFTP.exe [C:\Archivos de programa\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Java\jre1.5.0_06\BIN\javaw.exe -> %ProgramFiles%\Java\jre1.5.0_06\BIN\javaw.exe [C:\Archivos de programa\Java\jre1.5.0_06\BIN\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\System32\javaw.exe -> %SystemRoot%\System32\javaw.exe [C:\WINDOWS\System32\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 10/06/2008 1:21:04 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Ares\Ares.exe -> %ProgramFiles%\Ares\Ares.exe [C:\Archivos de programa\Ares\Ares.exe:*:Enabled:Ares p2p for windows] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 19/02/2007 23:03:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe [C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 19/02/2006 4:21:22 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\HP\Digital Imaging\bin\hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe [C:\Archivos de programa\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 239320 bytes | Modified Date = 19/02/2006 5:24:52 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\HP\Digital Imaging\bin\hpofxm08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpofxm08.exe [C:\Archivos de programa\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\HP\Digital Imaging\bin\hposfx08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hposfx08.exe [C:\Archivos de programa\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\HP\Digital Imaging\bin\hposid01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hposid01.exe [C:\Archivos de programa\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\HP\Digital Imaging\bin\hpqscnvw.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Archivos de programa\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\HP\Digital Imaging\bin\hpqkygrp.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Archivos de programa\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> Hewlett-Packard [Ver = 7.0.0.177 | Size = 1085440 bytes | Modified Date = 16/02/2006 22:49:52 | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\HP\Digital Imaging\bin\hpqCopy.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqCopy.exe [C:\Archivos de programa\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\HP\Digital Imaging\bin\hpfccopy.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpfccopy.exe [C:\Archivos de programa\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> Hewlett-Packard [Ver = 7.0.0.175 | Size = 147511 bytes | Modified Date = 15/02/2006 10:37:26 | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\HP\Digital Imaging\bin\hpzwiz01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Archivos de programa\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\HP\Digital Imaging\bin\hpoews01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpoews01.exe [C:\Archivos de programa\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\HP\Digital Imaging\bin\hpqnrs08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqnrs08.exe [C:\Archivos de programa\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Pinnacle\VideoSpin\Programs\RM.exe -> %ProgramFiles%\Pinnacle\VideoSpin\Programs\RM.exe [C:\Archivos de programa\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe -> %ProgramFiles%\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe [C:\Archivos de programa\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Pinnacle\VideoSpin\Programs\umi.exe -> %ProgramFiles%\Pinnacle\VideoSpin\Programs\umi.exe [C:\Archivos de programa\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Pinnacle\VideoSpin\Programs\VideoSpin.exe -> %ProgramFiles%\Pinnacle\VideoSpin\Programs\VideoSpin.exe [C:\Archivos de programa\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Veoh Networks\Veoh\VeohClient.exe -> %ProgramFiles%\Veoh Networks\Veoh\VeohClient.exe [C:\Archivos de programa\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Archivos de programa\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 93184 bytes | Modified Date = 14/04/2008 4:19:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Archivos de programa\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.5.0.239 | Size = 22880040 bytes | Modified Date = 13/09/2007 13:31:38 | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 13/04/2008 20:53:32 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Archivos de programa\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,5,11 | Size = 238888 bytes | Modified Date = 29/08/2008 10:18:44 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Archivos de programa\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Archivos de programa\iTunes\iTunes.exe:*:Enabled:iTunes] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{94C7E79A-4E63-4118-AE2B-F21600EB9218} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{CF0032C7-4068-42C0-AA3D-27317F445306} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 4:19:12 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Actualizaciones automáticas -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Habilita la descarga e instalación de actualizaciones críticas de Windows. Si el servicio está deshabilitado, el sistema operativo se puede actualizar manualmente en el sitio Web de Windows Update.  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 14/04/2008 4:18:48 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
brastk.exe -> %SystemRoot%\System32\brastk.exe ->  [Ver =  | Size = 10240 bytes | Created Date = 26/10/2008 11:44:05 | Attr =	]
TDSSbeat.dat -> %SystemRoot%\System32\TDSSbeat.dat ->  [Ver =  | Size = 164 bytes | Created Date = 26/10/2008 0:43:56 | Attr =	]
delself.bat -> %SystemRoot%\System32\delself.bat ->  [Ver =  | Size = 114 bytes | Created Date = 26/10/2008 11:44:06 | Attr =	]
xelab.dl -> %SystemRoot%\System32\xelab.dl ->  [Ver =  | Size = 12934 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
TDSSfpmp.dll -> %SystemRoot%\System32\TDSSfpmp.dll ->  [Ver =  | Size = 30720 bytes | Created Date = 26/10/2008 11:39:02 | Attr =	]
TDSSnrse.dll -> %SystemRoot%\System32\TDSSnrse.dll ->  [Ver =  | Size = 2760 bytes | Created Date = 26/10/2008 11:39:03 | Attr =	]
wini10801.exe -> %SystemRoot%\System32\wini10801.exe ->  [Ver = 1, 0, 0, 1 | Size = 60578 bytes | Created Date = 26/10/2008 11:46:20 | Attr =	]
eqehuvevom.scr -> %SystemRoot%\System32\eqehuvevom.scr ->  [Ver =  | Size = 15020 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
kamakuqehy._sy -> %SystemRoot%\System32\kamakuqehy._sy ->  [Ver =  | Size = 19223 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 26/10/2008 14:10:43 | Attr =	]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
brastk.exe -> %SystemRoot%\brastk.exe ->  [Ver =  | Size = 10240 bytes | Created Date = 26/10/2008 13:35:43 | Attr =	]
cazuzoqu.dat -> %SystemRoot%\cazuzoqu.dat ->  [Ver =  | Size = 13464 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
wylexodep._dl -> %SystemRoot%\wylexodep._dl ->  [Ver =  | Size = 10088 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
aguqumon.exe -> %SystemRoot%\aguqumon.exe ->  [Ver =  | Size = 13101 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
ulidoguj.dl -> %SystemRoot%\ulidoguj.dl ->  [Ver =  | Size = 16828 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
idunitusyv.lib -> %SystemRoot%\idunitusyv.lib ->  [Ver =  | Size = 12407 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> %AllUsersProfile%\Datos de programa\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} ->  [Folder | Created Date = 04/10/2008 13:29:28 | Attr =	]
2 C:\Documents and Settings\All Users\Datos de programa\*.tmp files -> C:\Documents and Settings\All Users\Datos de programa\*.tmp -> 
uxohuci.vbs -> %AllUsersProfile%\Datos de programa\uxohuci.vbs ->  [Ver =  | Size = 12152 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
wimujyxasy.ban -> %AllUsersProfile%\Datos de programa\wimujyxasy.ban ->  [Ver =  | Size = 15059 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
dybur.scr -> %AllUsersProfile%\Datos de programa\dybur.scr ->  [Ver =  | Size = 19902 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
Any Video Converter -> %AppData%\Any Video Converter ->  [Folder | Created Date = 05/10/2008 18:31:49 | Attr =	]
hovepun.db -> %AppData%\hovepun.db ->  [Ver =  | Size = 17741 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
bizeheb.lib -> %AppData%\bizeheb.lib ->  [Ver =  | Size = 11704 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
aqikem._sy -> %AppData%\aqikem._sy ->  [Ver =  | Size = 12316 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
xumerasuwi.com -> %UserProfile%\Configuración local\Datos de programa\xumerasuwi.com ->  [Ver =  | Size = 11106 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
ojym.dat -> %UserProfile%\Configuración local\Datos de programa\ojym.dat ->  [Ver =  | Size = 18496 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
acag.dll -> %UserProfile%\Configuración local\Datos de programa\acag.dll ->  [Ver =  | Size = 16491 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
fakomyly.db -> %UserProfile%\Configuración local\Datos de programa\fakomyly.db ->  [Ver =  | Size = 12309 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
hynoko.inf -> %UserProfile%\Configuración local\Datos de programa\hynoko.inf ->  [Ver =  | Size = 15395 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
ajekekuw.com -> %AllUsersProfile%\Documentos\ajekekuw.com ->  [Ver =  | Size = 12674 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
uzeqyseku.scr -> %AllUsersProfile%\Documentos\uzeqyseku.scr ->  [Ver =  | Size = 17325 bytes | Created Date = 26/10/2008 13:23:52 | Attr =	]
Any Video Converter -> %UserProfile%\Mis documentos\Any Video Converter ->  [Folder | Created Date = 05/10/2008 18:32:08 | Attr =	]
Acceso directo a FLV.lnk -> %UserProfile%\Mis documentos\Acceso directo a FLV.lnk ->  [Ver =  | Size = 398 bytes | Created Date = 05/10/2008 19:58:13 | Attr =	]
iTunes.lnk -> %AllUsersProfile%\Escritorio\iTunes.lnk ->  [Ver =  | Size = 2165 bytes | Created Date = 04/10/2008 13:30:16 | Attr =	]
Any Video Converter.lnk -> %UserProfile%\Escritorio\Any Video Converter.lnk ->  [Ver =  | Size = 654 bytes | Created Date = 05/10/2008 18:31:57 | Attr =	]
Universidad Pontificia Comillas.url -> %UserProfile%\Escritorio\Universidad Pontificia Comillas.url ->  [Ver =  | Size = 186 bytes | Created Date = 05/10/2008 19:49:10 | Attr =	]
BT_presentation.wmv -> %UserProfile%\Escritorio\BT_presentation.wmv ->  [Ver =  | Size = 33434023 bytes | Created Date = 05/10/2008 19:52:38 | Attr =	]
BT_presentation.flv -> %UserProfile%\Escritorio\BT_presentation.flv ->  [Ver =  | Size = 8094535 bytes | Created Date = 05/10/2008 19:54:39 | Attr =	]
