Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infections


  • This topic is locked This topic is locked
62 replies to this topic

#1 Elpianista

Elpianista

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 14 February 2009 - 02:57 PM

Hi: So I download the last version... Thankyou for everything.
Sorry, my English is not very good because I'm spanish speaker. A few days ago Nero 7 start an burn error, so I decided to reinstall. But Windows doesn't write some dll's, and don't let me write manually the dll's using regsvr32 command.
Gives me back errors like Access denied, can´t write the key, something like: can´t find the dll...
Anyway my User have the permission for do that. And I don´t want to use a registry tool, I want to understand and learn. Finally Nero 7 complete the installation but how I know if everything is going well?
Thankyou very much, Elpianista.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:39:08 p.m., on 14/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\pctspk.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\ARCHIV~1\AVG\AVG8\avgnsx.exe
C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ftp.df.lth.se/mozilla//firefox/rele...tup%203.0.6.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Archivos de programa\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARCHIV~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARCHIV~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Archivos de programa\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Archivos de programa\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Archivos de programa\PC Tools Firewall Plus\FWService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe

--
End of file - 5504 bytes

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:44 AM

Posted 26 February 2009 - 11:37 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K


BTW - Your use of English here is just fine.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Elpianista

Elpianista
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 27 February 2009 - 05:47 PM

Thanks to you KoanYorel and all the Staff. I understand the effort and dedication.
I remember that the last owner (with this PC and O. System) did many updates of the Operating System having a copy, not an original version.
Well, I followed the instructions (including how to disable the Antivirus) and had two results:
First:


DDS (Ver_09-02-01.01) - NTFSx86
Run by GONZALETE ETE TETE at 18:44:19,64 on 27/02/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.54.3082.18.223.105 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: PC Tools Firewall Plus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\pctspk.exe
C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\ARCHIV~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\GONZALETE ETE TETE\Escritorio\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.ar/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://microsoft.windowslive.com/Key=24322.tTMP.D.Gf.LDlf6J
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: ShoppingReport: {100eb1fd-d03e-47fd-81f3-ee91287f9465} - c:\archivos de programa\shoppingreport\bin\2.5.0\ShoppingReport.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\archivos de programa\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\archiv~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.0.926.3450\swg.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\archiv~1\avg\avg8\AVGTOO~1.DLL
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\archivos de programa\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\archivos de programa\windows live\messenger\msnmsgr.exe" /background
uRun: [ares] "c:\archivos de programa\ares\Ares.exe" -h
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\archivos de programa\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office11\REFIEBAR.DLL
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\archivos de programa\shoppingreport\bin\2.5.0\ShoppingReport.dll
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\archivos de programa\shoppingreport\bin\2.5.0\ShoppingReport.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\archivos de programa\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gonzal~1\datosd~1\mozilla\firefox\profiles\cx4g86y3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1896539&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ar/
FF - component: c:\archivos de programa\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\archivos de programa\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\documents and settings\gonzalete ete tete\datos de programa\mozilla\firefox\profiles\cx4g86y3.default\extensions\{ca4d3df2-64ad-4af4-aebe-e7bbe7163ace}\components\FFAlert.dll
FF - plugin: c:\archivos de programa\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-8 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-8 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-8 107272]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-9-2 160792]
R2 avg8wd;AVG Free8 WatchDog;c:\archiv~1\avg\avg8\avgwdsvc.exe [2009-2-13 298264]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\archivos de programa\pc tools firewall plus\FWService.exe [2008-9-2 126200]
R3 FWAuth;FWAuth Driver;c:\windows\system32\drivers\FWAuthdriver.sys [2008-9-2 58136]
R3 Ptserlv;PCTEL Serial Device Driver for VIA;c:\windows\system32\drivers\ptserlv.sys [2008-9-9 130942]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2006-11-7 58288]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2006-12-6 83344]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-02-18 23:02 268 a---h--- C:\sqmdata05.sqm
2009-02-18 23:02 244 a---h--- C:\sqmnoopt05.sqm
2009-02-17 17:43 116 a------- c:\windows\NeroDigital.ini
2009-02-17 02:11 268 a---h--- C:\sqmdata04.sqm
2009-02-17 02:11 244 a---h--- C:\sqmnoopt04.sqm
2009-02-16 09:55 268 a---h--- C:\sqmdata03.sqm
2009-02-16 09:55 244 a---h--- C:\sqmnoopt03.sqm
2009-02-16 04:00 268 a---h--- C:\sqmdata02.sqm
2009-02-16 04:00 244 a---h--- C:\sqmnoopt02.sqm
2009-02-14 10:20 <DIR> --d----- c:\docume~1\gonzal~1\datosd~1\Uniblue
2009-02-14 04:35 <DIR> --d----- c:\archivos de programa\Nero
2009-02-14 04:35 <DIR> --d----- c:\archivos de programa\archivos comunes\Ahead
2009-02-14 03:21 <DIR> --d----- c:\documents and settings\gonzalete ete tete\dwhelper
2009-02-13 19:06 <DIR> --d----- c:\archivos de programa\AVG
2009-02-13 15:36 56,832 a------- c:\windows\system32\drivers\UACd.sys
2009-02-13 15:36 <DIR> --d----- c:\docume~1\alluse~1\datosd~1\Quicksys
2009-02-13 15:36 <DIR> --d----- c:\archivos de programa\Quicksys
2009-02-13 15:35 <DIR> --d----- c:\archivos de programa\Quicksys.RegCleaner.2009.v2.1.0.205
2009-02-13 15:26 19,214 a------- c:\windows\system32\sf.ico
2009-02-13 15:26 13,942 a------- c:\windows\system32\m3.ico
2009-02-13 15:26 13,942 a------- c:\windows\system32\c.ico
2009-02-13 15:26 7,662 a------- c:\windows\system32\m.ico
2009-02-13 15:26 4,286 a------- c:\windows\system32\s.ico
2009-02-13 15:26 11,062 a------- c:\windows\system32\p.ico
2009-02-13 15:26 3,182 a------- c:\windows\ios.dat
2009-02-12 03:45 <DIR> --d----- c:\archivos de programa\Emsa DLL Register Tool
2009-02-12 01:43 <DIR> --d----- c:\archivos de programa\CCleaner
2009-02-12 01:31 0 a------- c:\windows\Irremote.ini