OTScanIt.exe -> %UserProfile%\Escritorio\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 26/10/2008 16:50:51 | Attr =	]
TOEFL Test 2 (23 pp).pdf -> %UserProfile%\Escritorio\TOEFL Test 2 (23 pp).pdf ->  [Ver =  | Size = 779931 bytes | Created Date = 11/10/2008 18:04:37 | Attr =	]
TOEFL Test 3 (24 pp).pdf -> %UserProfile%\Escritorio\TOEFL Test 3 (24 pp).pdf ->  [Ver =  | Size = 6267375 bytes | Created Date = 11/10/2008 20:03:17 | Attr =	]
TOEFL Test 1-Answer key.pdf -> %UserProfile%\Escritorio\TOEFL Test 1-Answer key.pdf ->  [Ver =  | Size = 170032 bytes | Created Date = 11/10/2008 20:46:03 | Attr =	]
OTScanIt -> %UserProfile%\Escritorio\OTScanIt ->  [Folder | Created Date = 26/10/2008 16:53:09 | Attr =	]
AntiSpywareXP2009.lnk -> %UserProfile%\Escritorio\AntiSpywareXP2009.lnk ->  [Ver =  | Size = 1587 bytes | Created Date = 26/10/2008 13:22:06 | Attr =	]
ODBC -> %CommonProgramFiles%\ODBC ->  [Folder | Created Date = 26/10/2008 14:22:30 | Attr =	]
Designer -> %CommonProgramFiles%\Designer ->  [Folder | Created Date = 26/10/2008 14:24:46 | Attr =	]
QuickTime -> %ProgramFiles%\QuickTime ->  [Folder | Created Date = 04/10/2008 13:25:52 | Attr =	]
Bonjour -> %ProgramFiles%\Bonjour ->  [Folder | Created Date = 04/10/2008 13:27:47 | Attr =	]
iTunes -> %ProgramFiles%\iTunes ->  [Folder | Created Date = 04/10/2008 13:29:28 | Attr =	]
AntiSpywareXP2009 -> %ProgramFiles%\AntiSpywareXP2009 ->  [Folder | Created Date = 26/10/2008 13:22:03 | Attr =	]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 536399872 bytes | Modified Date = 26/10/2008 13:36:06 | Attr =  HS]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 15/10/2008 19:45:32 | Attr =  H ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 15/10/2008 19:45:32 | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 15/10/2008 22:33:54 | Attr =  H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 15/10/2008 22:33:54 | Attr =  H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 18/10/2008 19:42:26 | Attr =  H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 18/10/2008 19:42:26 | Attr =  H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 11/10/2008 11:33:06 | Attr =  H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 11/10/2008 11:33:06 | Attr =  H ]
beep.sys -> %SystemRoot%\System32\dllcache\beep.sys ->  [Ver =  | Size = 28160 bytes | Modified Date = 26/10/2008 11:44:08 | Attr =	]
beep.sys -> %SystemRoot%\System32\drivers\beep.sys ->  [Ver =  | Size = 28160 bytes | Modified Date = 26/10/2008 11:44:08 | Attr =	]
brastk.exe -> %SystemRoot%\System32\brastk.exe ->  [Ver =  | Size = 10240 bytes | Modified Date = 26/10/2008 13:35:44 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 26/10/2008 14:15:08 | Attr =	]
TDSSbeat.dat -> %SystemRoot%\System32\TDSSbeat.dat ->  [Ver =  | Size = 164 bytes | Modified Date = 26/10/2008 11:38:52 | Attr =	]
delself.bat -> %SystemRoot%\System32\delself.bat ->  [Ver =  | Size = 114 bytes | Modified Date = 26/10/2008 11:44:08 | Attr =	]
xelab.dl -> %SystemRoot%\System32\xelab.dl ->  [Ver =  | Size = 12934 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
TDSSfpmp.dll -> %SystemRoot%\System32\TDSSfpmp.dll ->  [Ver =  | Size = 30720 bytes | Modified Date = 26/10/2008 11:39:04 | Attr =	]
TDSSnrse.dll -> %SystemRoot%\System32\TDSSnrse.dll ->  [Ver =  | Size = 2760 bytes | Modified Date = 26/10/2008 11:39:04 | Attr =	]
wini10801.exe -> %SystemRoot%\System32\wini10801.exe ->  [Ver = 1, 0, 0, 1 | Size = 60578 bytes | Modified Date = 26/10/2008 13:21:30 | Attr =	]
eqehuvevom.scr -> %SystemRoot%\System32\eqehuvevom.scr ->  [Ver =  | Size = 15020 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
kamakuqehy._sy -> %SystemRoot%\System32\kamakuqehy._sy ->  [Ver =  | Size = 19223 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 420008 bytes | Modified Date = 26/10/2008 11:38:46 | Attr =	]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 26/10/2008 13:36:06 | Attr =   S]
brastk.exe -> %SystemRoot%\brastk.exe ->  [Ver =  | Size = 10240 bytes | Modified Date = 26/10/2008 13:35:44 | Attr =	]
bthservsdp.dat -> %SystemRoot%\bthservsdp.dat ->  [Ver =  | Size = 12 bytes | Modified Date = 26/10/2008 13:34:08 | Attr =	]
cazuzoqu.dat -> %SystemRoot%\cazuzoqu.dat ->  [Ver =  | Size = 13464 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
wylexodep._dl -> %SystemRoot%\wylexodep._dl ->  [Ver =  | Size = 10088 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
aguqumon.exe -> %SystemRoot%\aguqumon.exe ->  [Ver =  | Size = 13101 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
ulidoguj.dl -> %SystemRoot%\ulidoguj.dl ->  [Ver =  | Size = 16828 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
idunitusyv.lib -> %SystemRoot%\idunitusyv.lib ->  [Ver =  | Size = 12407 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 26/10/2008 13:36:12 | Attr =  H ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 298 bytes | Modified Date = 08/10/2008 11:20:06 | Attr =	]
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader ->  [Folder | Modified Date = 30/01/2004 4:01:50 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 26/10/2008 14:10:30 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4646 bytes | Modified Date = 26/10/2008 14:10:30 | Attr =	]
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\Office\Data ->  [Folder | Modified Date = 26/02/2005 11:39:34 | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 26/02/2005 11:46:52 | Attr =	]
C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp\ -> C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp ->  [Folder | Modified Date = 30/01/2004 3:38:12 | Attr =	]
DWPUpgradeInstaller.exe -> C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp\DWPUpgradeInstaller.exe -> DivX, Inc. [Ver = 6.8.5.9 | Size = 8239400 bytes | Modified Date = 25/10/2008 19:51:12 | Attr =	]
GLB1A2B.EXE -> C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp\GLB1A2B.EXE ->  [Ver =  | Size = 165376 bytes | Modified Date = 23/05/2005 16:00:54 | Attr =	]
ycomp_setup.exe -> C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp\ycomp_setup.exe ->  [Ver =  | Size = 1636376 bytes | Modified Date = 09/01/2007 15:09:00 | Attr =	]
37 C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp\*.tmp files -> C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp\*.tmp -> 
C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp\ -> C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp ->  [Folder | Modified Date = 30/01/2004 3:38:12 | Attr =	]
Perflib_Perfdata_1278.dat -> C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp\Perflib_Perfdata_1278.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 26/10/2008 14:27:26 | Attr =	]
37 C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp\*.tmp files -> C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
2 C:\Documents and Settings\All Users\Datos de programa\*.tmp files -> C:\Documents and Settings\All Users\Datos de programa\*.tmp -> 
uxohuci.vbs -> %AllUsersProfile%\Datos de programa\uxohuci.vbs ->  [Ver =  | Size = 12152 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
wimujyxasy.ban -> %AllUsersProfile%\Datos de programa\wimujyxasy.ban ->  [Ver =  | Size = 15059 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
dybur.scr -> %AllUsersProfile%\Datos de programa\dybur.scr ->  [Ver =  | Size = 19902 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
hovepun.db -> %AppData%\hovepun.db ->  [Ver =  | Size = 17741 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
bizeheb.lib -> %AppData%\bizeheb.lib ->  [Ver =  | Size = 11704 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
aqikem._sy -> %AppData%\aqikem._sy ->  [Ver =  | Size = 12316 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 123392 bytes | Modified Date = 26/10/2008 16:37:34 | Attr =	]
xumerasuwi.com -> %UserProfile%\Configuración local\Datos de programa\xumerasuwi.com ->  [Ver =  | Size = 11106 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
ojym.dat -> %UserProfile%\Configuración local\Datos de programa\ojym.dat ->  [Ver =  | Size = 18496 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
acag.dll -> %UserProfile%\Configuración local\Datos de programa\acag.dll ->  [Ver =  | Size = 16491 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
fakomyly.db -> %UserProfile%\Configuración local\Datos de programa\fakomyly.db ->  [Ver =  | Size = 12309 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
hynoko.inf -> %UserProfile%\Configuración local\Datos de programa\hynoko.inf ->  [Ver =  | Size = 15395 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
ajekekuw.com -> %AllUsersProfile%\Documentos\ajekekuw.com ->  [Ver =  | Size = 12674 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
uzeqyseku.scr -> %AllUsersProfile%\Documentos\uzeqyseku.scr ->  [Ver =  | Size = 17325 bytes | Modified Date = 26/10/2008 13:23:54 | Attr =	]
Acceso directo a FLV.lnk -> %UserProfile%\Mis documentos\Acceso directo a FLV.lnk ->  [Ver =  | Size = 398 bytes | Modified Date = 05/10/2008 19:57:46 | Attr =	]
Hofmann.lnk -> %AllUsersProfile%\Escritorio\Hofmann.lnk ->  [Ver =  | Size = 2495 bytes | Modified Date = 11/10/2008 18:45:40 | Attr =	]
iTunes.lnk -> %AllUsersProfile%\Escritorio\iTunes.lnk ->  [Ver =  | Size = 2165 bytes | Modified Date = 11/10/2008 18:56:08 | Attr =	]
CCleaner.lnk -> %UserProfile%\Escritorio\CCleaner.lnk ->  [Ver =  | Size = 1515 bytes | Modified Date = 26/10/2008 13:47:20 | Attr =	]
Any Video Converter.lnk -> %UserProfile%\Escritorio\Any Video Converter.lnk ->  [Ver =  | Size = 654 bytes | Modified Date = 05/10/2008 18:31:58 | Attr =	]
Universidad Pontificia Comillas.url -> %UserProfile%\Escritorio\Universidad Pontificia Comillas.url ->  [Ver =  | Size = 186 bytes | Modified Date = 05/10/2008 19:49:12 | Attr =	]
BT_presentation.wmv -> %UserProfile%\Escritorio\BT_presentation.wmv ->  [Ver =  | Size = 33434023 bytes | Modified Date = 05/10/2008 19:52:40 | Attr =	]
BT_presentation.flv -> %UserProfile%\Escritorio\BT_presentation.flv ->  [Ver =  | Size = 8094535 bytes | Modified Date = 05/10/2008 19:54:20 | Attr =	]
OTScanIt.exe -> %UserProfile%\Escritorio\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 26/10/2008 16:50:56 | Attr =	]
TOEFL Test 2 (23 pp).pdf -> %UserProfile%\Escritorio\TOEFL Test 2 (23 pp).pdf ->  [Ver =  | Size = 779931 bytes | Modified Date = 11/10/2008 18:05:04 | Attr =	]
TOEFL Test 3 (24 pp).pdf -> %UserProfile%\Escritorio\TOEFL Test 3 (24 pp).pdf ->  [Ver =  | Size = 6267375 bytes | Modified Date = 11/10/2008 20:06:30 | Attr =	]
TOEFL Test 1-Answer key.pdf -> %UserProfile%\Escritorio\TOEFL Test 1-Answer key.pdf ->  [Ver =  | Size = 170032 bytes | Modified Date = 11/10/2008 20:46:14 | Attr =	]
AntiSpywareXP2009.lnk -> %UserProfile%\Escritorio\AntiSpywareXP2009.lnk ->  [Ver =  | Size = 1587 bytes | Modified Date = 26/10/2008 13:22:08 | Attr =	]

[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
2 C:\Documents and Settings\All Users\Datos de programa\*.tmp files -> C:\Documents and Settings\All Users\Datos de programa\*.tmp -> 
Datos de programa -> C:\Documents and Settings\All Users\Datos de programa ->  [Folder | Modified Date = 30/01/2004 3:38:12 | Attr = RH ]
{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> C:\Documents and Settings\All Users\Datos de programa\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} ->  [Folder | Modified Date = 04/10/2008 13:29:30 | Attr =	]
Adobe -> C:\Documents and Settings\All Users\Datos de programa\Adobe ->  [Folder | Modified Date = 27/10/2007 18:58:36 | Attr =	]
Apple -> C:\Documents and Settings\All Users\Datos de programa\Apple ->  [Folder | Modified Date = 22/07/2007 23:21:22 | Attr =	]
Apple Computer -> C:\Documents and Settings\All Users\Datos de programa\Apple Computer ->  [Folder | Modified Date = 10/07/2005 12:49:58 | Attr =	]
CyberLink -> C:\Documents and Settings\All Users\Datos de programa\CyberLink ->  [Folder | Modified Date = 30/01/2004 3:53:22 | Attr =	]
Google -> C:\Documents and Settings\All Users\Datos de programa\Google ->  [Folder | Modified Date = 04/08/2006 20:35:32 | Attr =	]
Google Updater -> C:\Documents and Settings\All Users\Datos de programa\Google Updater ->  [Folder | Modified Date = 15/07/2007 12:10:22 | Attr =	]
HP -> C:\Documents and Settings\All Users\Datos de programa\HP ->  [Folder | Modified Date = 24/06/2007 19:35:00 | Attr =	]
Logishrd -> C:\Documents and Settings\All Users\Datos de programa\Logishrd ->  [Folder | Modified Date = 27/08/2007 19:58:12 | Attr =	]
Logitech -> C:\Documents and Settings\All Users\Datos de programa\Logitech ->  [Folder | Modified Date = 11/03/2007 12:02:02 | Attr =	]
Macromedia -> C:\Documents and Settings\All Users\Datos de programa\Macromedia ->  [Folder | Modified Date = 01/10/2006 1:04:26 | Attr =	]
Microsoft -> C:\Documents and Settings\All Users\Datos de programa\Microsoft ->  [Folder | Modified Date = 30/01/2004 3:37:56 | Attr =   S]
MSN6 -> C:\Documents and Settings\All Users\Datos de programa\MSN6 ->  [Folder | Modified Date = 26/02/2005 13:50:00 | Attr =	]
Office Genuine Advantage -> C:\Documents and Settings\All Users\Datos de programa\Office Genuine Advantage ->  [Folder | Modified Date = 24/05/2008 13:14:40 | Attr =	]
Pinnacle -> C:\Documents and Settings\All Users\Datos de programa\Pinnacle ->  [Folder | Modified Date = 26/01/2008 23:48:28 | Attr =	]
Pinnacle VideoSpin -> C:\Documents and Settings\All Users\Datos de programa\Pinnacle VideoSpin ->  [Folder | Modified Date = 26/01/2008 23:59:40 | Attr =	]
QuickTime -> C:\Documents and Settings\All Users\Datos de programa\QuickTime ->  [Folder | Modified Date = 10/07/2005 12:50:06 | Attr =	]
Skype -> C:\Documents and Settings\All Users\Datos de programa\Skype ->  [Folder | Modified Date = 05/02/2006 12:43:52 | Attr =	]
Trend Micro -> C:\Documents and Settings\All Users\Datos de programa\Trend Micro ->  [Folder | Modified Date = 02/06/2007 13:07:00 | Attr =	]
Ulead Systems -> C:\Documents and Settings\All Users\Datos de programa\Ulead Systems ->  [Folder | Modified Date = 30/01/2004 3:51:18 | Attr =	]
VideoSpin -> C:\Documents and Settings\All Users\Datos de programa\VideoSpin ->  [Folder | Modified Date = 26/01/2008 23:53:28 | Attr =	]
Windows Genuine Advantage -> C:\Documents and Settings\All Users\Datos de programa\Windows Genuine Advantage ->  [Folder | Modified Date = 04/11/2005 22:02:06 | Attr =	]
Windows Live Toolbar -> C:\Documents and Settings\All Users\Datos de programa\Windows Live Toolbar ->  [Folder | Modified Date = 07/04/2007 19:41:24 | Attr =	]
Datos de programa -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa ->  [Folder | Modified Date = 30/01/2004 3:38:12 | Attr = RH ]
Adobe -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Adobe ->  [Folder | Modified Date = 25/02/2005 22:34:24 | Attr =	]
AdobeUM -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\AdobeUM ->  [Folder | Modified Date = 26/02/2005 13:05:00 | Attr =	]
Any Video Converter -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Any Video Converter ->  [Folder | Modified Date = 05/10/2008 18:31:50 | Attr =	]
Apple Computer -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Apple Computer ->  [Folder | Modified Date = 10/07/2005 12:50:22 | Attr =	]
Carpeta de carga de Share-to-Web -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Carpeta de carga de Share-to-Web ->  [Folder | Modified Date = 22/08/2006 18:15:54 | Attr =	]
DivX -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\DivX ->  [Folder | Modified Date = 09/05/2008 23:44:14 | Attr =	]
FotoPrix -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\FotoPrix ->  [Folder | Modified Date = 31/08/2008 1:47:52 | Attr =	]
GetRightToGo -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\GetRightToGo ->  [Folder | Modified Date = 20/10/2007 11:26:00 | Attr =	]
Google -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Google ->  [Folder | Modified Date = 11/12/2005 13:41:52 | Attr =	]
Help -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Help ->  [Folder | Modified Date = 08/10/2005 16:55:36 | Attr =	]
HP -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\HP ->  [Folder | Modified Date = 24/06/2007 19:37:34 | Attr =	]
Identities -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Identities ->  [Folder | Modified Date = 30/01/2004 3:49:08 | Attr =	]
Image Zone Express -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Image Zone Express ->  [Folder | Modified Date = 16/07/2006 12:47:20 | Attr =	]
InterTrust -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\InterTrust ->  [Folder | Modified Date = 30/01/2004 3:54:40 | Attr =	]
Macromedia -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Macromedia ->  [Folder | Modified Date = 22/02/2005 22:23:48 | Attr =	]
Media Player Classic -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Media Player Classic ->  [Folder | Modified Date = 28/08/2006 20:49:40 | Attr =	]
Microsoft -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Microsoft ->  [Folder | Modified Date = 30/01/2004 3:37:56 | Attr =   S]
Mozilla -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Mozilla ->  [Folder | Modified Date = 05/02/2006 14:16:54 | Attr =	]
MSN6 -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\MSN6 ->  [Folder | Modified Date = 17/06/2006 13:06:34 | Attr =	]
Nvu -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Nvu ->  [Folder | Modified Date = 05/02/2006 14:16:52 | Attr =	]
PLAux -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\PLAux ->  [Folder | Modified Date = 24/11/2007 13:39:44 | Attr =	]
Printer Info Cache -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Printer Info Cache ->  [Folder | Modified Date = 16/07/2006 12:47:22 | Attr =	]
Real -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Real ->  [Folder | Modified Date = 12/03/2005 20:55:58 | Attr =	]
Skype -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Skype ->  [Folder | Modified Date = 05/02/2006 12:43:52 | Attr =	]
SmartFTP -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\SmartFTP ->  [Folder | Modified Date = 02/01/2006 11:04:34 | Attr =	]
Smilebox -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Smilebox ->  [Folder | Modified Date = 13/01/2008 14:19:56 | Attr =	]
Sun -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Sun ->  [Folder | Modified Date = 13/03/2005 14:31:16 | Attr =	]
Ulead Systems -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Ulead Systems ->  [Folder | Modified Date = 21/11/2006 22:49:02 | Attr =	]
vlc -> C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\vlc ->  [Folder | Modified Date = 08/04/2006 17:39:58 | Attr =	]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks ->  [Folder | Modified Date = 30/01/2004 3:43:32 | Attr =   S]
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Modified Date = 24/08/2001 20:00:00 | Attr = RH ]
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 26/10/2008 13:36:12 | Attr =  H ]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 298 bytes | Modified Date = 08/10/2008 11:20:06 | Attr =	]
[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
scan completed successfully
hidden files: 0