==================== Find3M ====================

2009-02-11 08:39 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-11 08:39 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-11 08:39 107,272 a------- c:\windows\system32\drivers\avgtdix.sys

============= FINISH: 18:44:53,53 ===============


Second:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 09/05/2006 12:33:55 p.m.
System Uptime: 27/02/2009 03:27:23 p.m. (3 hours ago)

Motherboard: ECS | | M825VXX
Processor: AMD Athlon™ XP 1800+ | Socket-A | 1533/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 1,619 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Actualización de seguridad para el Reproductor de Windows Media (KB911564)
Actualización de seguridad para el Reproductor de Windows Media 10 (KB911565)
Actualización de seguridad para el Reproductor de Windows Media 10 (KB917734)
Actualización de seguridad para el Reproductor de Windows Media 6.4 (KB925398)
Actualización de seguridad para Windows XP (KB890046)
Actualización de seguridad para Windows XP (KB893066)
Actualización de seguridad para Windows XP (KB893756)
Actualización de seguridad para Windows XP (KB896358)
Actualización de seguridad para Windows XP (KB896422)
Actualización de seguridad para Windows XP (KB896423)
Actualización de seguridad para Windows XP (KB896424)
Actualización de seguridad para Windows XP (KB896428)
Actualización de seguridad para Windows XP (KB899587)
Actualización de seguridad para Windows XP (KB899588)
Actualización de seguridad para Windows XP (KB899589)
Actualización de seguridad para Windows XP (KB899591)
Actualización de seguridad para Windows XP (KB900725)
Actualización de seguridad para Windows XP (KB901017)
Actualización de seguridad para Windows XP (KB901214)
Actualización de seguridad para Windows XP (KB902400)
Actualización de seguridad para Windows XP (KB903235)
Actualización de seguridad para Windows XP (KB904706)
Actualización de seguridad para Windows XP (KB905414)
Actualización de seguridad para Windows XP (KB905749)
Actualización de seguridad para Windows XP (KB905915)
Actualización de seguridad para Windows XP (KB908519)
Actualización de seguridad para Windows XP (KB908531)
Actualización de seguridad para Windows XP (KB911280)
Actualización de seguridad para Windows XP (KB911562)
Actualización de seguridad para Windows XP (KB911567)
Actualización de seguridad para Windows XP (KB911927)
Actualización de seguridad para Windows XP (KB912812)
Actualización de seguridad para Windows XP (KB912919)
Actualización de seguridad para Windows XP (KB913433)
Actualización de seguridad para Windows XP (KB913446)
Actualización de seguridad para Windows XP (KB913580)
Actualización de seguridad para Windows XP (KB914388)
Actualización de seguridad para Windows XP (KB914389)
Actualización de seguridad para Windows XP (KB916281)
Actualización de seguridad para Windows XP (KB917159)
Actualización de seguridad para Windows XP (KB917344)
Actualización de seguridad para Windows XP (KB917422)
Actualización de seguridad para Windows XP (KB917953)
Actualización de seguridad para Windows XP (KB918439)
Actualización de seguridad para Windows XP (KB918899)
Actualización de seguridad para Windows XP (KB919007)
Actualización de seguridad para Windows XP (KB920213)
Actualización de seguridad para Windows XP (KB920214)
Actualización de seguridad para Windows XP (KB920670)
Actualización de seguridad para Windows XP (KB920683)
Actualización de seguridad para Windows XP (KB920685)
Actualización de seguridad para Windows XP (KB921398)