< End of report >
Hope you can help me. Apart from having annuled Firefox, the Windows Installer keeps opening and trying to install something (Status - and then it says it cannot find the CD to install it.)
I anxiously await you :thumbsup: r reply.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:27 PM

Posted 26 October 2008 - 11:27 AM

Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> brastk.exe -> %SystemRoot%\system32\brastk.exe
[Registry - Non-Microsoft Only]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> karna.datOS -> %SystemRoot%\karna.dat
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
[Files/Folders - Created Within 30 days]
NY -> brastk.exe -> %SystemRoot%\System32\brastk.exe
NY -> TDSSbeat.dat -> %SystemRoot%\System32\TDSSbeat.dat
NY -> delself.bat -> %SystemRoot%\System32\delself.bat
NY -> xelab.dl -> %SystemRoot%\System32\xelab.dl
NY -> TDSSfpmp.dll -> %SystemRoot%\System32\TDSSfpmp.dll
NY -> TDSSnrse.dll -> %SystemRoot%\System32\TDSSnrse.dll
NY -> wini10801.exe -> %SystemRoot%\System32\wini10801.exe
NY -> eqehuvevom.scr -> %SystemRoot%\System32\eqehuvevom.scr
NY -> kamakuqehy._sy -> %SystemRoot%\System32\kamakuqehy._sy
NY -> brastk.exe -> %SystemRoot%\brastk.exe
NY -> cazuzoqu.dat -> %SystemRoot%\cazuzoqu.dat
NY -> wylexodep._dl -> %SystemRoot%\wylexodep._dl
NY -> aguqumon.exe -> %SystemRoot%\aguqumon.exe
NY -> ulidoguj.dl -> %SystemRoot%\ulidoguj.dl
NY -> idunitusyv.lib -> %SystemRoot%\idunitusyv.lib
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> uxohuci.vbs -> %AllUsersProfile%\Datos de programa\uxohuci.vbs
NY -> wimujyxasy.ban -> %AllUsersProfile%\Datos de programa\wimujyxasy.ban
NY -> dybur.scr -> %AllUsersProfile%\Datos de programa\dybur.scr
NY -> hovepun.db -> %AppData%\hovepun.db
NY -> bizeheb.lib -> %AppData%\bizeheb.lib
NY -> aqikem._sy -> %AppData%\aqikem._sy
NY -> xumerasuwi.com -> %UserProfile%\Configuración local\Datos de programa\xumerasuwi.com
NY -> ojym.dat -> %UserProfile%\Configuración local\Datos de programa\ojym.dat
NY -> acag.dll -> %UserProfile%\Configuración local\Datos de programa\acag.dll
NY -> fakomyly.db -> %UserProfile%\Configuración local\Datos de programa\fakomyly.db
NY -> hynoko.inf -> %UserProfile%\Configuración local\Datos de programa\hynoko.inf
NY -> ajekekuw.com -> %AllUsersProfile%\Documentos\ajekekuw.com
NY -> uzeqyseku.scr -> %AllUsersProfile%\Documentos\uzeqyseku.scr
NY -> AntiSpywareXP2009 -> %ProgramFiles%\AntiSpywareXP2009
[Files/Folders - Modified Within 30 days]
NY -> brastk.exe -> %SystemRoot%\System32\brastk.exe
NY -> TDSSbeat.dat -> %SystemRoot%\System32\TDSSbeat.dat
NY -> delself.bat -> %SystemRoot%\System32\delself.bat
NY -> xelab.dl -> %SystemRoot%\System32\xelab.dl
NY -> TDSSfpmp.dll -> %SystemRoot%\System32\TDSSfpmp.dll
NY -> TDSSnrse.dll -> %SystemRoot%\System32\TDSSnrse.dll
NY -> wini10801.exe -> %SystemRoot%\System32\wini10801.exe
NY -> eqehuvevom.scr -> %SystemRoot%\System32\eqehuvevom.scr
NY -> kamakuqehy._sy -> %SystemRoot%\System32\kamakuqehy._sy
NY -> brastk.exe -> %SystemRoot%\brastk.exe
NY -> bthservsdp.dat -> %SystemRoot%\bthservsdp.dat
NY -> cazuzoqu.dat -> %SystemRoot%\cazuzoqu.dat
NY -> wylexodep._dl -> %SystemRoot%\wylexodep._dl
NY -> aguqumon.exe -> %SystemRoot%\aguqumon.exe
NY -> ulidoguj.dl -> %SystemRoot%\ulidoguj.dl
NY -> idunitusyv.lib -> %SystemRoot%\idunitusyv.lib
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> uxohuci.vbs -> %AllUsersProfile%\Datos de programa\uxohuci.vbs
NY -> wimujyxasy.ban -> %AllUsersProfile%\Datos de programa\wimujyxasy.ban
NY -> dybur.scr -> %AllUsersProfile%\Datos de programa\dybur.scr
NY -> hovepun.db -> %AppData%\hovepun.db
NY -> bizeheb.lib -> %AppData%\bizeheb.lib
NY -> aqikem._sy -> %AppData%\aqikem._sy
NY -> xumerasuwi.com -> %UserProfile%\Configuración local\Datos de programa\xumerasuwi.com
NY -> ojym.dat -> %UserProfile%\Configuración local\Datos de programa\ojym.dat
NY -> acag.dll -> %UserProfile%\Configuración local\Datos de programa\acag.dll
NY -> fakomyly.db -> %UserProfile%\Configuración local\Datos de programa\fakomyly.db
NY -> hynoko.inf -> %UserProfile%\Configuración local\Datos de programa\hynoko.inf
NY -> ajekekuw.com -> %AllUsersProfile%\Documentos\ajekekuw.com
NY -> uzeqyseku.scr -> %AllUsersProfile%\Documentos\uzeqyseku.scr
NY -> AntiSpywareXP2009.lnk -> %UserProfile%\Escritorio\AntiSpywareXP2009.lnk
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.
==================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
===========
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 Brainbabe

Brainbabe
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 26 October 2008 - 11:38 AM

I ran OT Scan and below is the result.
Explorer killed successfully
[Processes - Non-Microsoft Only]
Unable to kill process brastk.exe .
File C:\WINDOWS\system32\brastk.exe not found.
[Registry - Non-Microsoft Only]
Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:karna.datOS .
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\brastk.exe not found!
File C:\WINDOWS\System32\TDSSbeat.dat not found!
File C:\WINDOWS\System32\delself.bat not found!
File C:\WINDOWS\System32\xelab.dl not found!
File C:\WINDOWS\System32\TDSSfpmp.dll not found!
File C:\WINDOWS\System32\TDSSnrse.dll not found!
File C:\WINDOWS\System32\wini10801.exe not found!
File C:\WINDOWS\System32\eqehuvevom.scr not found!
File C:\WINDOWS\System32\kamakuqehy._sy not found!
File C:\WINDOWS\brastk.exe not found!
File C:\WINDOWS\cazuzoqu.dat not found!
File C:\WINDOWS\wylexodep._dl not found!
File C:\WINDOWS\aguqumon.exe not found!
File C:\WINDOWS\ulidoguj.dl not found!
File C:\WINDOWS\idunitusyv.lib not found!
[Files Created - Additional Folder Scans - Non-Microsoft Only]
File C:\Documents and Settings\All Users\Datos de programa\uxohuci.vbs not found!
File C:\Documents and Settings\All Users\Datos de programa\wimujyxasy.ban not found!
File C:\Documents and Settings\All Users\Datos de programa\dybur.scr not found!
File C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\hovepun.db not found!
File C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\bizeheb.lib not found!
File C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\aqikem._sy not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\xumerasuwi.com not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\ojym.dat not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\acag.dll not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\fakomyly.db not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\hynoko.inf not found!
File C:\Documents and Settings\All Users\Documentos\ajekekuw.com not found!
File C:\Documents and Settings\All Users\Documentos\uzeqyseku.scr not found!
File C:\Archivos de programa\AntiSpywareXP2009 not found!
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\brastk.exe not found!
File C:\WINDOWS\System32\TDSSbeat.dat not found!
File C:\WINDOWS\System32\delself.bat not found!
File C:\WINDOWS\System32\xelab.dl not found!
File C:\WINDOWS\System32\TDSSfpmp.dll not found!
File C:\WINDOWS\System32\TDSSnrse.dll not found!
File C:\WINDOWS\System32\wini10801.exe not found!
File C:\WINDOWS\System32\eqehuvevom.scr not found!
File C:\WINDOWS\System32\kamakuqehy._sy not found!
File C:\WINDOWS\brastk.exe not found!
File C:\WINDOWS\bthservsdp.dat not found!
File C:\WINDOWS\cazuzoqu.dat not found!
File C:\WINDOWS\wylexodep._dl not found!
File C:\WINDOWS\aguqumon.exe not found!
File C:\WINDOWS\ulidoguj.dl not found!
File C:\WINDOWS\idunitusyv.lib not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\Documents and Settings\All Users\Datos de programa\uxohuci.vbs not found!
File C:\Documents and Settings\All Users\Datos de programa\wimujyxasy.ban not found!
File C:\Documents and Settings\All Users\Datos de programa\dybur.scr not found!
File C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\hovepun.db not found!
File C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\bizeheb.lib not found!
File C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\aqikem._sy not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\xumerasuwi.com not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\ojym.dat not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\acag.dll not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\fakomyly.db not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\hynoko.inf not found!
File C:\Documents and Settings\All Users\Documentos\ajekekuw.com not found!
File C:\Documents and Settings\All Users\Documentos\uzeqyseku.scr not found!
File C:\Documents and Settings\BUTRAGUEÑO\Escritorio\AntiSpywareXP2009.lnk not found!
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 10262008_173607

Now I am going to download Malwarebytes - I will send a report after it has run its scan.
Thanks!!

#6 Brainbabe

Brainbabe
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 26 October 2008 - 12:05 PM

Here is the log after I ran Malwarebytes Anti-Malware.
Explorer killed successfully
[Processes - Non-Microsoft Only]
Process brastk.exe killed successfully.
C:\WINDOWS\system32\brastk.exe moved successfully.
[Registry - Non-Microsoft Only]
Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:karna.datOS .
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\brastk.exe not found!
C:\WINDOWS\System32\TDSSbeat.dat moved successfully.
C:\WINDOWS\System32\delself.bat moved successfully.
C:\WINDOWS\System32\xelab.dl moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\TDSSfpmp.dll
C:\WINDOWS\System32\TDSSfpmp.dll NOT unregistered.
C:\WINDOWS\System32\TDSSfpmp.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\TDSSnrse.dll
C:\WINDOWS\System32\TDSSnrse.dll NOT unregistered.
C:\WINDOWS\System32\TDSSnrse.dll moved successfully.
C:\WINDOWS\System32\wini10801.exe moved successfully.
C:\WINDOWS\System32\eqehuvevom.scr moved successfully.
C:\WINDOWS\System32\kamakuqehy._sy moved successfully.
C:\WINDOWS\brastk.exe moved successfully.
C:\WINDOWS\cazuzoqu.dat moved successfully.
C:\WINDOWS\wylexodep._dl moved successfully.
C:\WINDOWS\aguqumon.exe moved successfully.
C:\WINDOWS\ulidoguj.dl moved successfully.
C:\WINDOWS\idunitusyv.lib moved successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\All Users\Datos de programa\uxohuci.vbs moved successfully.
C:\Documents and Settings\All Users\Datos de programa\wimujyxasy.ban moved successfully.
C:\Documents and Settings\All Users\Datos de programa\dybur.scr moved successfully.
C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\hovepun.db moved successfully.
C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\bizeheb.lib moved successfully.
C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\aqikem._sy moved successfully.
C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\xumerasuwi.com moved successfully.
C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\ojym.dat moved successfully.
LoadLibrary failed for C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\acag.dll
C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\acag.dll NOT unregistered.
C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\acag.dll moved successfully.
C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\fakomyly.db moved successfully.
C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\hynoko.inf moved successfully.
C:\Documents and Settings\All Users\Documentos\ajekekuw.com moved successfully.
C:\Documents and Settings\All Users\Documentos\uzeqyseku.scr moved successfully.
C:\Archivos de programa\AntiSpywareXP2009 folder moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\brastk.exe not found!
File C:\WINDOWS\System32\TDSSbeat.dat not found!
File C:\WINDOWS\System32\delself.bat not found!
File C:\WINDOWS\System32\xelab.dl not found!
File C:\WINDOWS\System32\TDSSfpmp.dll not found!
File C:\WINDOWS\System32\TDSSnrse.dll not found!
File C:\WINDOWS\System32\wini10801.exe not found!
File C:\WINDOWS\System32\eqehuvevom.scr not found!
File C:\WINDOWS\System32\kamakuqehy._sy not found!
File C:\WINDOWS\brastk.exe not found!
C:\WINDOWS\bthservsdp.dat moved successfully.
File C:\WINDOWS\cazuzoqu.dat not found!
File C:\WINDOWS\wylexodep._dl not found!
File C:\WINDOWS\aguqumon.exe not found!
File C:\WINDOWS\ulidoguj.dl not found!
File C:\WINDOWS\idunitusyv.lib not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\Documents and Settings\All Users\Datos de programa\uxohuci.vbs not found!
File C:\Documents and Settings\All Users\Datos de programa\wimujyxasy.ban not found!
File C:\Documents and Settings\All Users\Datos de programa\dybur.scr not found!
File C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\hovepun.db not found!
File C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\bizeheb.lib not found!
File C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\aqikem._sy not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\xumerasuwi.com not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\ojym.dat not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\acag.dll not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\fakomyly.db not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Datos de programa\hynoko.inf not found!
File C:\Documents and Settings\All Users\Documentos\ajekekuw.com not found!
File C:\Documents and Settings\All Users\Documentos\uzeqyseku.scr not found!
C:\Documents and Settings\BUTRAGUEÑO\Escritorio\AntiSpywareXP2009.lnk moved successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp\Perflib_Perfdata_1278.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp\~DF2586.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp\~DF23DC.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 10262008_173201

Files moved on Reboot...
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp\Perflib_Perfdata_1278.dat not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp\~DF2586.tmp not found!
File C:\Documents and Settings\BUTRAGUEÑO\Configuración local\Temp\~DF23DC.tmp not found!


I am sitll having trouble with Windows Installer which pops up every five seconds trying to install something which I don't seem to have (e.g. status.msi). In addition, some of my icon images have gone missing on some of my desktop applications such as FIREFOX, DIVXPLAYER, DIVXCONVERTER AND PICASA3 among others.
I am now going to run RSIT.exe, which is all that is remaining to bew done and will post the results of that.
BB

#7 Brainbabe

Brainbabe
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 26 October 2008 - 12:10 PM

Here is LOG.TXT after running RSIT.
Logfile of random's system information tool 1.04 (written by random/random)
Run by BUTRAGUEÑO at 2008-10-26 18:06:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (41%) free of 55 GB
Total RAM: 511 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:39, on 26/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Belkin\Software Bluetooth\bin\btwdins.exe
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Aspire\WFTVFM\WFWIZ.exe
C:\ACER\MPS.EXE
C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\Archivos de programa\Archivos comunes\LogiShrd\LComMgr\Communications_Helper.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Smilebox\SmileboxTray.exe
C:\Archivos de programa\Belkin\Software Bluetooth\BTTray.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Archivos de programa\Archivos comunes\LogiShrd\LVCOMSER\LVComSer.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\BUTRAGUEÑO\Escritorio\VIRUS FIGHTERS\RSIT.exe
C:\Archivos de programa\trend micro\BUTRAGUEÑO.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Archivos de programa\Freecorder\tbFre1.dll (file missing)
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Archivos de programa\Freecorder\tbFre1.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Aspire Schedule] C:\Program Files\Aspire\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [KnobMonitor] C:\acer\KnobMonitor.exe
O4 - HKLM\..\Run: [MPS] C:\ACER\MPS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Archivos de programa\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Archivos de programa\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Archivos de programa\Archivos comunes\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Archivos de programa\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Archivos de programa\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Smilebox\SmileboxTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\Belkin\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Reference 2001\EROProj.dll (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Belkin\Software Bluetooth\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Belkin\Software Bluetooth\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/e/37.09/Hb...o/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://andy-gonuts90.spaces.msn.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://andy-gonuts90.spaces.live.com/Photo...ad/MsnPUpld.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5FF141F-97BF-4B91-9DFC-7FE6E5E6EAFC}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Archivos de programa\Ares\chatServer.exe (file missing)
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Archivos de programa\Belkin\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Knob Service (KNOBSERV) - Acer Inc. - c:\acer\KnobService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Archivos de programa\Archivos comunes\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Archivos de programa\Archivos comunes\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Unknown owner - C:\Archivos de programa\Archivos comunes\LogiShrd\SrvLnch\SrvLnch.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Archivos de programa\Fotoprix\FotoLibro\NMSAccessU.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\ARCHIV~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Protección frente a spyware de Trend Micro (PcScnSrv) - Trend Micro Inc. - C:\ARCHIV~1\TRENDM~1\INTERN~3\PcScnSrv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\ARCHIV~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\ARCHIV~1\TRENDM~1\INTERN~3\tmproxy.exe
O23 - Service: Servicio Lector del diario USN de Carpetas para compartir de Messenger (usnjsvc) - Unknown owner - C:\Archivos de programa\MSN Messenger\usnsvc.exe (file missing)

--
End of file - 13113 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\archivos de programa\google\googletoolbar1.dll [2007-07-15 2427968]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} - Freecorder Toolbar - C:\Archivos de programa\Freecorder\tbFre1.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-03-27 53248]
"Aspire Schedule"=C:\Program Files\Aspire\WFTVFM\WFWIZ.exe [2003-09-09 135168]
"KnobMonitor"=C:\acer\KnobMonitor.exe [2003-09-24 270336]
"MPS"=C:\ACER\MPS.EXE [2003-08-14 360448]
"SunJavaUpdateSched"=C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-22 188416]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-14 110592]
"HP Component Manager"=C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe []
"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2002-11-22 348160]
"HPHUPD04"=C:\Archivos de programa\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe []
"LogitechVideo[inspector]"=C:\Archivos de programa\Logitech\Video\InstallHelper.exe /inspect []
"HP Software Update"=C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"LogitechCommunicationsManager"=C:\Archivos de programa\Archivos comunes\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984]
"LogitechQuickCamRibbon"=C:\Archivos de programa\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792]
"Adobe Reader Speed Launcher"=C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe []
"TkBellExe"=C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe [2008-03-08 185896]
"pccguide.exe"=C:\Archivos de programa\Trend Micro\Internet Security 2007\pccguide.exe [2007-03-08 3434000]
"Google Desktop Search"=C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-07 29744]
"QuickTime Task"=C:\Archivos de programa\QuickTime\QTTask.exe -atboottime []
"AppleSyncNotifier"=C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe []
"iTunesHelper"=C:\Archivos de programa\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"NvMediaCenter"=C:\WINDOWS\System32\NVMCTRAY.DLL [2003-10-06 49152]
"MSMSGS"=C:\Archivos de programa\Messenger\msmsgs.exe [2008-04-14 1695232]
"LDM"=C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 67128]
"swg"=C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-15 68856]
"SmileboxTray"=C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Smilebox\SmileboxTray.exe [2008-07-30 205448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
C:\WINDOWS\mHotkey.exe [2003-06-17 505344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
C:\WINDOWS\CNYHKey.exe [2003-05-27 5753344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mHotmon]
C:\WINDOWS\mHotMon.exe [2003-06-17 243200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Smilebox\SmileboxTray.exe [2008-07-30 205448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSER]
C:\WINDOWS\sser.exe [2003-06-09 36864]