Actualización de seguridad para Windows XP (KB921883)
Actualización de seguridad para Windows XP (KB922616)
Actualización de seguridad para Windows XP (KB922760)
Actualización de seguridad para Windows XP (KB922819)
Actualización de seguridad para Windows XP (KB923191)
Actualización de seguridad para Windows XP (KB923414)
Actualización de seguridad para Windows XP (KB923689)
Actualización de seguridad para Windows XP (KB923694)
Actualización de seguridad para Windows XP (KB923980)
Actualización de seguridad para Windows XP (KB924191)
Actualización de seguridad para Windows XP (KB924270)
Actualización de seguridad para Windows XP (KB924496)
Actualización de seguridad para Windows XP (KB925454)
Actualización de seguridad para Windows XP (KB925486)
Actualización de seguridad para Windows XP (KB926255)
Actualización para Windows XP (KB894391)
Actualización para Windows XP (KB898461)
Actualización para Windows XP (KB900485)
Actualización para Windows XP (KB900930)
Actualización para Windows XP (KB904942)
Actualización para Windows XP (KB910437)
Actualización para Windows XP (KB916595)
Actualización para Windows XP (KB920872)
Actualización para Windows XP (KB922582)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Illustrator 10
Adobe Reader 7.1.0 - Español
Adobe Reader Japanese Fonts
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.0
Ares 2.0.9
AutoUpdate
AVG Free 8.0
BitTorrent
CCleaner (remove only)
CodecInstaller 2.10.2
Compresor WinRAR
Cool Edit Pro 2.0
DivX Author 1.5
DivX Converter
DivX Player
DivX Web Player
Dolet Light for Finale 2006
DVD Shrink 3.2
Emsa DLL Register Tool 1.0
eMule
EVEREST Ultimate Edition v4.50
Extensión de HighMAT para el Asistente para grabación de CD de Microsoft Windows XP
Finale 2006
FL Studio 7
Folio Views 4.11 - Español
Google Earth
Google Toolbar for Firefox
Google Updater
HijackThis 2.0.2
Hotfix for Windows Media Format SDK (KB902344)
Huawei SmartAX MT810
IL Download Manager
Indeo® Software
InternetTV 7.12
Java™ 6 Update 7
King Kong Screen Saver
Lizardtech DjVu Control
LuckyTender 1.3.0
Maestro
Manual de usuario EPSON
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
MiraScan V4.03
Mozilla Firefox (3.0.6)
Nero 7 Demo
neroxml
OpenOffice.org Installer 1.0
Paquete de proveedor base de servicios de cifrado para tarjetas inteligentes de Microsoft
PC Tools Firewall Plus 4.0
Platform
Portinho 3.0a
PowerDVD
ProSavageDDR and Utilities
Quicksys RegCleaner 2009
RadLight OptimFROG DirectShow Filter (remove only)
ratDVD 0.76.1408
RealPlayer
Reproductor de Windows Media 11
Revisión de Windows XP - KB873333
Revisión de Windows XP - KB873339
Revisión de Windows XP - KB885250
Revisión de Windows XP - KB885835
Revisión de Windows XP - KB885836
Revisión de Windows XP - KB885884
Revisión de Windows XP - KB886185
Revisión de Windows XP - KB887472
Revisión de Windows XP - KB887742
Revisión de Windows XP - KB887797
Revisión de Windows XP - KB888113
Revisión de Windows XP - KB888302
Revisión de Windows XP - KB890047
Revisión de Windows XP - KB890175
Revisión de Windows XP - KB890859
Revisión de Windows XP - KB891781
Revisión de Windows XP - KB893086
Revisión para Windows XP (KB904412)
S.I.Ap.
ScanButton 3.0
ShopperReports
Software de impresora EPSON
Tweak UI
ubi.com
Unlocker 1.8.7
VIA Administrador de dispositivos de plataforma
VIA Audio Driver Setup Program
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Live Asistente para el inicio de sesión
Windows Live installer
Windows Live Messenger
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11