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
Microsoft Office.lnk - C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
BTTray.lnk - C:\Archivos de programa\Belkin\Software Bluetooth\BTTray.exe
Logitech Desktop Messenger.lnk - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
HP Digital Imaging Monitor.lnk - C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Archivos de programa\Messenger\MSMSGS.EXE"="C:\Archivos de programa\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Archivos de programa\eMule\emule.exe"="C:\Archivos de programa\eMule\emule.exe:*:Enabled:eMule"
"C:\WINDOWS\System32\mshta.exe"="C:\WINDOWS\System32\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\Archivos de programa\HP\HP Software Update\HPWUCli.exe"="C:\Archivos de programa\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\Archivos de programa\SmartFTP\SmartFTP.exe"="C:\Archivos de programa\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\Archivos de programa\Java\jre1.5.0_06\BIN\javaw.exe"="C:\Archivos de programa\Java\jre1.5.0_06\BIN\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\WINDOWS\System32\javaw.exe"="C:\WINDOWS\System32\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Archivos de programa\Ares\Ares.exe"="C:\Archivos de programa\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Archivos de programa\MSN Messenger\msnmsgr.exe"="C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Archivos de programa\MSN Messenger\livecall.exe"="C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqste08.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hposfx08.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hposid01.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpoews01.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Archivos de programa\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Archivos de programa\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Archivos de programa\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe"="C:\Archivos de programa\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Archivos de programa\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Archivos de programa\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Archivos de programa\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Archivos de programa\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Archivos de programa\Veoh Networks\Veoh\VeohClient.exe"="C:\Archivos de programa\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Archivos de programa\Internet Explorer\iexplore.exe"="C:\Archivos de programa\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Archivos de programa\Skype\Phone\Skype.exe"="C:\Archivos de programa\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Archivos de programa\Bonjour\mDNSResponder.exe"="C:\Archivos de programa\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Archivos de programa\iTunes\iTunes.exe"="C:\Archivos de programa\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Archivos de programa\MSN Messenger\msnmsgr.exe"="C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Archivos de programa\MSN Messenger\livecall.exe"="C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f57f0df-9a7d-11dc-946e-00016c2806a2}]
shell\AutoRun\command - K:\USBNB.exe


======List of files/folders created in the last 1 months======

2008-10-26 18:06:24 ----D---- C:\rsit
2008-10-26 17:40:08 ----D---- C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Malwarebytes
2008-10-26 17:40:01 ----D---- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-10-26 17:40:01 ----D---- C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-10-26 17:32:01 ----D---- C:\_OTScanIt
2008-10-26 14:24:46 ----D---- C:\Archivos de programa\Archivos comunes\Designer
2008-10-26 14:22:30 ----D---- C:\Archivos de programa\Archivos comunes\ODBC
2008-10-24 21:39:31 ----D---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-16 00:53:04 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 00:52:58 ----HD---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 00:52:52 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 00:52:45 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 00:52:12 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 00:49:48 ----HD---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-05 18:31:49 ----D---- C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Any Video Converter
2008-10-04 13:29:28 ----D---- C:\Documents and Settings\All Users\Datos de programa\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 13:29:28 ----D---- C:\Archivos de programa\iTunes
2008-10-04 13:27:47 ----D---- C:\Archivos de programa\Bonjour
2008-10-04 13:25:52 ----D---- C:\Archivos de programa\QuickTime

======List of files/folders modified in the last 1 months======

2008-10-26 17:54:22 ----A---- C:\WINDOWS\ModemLog_Módem Bluetooth.txt
2008-10-26 17:54:16 ----A---- C:\WINDOWS\ModemLog_Conexant HSF V92 56K PCI Modem.txt
2008-10-26 17:52:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-07 21:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Controlador de procesador Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Controlador HID de teclado; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2007-03-08 75088]
R2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2002-09-17 81356]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\C4C_FALL.sys [2002-07-08 303171]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\C4C_FSKS.sys [2002-07-08 124703]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\C4C_K56K.sys [2002-07-08 428578]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-09-17 17744]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\C4C_FAXX.sys [2002-07-08 212494]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-07-18 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-07-18 205328]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\C4C_TONE.sys [2002-07-08 59664]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2002-09-17 39182]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2002-09-17 9804]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\C4C_V124.sys [2002-07-08 542223]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-07-18 1195448]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-04-01 719052]
R3 Arp1394;Protocolo de cliente ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 btaudio;Dispositivo de audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2004-10-01 17024]
R3 BTDriver;Controlador de comunicaciones virtual Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2004-10-01 30299]
R3 C4C_BSC2;C4C_BSC2; C:\WINDOWS\System32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Controlador de clases HID de Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
R3 mouhid;Controlador HID de mouse; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-24 12416]
R3 NIC1394;Controlador de red 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2004-01-30 6912]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\C4C_SAMP.sys [2002-07-08 62422]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-24 5888]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 usbccgp;Controlador primario genérico USB de Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Controlador minipuerto de la controladora mejorada USB 2.0 de Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Controlador de concentrador estándar USB de Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Clase de impresora USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Controlador de escáner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Controlador minipuerto de la controladora de host universal USB de Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-07-08 591520]
S3 Bridge;Puente MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Puente minipuerto MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BthEnum;Servicio de enumerador de Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Controlador de puertos Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272512]
S3 BTHUSB;Controlador USB de ondas de radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Servidor de acceso a LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2004-10-01 147896]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-10-01 54488]
S3 CCDECODE;Descodificador de título cerrado; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2002-11-22 50896]
S3 Dot4;Controlador MS IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2002-11-22 16112]
S3 Dot4Print;Controlador de clase de impresión para IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Controlador de clase de digitalización para IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2002-11-22 50276]
S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2002-11-22 18928]
S3 dot4usb;Filtro Dot4USB Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-22 24064]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560]
S3 Lvckap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
S3 lvmvdrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232]
S3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
S3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360]
S3 MSTEE;Convertidor Tee/Sink-to-Sink de transferencia de Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Códec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Conexión de TV/Vídeo de Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 QV2KUX;Cámara Digital de Casio; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 RFCOMM;Dispositivo Bluetooth (TDI protocolo RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;Receptor BDA IP; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-01-15 30464]
S3 usbaudio;Controlador de audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbstor;Dispositivo de almacenamiento masivo de datos USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Códec de teletexto estándar mundial; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Entorno de compatibilidad con proveedores de servicios no IFS de Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-24 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Servicio Bonjour; C:\Archivos de programa\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Archivos de programa\Belkin\Software Bluetooth\bin\btwdins.exe [2004-10-01 163840]
R2 gusvc;Google Updater Service; C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-06 168432]
R2 LVCOMSer;LVCOMSer; C:\Archivos de programa\Archivos comunes\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
R2 LVPrcSrv;Process Monitor; C:\Archivos de programa\Archivos comunes\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
R2 WMPNetworkSvc;Servicio de uso compartido de red del Reproductor de Windows Media; C:\Archivos de programa\Windows Media Player\WMPNetwk.exe [2006-11-03 916480]
R3 iPod Service;Servicio del iPod; C:\Archivos de programa\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 KNOBSERV;Knob Service; c:\acer\KnobService.exe [2003-09-23 275968]
S2 LVSrvLauncher;LVSrvLauncher; C:\Archivos de programa\Archivos comunes\LogiShrd\SrvLnch\SrvLnch.exe []
S2 PcCtlCom;Trend Micro Central Control Component; C:\ARCHIV~1\TRENDM~1\INTERN~3\PcCtlCom.exe [2007-03-20 1930768]
S2 Tmntsrv;Trend Micro Real-time Service; C:\ARCHIV~1\TRENDM~1\INTERN~3\Tmntsrv.exe [2007-03-08 480784]
S2 tmproxy;Trend Micro Proxy Service; C:\ARCHIV~1\TRENDM~1\INTERN~3\tmproxy.exe [2007-03-08 566872]
S3 AresChatServer;Ares Chatroom server; C:\Archivos de programa\Ares\chatServer.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-07 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S3 NMSAccessU;NMSAccessU; C:\Archivos de programa\Fotoprix\FotoLibro\NMSAccessU.exe []
S3 PcScnSrv;Protección frente a spyware de Trend Micro; C:\ARCHIV~1\TRENDM~1\INTERN~3\PcScnSrv.exe [2007-03-08 214544]
S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2002-11-22 77824]
S3 usnjsvc;Servicio Lector del diario USN de Carpetas para compartir de Messenger; C:\Archivos de programa\MSN Messenger\usnsvc.exe []
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------




Here is the INFO.TXT fro RSIT. exe.
info.txt logfile of random's system information tool 1.04 2008-10-26 18:06:41