==== Event Viewer Messages From Past Week ========

23/02/2009 03:40:21 p.m., error: Service Control Manager [7000] - El servicio General Purpose USB Driver (adildr.sys) no pudo iniciarse debido al siguiente error: El sistema no puede hallar el archivo especificado.
26/02/2009 11:03:56 p.m., error: Service Control Manager [7031] - El servicio Google Updater Service terminó inesperadamente. Lo ha hecho 1 veces. Se realizará la siguiente acción correctora en 900000 milisegundos: Reiniciar el servicio.
27/02/2009 04:43:31 p.m., error: Service Control Manager [7031] - El servicio Google Updater Service terminó inesperadamente. Lo ha hecho 1 veces. Se realizará la siguiente acción correctora en 900000 milisegundos: Reiniciar el servicio.
27/02/2009 04:43:36 p.m., error: Service Control Manager [7031] - El servicio AVG Free8 WatchDog terminó inesperadamente. Lo ha hecho 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.
27/02/2009 04:44:19 p.m., error: Service Control Manager [7031] - El servicio AVG Free8 WatchDog terminó inesperadamente. Lo ha hecho 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.
27/02/2009 06:04:37 p.m., error: Dhcp [1002] - La concesión de la dirección IP 190.18.226.18 para la tarjeta de red con la dirección de red 000AE6EDF0F0 ha sido denegada por el servidor DHCP 0.0.0.0 (el servidor DHCP envió un mensaje DHCPNACK).
27/02/2009 06:42:24 p.m., error: Service Control Manager [7031] - El servicio Google Updater Service terminó inesperadamente. Lo ha hecho 2 veces. Se realizará la siguiente acción correctora en 900000 milisegundos: Reiniciar el servicio.

==== End Of File ===========================

Thanks, Elpianista.

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 28 February 2009 - 02:47 PM

Hello.

There does not appear to be an infection.

Please give me an update on the symptoms.

With Regards,
The Panda

#5 Elpianista

Elpianista
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 01 March 2009 - 12:27 AM

Thankyou PropagandaPanda (I love animals)

I have minors problems like:
• Sometimes when I minimize a window, this disappears from the task bar. (I’m not sure how to say “Barra de tareas”).
• When I’m Browsing the web, advertisings pop up. (Not many).
• Internet Explorer doesn’t work in two of three users. Only it opens in one.

But what pushes me to post was the difficulty to reinstall Nero 7. I had to reinstall because Nero started an burn error. (Error de grabador sin especificar = something like error because I didn’t choose an engraver). This happens using Nero Burning Rom.

Trying to reinstall, Windows doesn't write some dll's (about 10), and don't let me write manually the dll's using regsvr32 command.
Gives me back errors like Access denied, can´t write the key, something like: can´t find the dll...
Anyway my User have the permission for do that.
I prefer not to use a registry tool because this is forcing when something wrong continues to be wrong.
Finally Nero 7 completes the installation, but how can I trust for record DVD’s or use others functions?

If I haven’t got infections, may be the problem is the Windows Registry. I used Cleaning tools (for Registry) before reinstall but it’s not enough. If this is true I will need an accurate explanation on how to delete all Nero entries, or a link to a tutorial.

Excuse me for my English, I hope to explain myself. Thanyou very much, Elpianista.

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 01 March 2009 - 10:27 AM

Hello.

You English is fine :thumbup2: .

Let's see what we can do. There is a piece of adware in your logs. Please uninstall ShopperReports using Add/Remove Programs.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

Do not use the NTREGOPT that comes with the installation package.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. If you are using Windows Vista, right click the icon and select "Run As Administrator." Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished, you may, remove ERUNT using Add/Remove Programs.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.
  • Double-click ATF-Cleaner.exe to run the program. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
Download and Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :processes
    iexplore.exe
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    [-HKEY_CLASSES_ROOT\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
    [-HKEY_CLASSES_ROOT\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
    [-HKEY_CLASSES_ROOT\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
    [-HKEY_CLASSES_ROOT\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
    
    :files
    c:\archivos de programa\shoppingreport\
    
    :commands
    [emptytemp]
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

Download and run MalwareBytes Anti-Malware
If you already have MBAM installed, simply update and run a quick scan.

Please download Malwarebytes Anti-Malware setup and to your desktop.
alternate download link 1
alternate download link 2

Refer to the steps given here on installing MalwareBytes, running the scan, and saving the log file (not on using File Assasin).
  • If you have trouble updating, try the other mirror download site.
  • Should the computer in question not be able update using the normal method download the update file from here, using another machine if needed. Simple double click the file to install the updates.
  • If MalwareBytes asks to reboot to remove certain items, do so right away.
Please include the scan logfile in your next reply.
Please post back with:
-the OTMoveIt log
-the MalwareBytes scan log
-a new DDS.txt scan log.

Are those popups still occuring?

With Regards,
The Panda

#7 Elpianista

Elpianista
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 02 March 2009 - 04:55 PM

Hi Panda! :thumbup2:

Sorry, this time it takes me a little more.

I forgot to tell you that in a User (also with Internet Explorer run problems), appears an error message when this User log in:

Java Virtual Machine LauncherCould not find the main class. Program will exit.

This start before posting here and after I ran Registry Cleaners.

Other thing: when I uninstall Shopper Reports an application left runing (Portinho) giving me back a error message: Windows haven't got access... may be you don't have permission...

The last thing I forgot is that sometimes I have problems to assing an extension to the corresponding Program (using My Documents, Tools, Folder Options, Kinds of Files...). Or occur unexpected changes (without authorizing a Program to be the default program) in different sessions.
The last time I try was before runing the Malwarebites' log, and I couldn't assing .PDF to Adobe Reader in the User I mentioned above. Anyway is a minor problem (right clic, slect from a list...). Nero problem is bigger.

The logs:
OTMoveIt log:

= PROCESSES ==========
Unable to kill process: iexplore.exe
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}\\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B2}\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\\ not found.
========== FILES ==========
Folder c:\archivos de programa\shoppingreport not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\GONZAL~1\CONFIG~1\Temp\etilqs_Fjb7hBdxo8NGGXdGfZBh scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\GONZALETE ETE TETE\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\cx4g86y3.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\GONZALETE ETE TETE\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\cx4g86y3.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\GONZALETE ETE TETE\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\cx4g86y3.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\GONZALETE ETE TETE\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\cx4g86y3.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\GONZALETE ETE TETE\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\cx4g86y3.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03022009_025816

Files moved on Reboot...
File C:\DOCUME~1\GONZAL~1\CONFIG~1\Temp\etilqs_Fjb7hBdxo8NGGXdGfZBh not found!
C:\Documents and Settings\GONZALETE ETE TETE\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\cx4g86y3.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\GONZALETE ETE TETE\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\cx4g86y3.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\GONZALETE ETE TETE\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\cx4g86y3.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\GONZALETE ETE TETE\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\cx4g86y3.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\GONZALETE ETE TETE\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\cx4g86y3.default\XUL.mfl moved successfully.


I ran the Malwarebytes' two times because I didn't understand the use, and the second find 2 more Registry keys infected.