======Uninstall list======

-->C:\Archivos de programa\Archivos comunes\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Archivos de programa\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actualización de seguridad para el Codificador de Windows Media (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Actualización de seguridad para el Reproductor de Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Actualización de seguridad para el Reproductor de Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Actualización de seguridad para el Reproductor de Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Actualización de seguridad para el Reproductor de Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Actualización para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Actualización para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Español-->MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Archivos de programa\Archivos comunes\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Archivos de programa\Archivos comunes\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AMP Font Viewer-->"C:\Archivos de programa\AMP Font Viewer\uninstall.exe"
Any Video Converter 2.6.3-->"C:\Archivos de programa\Any Video Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ares 2.0.2-->"C:\Archivos de programa\Ares\uninstall.exe"
Aspire TV/FM(Application)-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{E15C742E-7A1D-4852-B66A-775375A97AAB}\setup.exe"
Aspire USB Keyboard Driver-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\setup.exe" -l0xa
Audacity 1.2.4-->"C:\Archivos de programa\Audacity\unins000.exe"
Belkin Bluetooth Software-->MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
Boeder Etiketten für Word 1.0-->"C:\Archivos de programa\Boeder Etiketten für Word\SETUP\setup.exe" /u
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Archivos de programa\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Controlador de Logitech® Camera-->"C:\Archivos de programa\Archivos comunes\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
CutePDF Writer 2.5-->C:\WINDOWS\system32\uninscpw.exe C:\Archivos de programa\
DivX Codec-->C:\Archivos de programa\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Archivos de programa\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Archivos de programa\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Archivos de programa\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FotoPrix FotoLibro 3.0.0.21-->MsiExec.exe /X{737F485E-0A43-40E2-8158-E1C307071A2D}
Freecorder Toolbar 3.01 Application-->"C:\WINDOWS\Freecorder Toolbar\uninstall.exe" "/U:C:\Archivos de programa\Freecorder Toolbar\Uninstall\uninstall.xml"
Freecorder Toolbar-->C:\ARCHIV~1\FREECO~2\UNWISE.EXE C:\ARCHIV~1\FREECO~2\INSTALL.LOG
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
getPlus®_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Desktop-->C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\archivos de programa\google\googletoolbar1.dll"
Google Updater-->"C:\Archivos de programa\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTK+ 2.8.18-1 runtime environment-->"C:\Archivos de programa\Archivos comunes\GTK\2.0\unins000.exe"
HijackThis 2.0.2-->"C:\Archivos de programa\trend micro\HijackThis.exe" /uninstall
Hofmann 5.9-->MsiExec.exe /X{7EA1FBD4-A4BB-49A4-B3A7-6366624DF870}
Hot Potatoes v 6.2.0.9-->"C:\Archivos de programa\HotPotatoes6\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Archivos de programa\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 3.5-->C:\Archivos de programa\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 7.0-->C:\Archivos de programa\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Archivos de programa\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP PSC & OfficeJet 3.5-->"C:\Archivos de programa\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Solution Center 7.0-->C:\Archivos de programa\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
iPod for Windows 2005-10-12-->C:\Archivos de programa\Archivos comunes\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1034
iPod for Windows 2005-11-17-->C:\Archivos de programa\Archivos comunes\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1034
iPod for Windows 2006-06-28-->C:\Archivos de programa\Archivos comunes\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1034
iPod Updater 2004-07-15-->C:\Archivos de programa\Archivos comunes\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5AD92ED9-5C88-46B1-AA65-E46A459E7C60} /l1034
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_07-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142070}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JClic (offline)-->C:\Archivos de programa\JClic\uninstall.exe
L&H TTS3000 Español-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSSPE.inf, Uninstall
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Desktop Messenger-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0xa UNINSTALL
Logitech QuickCam-->MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Malwarebytes' Anti-Malware-->"C:\Archivos de programa\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 Spanish Language Pack-->MsiExec.exe /X{83169D43-4660-4347-BC95-E9D6E6BE65CE}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional con FrontPage-->MsiExec.exe /I{90280C0A-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Mozilla Firefox (2.0)-->C:\Archivos de programa\Mozilla Firefox\uninstall\uninst.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
NTI CD & DVD-Maker 6.5 Gold -->C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1034 AnyText
OCR Software by I.R.I.S 7.0-->C:\Archivos de programa\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OGA Notifier 1.7.0105.0-->MsiExec.exe /I{07C8EF29-6930-47EA-B905-34FE11B9FB38}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Panda NanoScan-->C:\Archivos de programa\Panda Security\NanoScan\nanounst.exe
Parapal suite-->C:\Archivos de programa\Parapal suite\uninstall.exe
Photosmart 130,230,7150,7345,7350,7550 (sólo quitar)-->C:\Archivos de programa\HP Photosmart 11\Printer\hphuni04.exe
Picasa 3-->"C:\Archivos de programa\Google\Picasa3\Uninstall.exe"
Pinnacle VideoSpin-->MsiExec.exe /X{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}
PowerDVD-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
QuizFaber v2.10-->C:\Archivos de programa\QuizFaber v2.10\uninstall.exe
RealPlayer-->C:\Archivos de programa\Archivos comunes\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Reproductor de Windows Media 11-->"C:\Archivos de programa\Windows Media Player\Setup_wm.exe" /Uninstall
Revisión para el Reproductor de Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Revisión para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave-->C:\WINDOWS\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~2\INSTALL.LOG
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Suite de Consulta Microsoft Encarta 2001-->MsiExec.exe /I{04010801-5D65-445A-B3B4-3DCE72BA0C6C}
The GIMP 2.2.13-->"C:\Archivos de programa\GIMP-2.0\unins000.exe"
Trend Micro PC-cillin Internet Security 2007-->C:\ARCHIV~1\TRENDM~1\INTERN~3\remove.exe
Trend Micro PC-cillin Internet Security 2007-->MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Ulead Disc-Direct SDK-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{8D2C1E44-7685-4D05-8342-B0DC6422FA47}\Setup.exe" -l0x9
Ulead DVD MovieFactory 2 SE-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{88F93347-0F9B-4FED-BA71-6C2A4CDFE61D}\setup.exe" -l0xa
VideoLAN VLC media player 0.8.4a-->C:\Archivos de programa\VideoLAN\VLC\uninstall.exe
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live Messenger-->MsiExec.exe /I{1692CC0E-8798-493A-9580-23555E21C14B}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Archivos de programa\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WordReferenceEnEs-->regsvr32 /u /s "C:\Archivos de programa\WordReferenceEnEs\tbu34\wordreferenceEnEs.dll"
XP Codec Pack-->C:\Archivos de programa\XP Codec Pack\Uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\ARCHIV~1\YAHOO!\Common\YINSTH~1.DLL

======Security center information======

AV: Trend Micro Internet Security (disabled) (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Archivos de programa\Archivos comunes\Ulead Systems\MPEG;C:\Archivos de programa\Archivos comunes\GTK\2.0\bin;C:\Archivos de programa\Pinnacle\Shared Files\;C:\Archivos de programa\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"VERSION"=3.0.5.001
"SESSIONID"=1130435570146htx60601e95d95:107725bb6fc:-4279
"COLLECTIONID"=COL8143
"ITEMID"=dj-22741-15
"UPDATEDIR"=C:\DOCUME~1\BUTRAG~1\CONFIG~1\Temp\rad59ADD.tmp
"TOOLPATH"=/C:\Archivos%20de%20programa\HP\HP%20Software%20Update\install.htm
"HMSERVER"=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.22.20030804
"OSVER"=winXPH
"LANG"=1034
"TIMEOUT"=0
"CLASSPATH"=.;C:\Archivos de programa\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Archivos de programa\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:27 PM

Posted 26 October 2008 - 12:15 PM

Hi can you post the MalwareBytes log please you posted the otscait results instead of it .

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 Brainbabe

Brainbabe
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 26 October 2008 - 01:07 PM

Sorry about that! Here is the malware log (I hope) :thumbsup:
Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 5.1.2600 Service Pack 3

26/10/2008 17:50:03
mbam-log-2008-10-26 (17-50-03).txt

Scan type: Quick Scan
Objects scanned: 77702
Time elapsed: 8 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xbtb09580.ietoolbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb09580.ietoolbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb09580.xbtb09580 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb09580.xbtb09580.3 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Trojan.HumourCanine) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0079604 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSkfkl.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSpqxt.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSoiqh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSScbqp.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSsihl.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSScbqp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSciou.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnmxh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSsbhc.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSrfdc.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:27 PM

Posted 26 October 2008 - 01:13 PM

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 Brainbabe

Brainbabe
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 26 October 2008 - 02:16 PM

I ran ComboFix (bit had to stop the Kapersky Scan as no programs could be running at the same time). It produced the following log:
ComboFix 08-10-25.01 - BUTRAGUEÑO 2008-10-26 19:45:30.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.284 [GMT 1:00]
Se ejecuta desde: C:\Documents and Settings\BUTRAGUEÑO\Escritorio\VIRUS FIGHTERS\ComboFix.exe
* Creado un nuevo punto de restauración

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\BUTRAGUEÑO\Cookies\ixarage.sys
C:\Documents and Settings\BUTRAGUEÑO\Cookies\obig.bin
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\xcrashdump.dat

.
(((((((((((((((((( Archivos creados desde 2008-09-26 - 2008-10-26 )))))))))))))))))))))))))))))))))
.

2008-10-26 19:12 . 2008-10-26 19:12 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-26 18:35 . 2008-07-18 18:51 1,195,448 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2008-10-26 18:35 . 2007-03-08 00:29 288,848 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2008-10-26 18:35 . 2008-07-18 19:08 205,328 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-10-26 18:35 . 2007-03-08 00:29 111,888 --a------ C:\WINDOWS\system32\drivers\tm_mbd_c.sys
2008-10-26 18:35 . 2007-03-08 00:29 75,088 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2008-10-26 18:35 . 2008-07-18 19:08 36,368 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-10-26 18:06 . 2008-10-26 18:06 <DIR> d-------- C:\rsit
2008-10-26 17:52 . 2008-10-26 20:01 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-10-26 17:40 . 2008-10-26 17:40 <DIR> d-------- C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Malwarebytes
2008-10-26 17:40 . 2008-10-26 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-10-26 17:40 . 2008-10-26 17:40 <DIR> d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-10-26 17:40 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-26 17:40 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-26 17:32 . 2008-10-26 17:32 <DIR> d-------- C:\_OTScanIt
2008-10-26 16:57 . 2001-08-24 20:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-10-26 16:57 . 2001-08-24 20:00 4,224 --a------ C:\WINDOWS\system32\dllcache\beep.sys
2008-10-15 17:59 . 2008-08-14 15:23 2,191,616 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 17:59 . 2008-08-14 15:23 2,147,840 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 17:59 . 2008-08-14 15:23 2,068,480 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 17:59 . 2008-08-14 15:23 2,026,496 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 17:59 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 17:59 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-05 18:31 . 2008-10-05 18:31 <DIR> d-------- C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Any Video Converter
2008-10-04 13:29 . 2008-10-04 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 13:29 . 2008-10-04 13:29 <DIR> d-------- C:\Archivos de programa\iTunes
2008-10-04 13:25 . 2008-10-04 13:25 <DIR> d-------- C:\Archivos de programa\QuickTime