First:

Malwarebytes' Anti-Malware 1.34
Versión de la Base de Datos: 1814
Windows 5.1.2600 Service Pack 2

02/03/2009 03:24:29 p.m.
mbam-log-2009-03-02 (15-23-51).txt

Tipo de examen : Examen Completo (A:\|C:\|D:\|E:\|)
Objetos examinados: 142007
Tiempo transcurrido: 1 hour(s), 6 minute(s), 24 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 20
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 2
Carpetas Infectadas: 14
Ficheros Infectados: 23

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\Interface\{7a85cdf5-284b-4496-a9a7-dd82fee9dcec} (Rogue.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fcd4b2f5-8793-4e1f-8774-6e520cf6cd79} (Rogue.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{930e7881-d9f3-4293-a24b-23a80c013378} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www2.iesearch.com/) Good: (http://www.google.com/) -> No action taken.

Carpetas Infectadas:
C:\Documents and Settings\ARNALDO\Datos de programa\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ARNALDO\Datos de programa\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ARNALDO\Datos de programa\ShoppingReport\cs\db (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ARNALDO\Datos de programa\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ARNALDO\Datos de programa\ShoppingReport\cs\report (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ARNALDO\Datos de programa\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ROQUE\Datos de programa\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ROQUE\Datos de programa\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ROQUE\Datos de programa\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ROQUE\Datos de programa\ShoppingReport\cs\report (Adware.Shopping.Report) -> No action taken.
C:\Archivos de programa\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Archivos de programa\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Archivos de programa\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Archivos de programa\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.

Ficheros Infectados:
C:\Archivos de programa\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> No action taken.
C:\Documents and Settings\GONZALETE ETE TETE\Datos de programa\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\ARNALDO\Datos de programa\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ARNALDO\Datos de programa\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ARNALDO\Datos de programa\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ARNALDO\Datos de programa\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ARNALDO\Datos de programa\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ARNALDO\Datos de programa\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ROQUE\Datos de programa\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ROQUE\Datos de programa\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\ROQUE\Datos de programa\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Archivos de programa\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
C:\Archivos de programa\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Archivos de programa\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32\sf.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\m3.ico (Malware.Trace) -> No action taken.
C:\Documents and Settings\GONZALETE ETE TETE\Menú Inicio\SMS TRAP.url (Rogue.Link) -> No action taken.
C:\WINDOWS\system32\c.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\m.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\p.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\s.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\ios.dat (Malware.Trace) -> No action taken.

Second:

Malwarebytes' Anti-Malware 1.34
Versión de la Base de Datos: 1814
Windows 5.1.2600 Service Pack 2

02/03/2009 05:01:44 p.m.
mbam-log-2009-03-02 (17-01-24).txt

Tipo de examen : Examen Completo (A:\|C:\|D:\|E:\|)
Objetos examinados: 139539
Tiempo transcurrido: 1 hour(s), 23 minute(s), 11 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 2
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)


DDS log:


DDS (Ver_09-02-01.01) - NTFSx86
Run by GONZALETE ETE TETE at 17:09:05,32 on 02/03/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.54.3082.18.223.15 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: PC Tools Firewall Plus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\ARCHIV~1\AVG\AVG8\avgnsx.exe
C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\GONZALETE ETE TETE\Escritorio\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.ar/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.ar/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\archivos de programa\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\archiv~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.0.926.3450\swg.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\archiv~1\avg\avg8\AVGTOO~1.DLL
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\archivos de programa\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\archivos de programa\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\archivos de programa\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gonzal~1\datosd~1\mozilla\firefox\profiles\cx4g86y3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1896539&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ar/
FF - component: c:\archivos de programa\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\archivos de programa\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\documents and settings\gonzalete ete tete\datos de programa\mozilla\firefox\profiles\cx4g86y3.default\extensions\{ca4d3df2-64ad-4af4-aebe-e7bbe7163ace}\components\FFAlert.dll
FF - plugin: c:\archivos de programa\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-8 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-8 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-8 107272]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-9-2 160792]
R2 avg8wd;AVG Free8 WatchDog;c:\archiv~1\avg\avg8\avgwdsvc.exe [2009-2-13 298264]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\archivos de programa\pc tools firewall plus\FWService.exe [2008-9-2 126200]
R3 FWAuth;FWAuth Driver;c:\windows\system32\drivers\FWAuthdriver.sys [2008-9-2 58136]
R3 Ptserlv;PCTEL Serial Device Driver for VIA;c:\windows\system32\drivers\ptserlv.sys [2008-9-9 130942]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2006-11-7 58288]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2006-12-6 83344]