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 20:06 114,472 ----a-w C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\GDIPFONTCACHEV1.DAT
2008-09-18 17:44 2,302,017 ----a-w C:\WINDOWS\system32\GPhotos.scr
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-08 00:01 --------- d-----w C:\Documents and Settings\ANDREA\Datos de programa\DivX
2008-09-07 23:11 114,472 ----a-w C:\Documents and Settings\ANDREA\Datos de programa\GDIPFONTCACHEV1.DAT
2008-08-31 19:51 --------- d-----w C:\Archivos de programa\CCleaner
2008-08-31 00:47 --------- d-----w C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\FotoPrix
2008-08-30 10:04 10,752 ----a-w C:\WINDOWS\DCEBoot.exe
2008-08-20 06:09 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-20 06:09 668,672 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-20 06:09 619,520 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-20 06:09 3,088,896 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-20 06:09 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-08-14 14:23 2,147,840 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 14:23 2,026,496 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-01-28 13:35 110,128 ----a-w C:\Documents and Settings\CRISTOBAL\Datos de programa\GDIPFONTCACHEV1.DAT
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 49152]
"MSMSGS"="C:\Archivos de programa\Messenger\msmsgs.exe" [2008-04-14 1695232]
"LDM"="C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 67128]
"swg"="C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"SmileboxTray"="C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Smilebox\SmileboxTray.exe" [2008-07-30 205448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 5058560]
"Aspire Schedule"="C:\Program Files\Aspire\WFTVFM\WFWIZ.exe" [2003-09-09 135168]
"KnobMonitor"="C:\acer\KnobMonitor.exe" [2003-09-24 270336]
"MPS"="C:\ACER\MPS.EXE" [2003-08-14 360448]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-11-22 348160]
"HP Software Update"="C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"TkBellExe"="C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2008-03-08 185896]
"Google Desktop Search"="C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-07 29744]
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"pccguide.exe"="C:\Archivos de programa\Trend Micro\Internet Security 2007\pccguide.exe" [2007-03-08 3434000]
"SoundMan"="SOUNDMAN.EXE" [2003-03-27 C:\WINDOWS\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 49152]

C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
Microsoft Office.lnk - C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
BTTray.lnk - C:\Archivos de programa\Belkin\Software Bluetooth\BTTray.exe [2004-10-01 565309]
Logitech Desktop Messenger.lnk - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 67128]
HP Digital Imaging Monitor.lnk - C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.dvacm"= C:\ARCHIV~1\ARCHIV~1\ULEADS~1\Vio\Dvacm.acm
"vidc.mjpg"= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
--a------ 2008-07-30 20:53 205448 C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Smilebox\SmileboxTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2003-06-17 21:21 505344 C:\WINDOWS\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
--a------ 2003-05-27 15:10 5753344 C:\WINDOWS\CNYHKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mHotmon]
--a------ 2003-06-17 21:49 243200 C:\WINDOWS\mHotMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-10-06 14:16 741376 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSER]
--a------ 2003-06-09 16:37 36864 C:\WINDOWS\SSer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Archivos de programa\\Messenger\\MSMSGS.EXE"=
"C:\\WINDOWS\\System32\\mshta.exe"=
"C:\\WINDOWS\\System32\\javaw.exe"=
"C:\\Archivos de programa\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2002-09-17 81356]
R2 JavaQuickStarterService;Java Quick Starter;C:\Archivos de programa\Java\jre6\bin\jqs.exe [2008-10-26 152984]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2002-09-17 39182]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2002-09-17 9804]
R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-07 29744]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16768]
S3 NMSAccessU;NMSAccessU;C:\Archivos de programa\Fotoprix\FotoLibro\NMSAccessU.exe [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f57f0df-9a7d-11dc-946e-00016c2806a2}]
\Shell\AutoRun\command - K:\USBNB.exe
.
Contenido de carpeta 'Tareas Programadas'

2008-10-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe []
.
- - - - HUÉRFANOS ELIMINADOS - - - -

URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Archivos de programa\Freecorder\tbFre1.dll
Toolbar-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Archivos de programa\Freecorder\tbFre1.dll
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Archivos de programa\Freecorder\tbFre1.dll
HKLM-Run-HP Component Manager - C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
HKLM-Run-HPHUPD04 - C:\Archivos de programa\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
HKLM-Run-LogitechVideo[inspector] - C:\Archivos de programa\Logitech\Video\InstallHelper.exe
HKLM-Run-Adobe Reader Speed Launcher - C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe
HKLM-Run-QuickTime Task - C:\Archivos de programa\QuickTime\QTTask.exe
HKLM-Run-AppleSyncNotifier - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
HKU-Default-Run-msnmsgr - C:\Archivos de programa\MSN Messenger\msnmsgr.exe
HKU-Default-Run-Picasa Media Detector - C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
Notify-WgaLogon - (no file)


.
------- Análisis Suplementario -------
.
FireFox -: Profile - C:\Documents and Settings\BUTRAGUEÑO\Datos de programa\Mozilla\Firefox\Profiles\giu81eqj.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
.
------- File Associations -------
.
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 20:04:32
Windows 5.1.2600 Service Pack 3 FAT NTAPI

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\BUTRAG~1\CONFIG~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\BUTRAG~1\CONFIG~1\Temp\catchme.sys"
.
------------------------ Otros procesos en ejecución ------------------------
.
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\ARCHIVOS DE PROGRAMA\BELKIN\SOFTWARE BLUETOOTH\BIN\BTWDINS.EXE
C:\ARCHIVOS DE PROGRAMA\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\INTERNET SECURITY 2007\PCCTLCOM.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\INTERNET SECURITY 2007\TMNTSRV.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\INTERNET SECURITY 2007\TMPFW.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\INTERNET SECURITY 2007\TMPROXY.EXE
C:\ARCHIVOS DE PROGRAMA\WINDOWS MEDIA PLAYER\WMPNETWK.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\INTERNET SECURITY 2007\PCSCNSRV.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\system32\HPHipm11.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Tiempo completado: 2008-10-26 20:11:20 - Reiniciando la máquina
ComboFix-quarantined-files.txt 2008-10-26 19:11:10

Pre-Run: 23.762.239.488 bytes libres
Post-Run: 26,295,795,712 bytes libres

219 --- E O F --- 2008-10-15 22:53:23

#12 Brainbabe

Brainbabe
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 26 October 2008 - 02:52 PM

I don't know what's infected my computer apart from AntispywareXP2009, but everytime I reboot it, more and more applications are failing - I see the name of the application, but the image icon has gone missing and when I click on it to open it, Windows says that it is looking for the EXE (which of course it cannot find). This has happened with the following programs: FIREFOX, AUDACTIY, NY VIDEO CONVERTER, HP SOLUTION CENTER, AMP FONTVIEWER, WINZIP, POWER DVD and REAL PLAYER. I can't see these programs in Program Files either - they have disappeared.

What is going on here?? Help!!! :thumbsup:

Edited by Brainbabe, 26 October 2008 - 02:54 PM.


#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:27 PM

Posted 26 October 2008 - 03:47 PM

You may have a file infector that is infecting these files.

Go ahead with the Kaspersky scan please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 Brainbabe

Brainbabe
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 27 October 2008 - 02:48 AM

The kapersky scan finally finished and here is the report:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, October 27, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, October 26, 2008 19:24:53
Records in database: 1348921
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 138544
Threat name: 8
Infected objects: 15
Suspicious objects: 0
Duration of the scan: 04:18:23


File name / Threat name / Threats count
C:\Documents and Settings\CRISTOBAL\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-46a97413-2731a23e.zip Infected: Trojan-Downloader.Java.OpenConnection.ap 1
C:\Documents and Settings\CRISTOBAL\Datos de programa\Sun\Java\Deployment\cache\6.0\52\5e71d9f4-6a8bd83e Infected: Trojan-Downloader.Java.OpenConnection.ap 1
C:\_OTScanIt\MovedFiles\10262008_173201\C_WINDOWS\system32\wini10801.exe Infected: not-a-virus:FraudTool.Win32.XPAntiSpyware2009.d 1
C:\_OTScanIt\MovedFiles\10262008_173201\C_Archivos de programa\AntiSpywareXP2009\Uninstall.exe Infected: not-a-virus:FraudTool.Win32.XPAntiSpyware2009.d 1
C:\System Volume Information\_restore{D85C7C88-4EA9-4E7D-82D5-031D64A8F22B}\RP1164\A0286034.sys Infected: Backdoor.Win32.UltimateDefender.a 1
C:\System Volume Information\_restore{D85C7C88-4EA9-4E7D-82D5-031D64A8F22B}\RP1164\A0286035.sys Infected: Backdoor.Win32.UltimateDefender.a 1
C:\System Volume Information\_restore{D85C7C88-4EA9-4E7D-82D5-031D64A8F22B}\RP1164\A0286041.dll Infected: Backdoor.Win32.TDSS.asz 1
C:\System Volume Information\_restore{D85C7C88-4EA9-4E7D-82D5-031D64A8F22B}\RP1164\A0286042.dll Infected: Backdoor.Win32.TDSS.atb 1
C:\System Volume Information\_restore{D85C7C88-4EA9-4E7D-82D5-031D64A8F22B}\RP1162\A0277853.exe Infected: Trojan.Win32.FraudPack.gkr 1
C:\System Volume Information\_restore{D85C7C88-4EA9-4E7D-82D5-031D64A8F22B}\RP1162\A0277856.cpl Infected: not-a-virus:FraudTool.Win32.XPSecurityCenter.bf 1
C:\System Volume Information\_restore{D85C7C88-4EA9-4E7D-82D5-031D64A8F22B}\RP1162\A0282325.dll Infected: not-a-virus:AdWare.Win32.Mostofate.j 1
C:\System Volume Information\_restore{D85C7C88-4EA9-4E7D-82D5-031D64A8F22B}\RP1162\A0282329.dll Infected: not-a-virus:AdWare.Win32.Mostofate.j 1
C:\System Volume Information\_restore{D85C7C88-4EA9-4E7D-82D5-031D64A8F22B}\RP1162\A0282333.dll Infected: not-a-virus:AdWare.Win32.Mostofate.j 1
C:\System Volume Information\_restore{D85C7C88-4EA9-4E7D-82D5-031D64A8F22B}\RP1162\A0282337.dll Infected: not-a-virus:AdWare.Win32.Mostofate.j 1
C:\System Volume Information\_restore{D85C7C88-4EA9-4E7D-82D5-031D64A8F22B}\RP1162\A0285703.cpl Infected: not-a-virus:FraudTool.Win32.XPSecurityCenter.bf 1

The selected area was scanned.


The report certainly seems to indicate there are quite a few infected files. It seems that all the applications whose .exe to open them have gone missing are non-Windows files. Would it help at all to restore the system to a previous state??


#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:27 PM

Posted 27 October 2008 - 05:06 AM

Hmmm I am not satisfied with the above results.
I would like to try another scanner to see if it picks up anything:



THere are not that many infected files only 2 that haven't been taken care of and we will in a bit,
but do not restore the system back as you have infected system restore points and you will re-infect yourself if you were to do that.

Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users