=============== Created Last 30 ================

2009-03-02 03:33 <DIR> --d----- c:\docume~1\gonzal~1\datosd~1\Malwarebytes
2009-03-02 03:33 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-02 03:33 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-02 03:33 <DIR> --d----- c:\docume~1\alluse~1\datosd~1\Malwarebytes
2009-03-02 03:33 <DIR> --d----- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-03-02 02:58 <DIR> --d----- C:\_OTMoveIt
2009-03-02 01:05 0 a------- C:\~WRD0001.tmp
2009-03-01 18:27 98,304 a------- c:\windows\system32\redmonnt.dll
2009-02-18 23:02 268 a---h--- C:\sqmdata05.sqm
2009-02-18 23:02 244 a---h--- C:\sqmnoopt05.sqm
2009-02-17 17:43 116 a------- c:\windows\NeroDigital.ini
2009-02-17 02:11 268 a---h--- C:\sqmdata04.sqm
2009-02-17 02:11 244 a---h--- C:\sqmnoopt04.sqm
2009-02-16 09:55 268 a---h--- C:\sqmdata03.sqm
2009-02-16 09:55 244 a---h--- C:\sqmnoopt03.sqm
2009-02-16 04:00 268 a---h--- C:\sqmdata02.sqm
2009-02-16 04:00 244 a---h--- C:\sqmnoopt02.sqm
2009-02-14 10:20 <DIR> --d----- c:\docume~1\gonzal~1\datosd~1\Uniblue
2009-02-14 04:35 <DIR> --d----- c:\archivos de programa\Nero
2009-02-14 04:35 <DIR> --d----- c:\archivos de programa\archivos comunes\Ahead
2009-02-14 03:21 <DIR> --d----- c:\documents and settings\gonzalete ete tete\dwhelper
2009-02-13 19:06 <DIR> --d----- c:\archivos de programa\AVG
2009-02-13 15:36 <DIR> --d----- c:\docume~1\alluse~1\datosd~1\Quicksys
2009-02-13 15:36 <DIR> --d----- c:\archivos de programa\Quicksys
2009-02-13 15:35 <DIR> --d----- c:\archivos de programa\Quicksys.RegCleaner.2009.v2.1.0.205
2009-02-12 03:45 <DIR> --d----- c:\archivos de programa\Emsa DLL Register Tool
2009-02-12 01:43 <DIR> --d----- c:\archivos de programa\CCleaner
2009-02-12 01:31 0 a------- c:\windows\Irremote.ini

==================== Find3M ====================

2009-02-11 08:39 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-11 08:39 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-11 08:39 107,272 a------- c:\windows\system32\drivers\avgtdix.sys

============= FINISH: 17:09:46,14 ===============

Thankyou and Sorry for the delay. I uploaded the Attach.txt just in case.

Attached Files



#8 Elpianista

Elpianista
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 02 March 2009 - 05:11 PM

It's me again. Sorry for the Code Box, I wanted to use a square.
And Yes, the popups decrease. Nothing appears when I start Mozilla, just one advertising appeared navigating 2 or 3 minutes.

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 02 March 2009 - 07:05 PM

Hello.

Do the popups occur when using Internet Explorer? What do the popups advertise?

Let's check for any remaining malware, then try to fix the Nero issue.

Update Java to Version 6 Update 12
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please download the installer here. Choose "Windows"

Delete the installer after use.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.

Please also include a new DDS.txt log.

With Regards,
The Panda

#10 Elpianista

Elpianista
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 06 March 2009 - 10:37 PM

Hello my friend: Sorry for my delay, but after many attempts I couldn't scan the PC with the Kaspersky Online Scanner.

Now, first: popups doesn't occur with Internet Explorer. And I've just realised that with Mozilla these advertisings appear just after the start. They don't do nothing, I close them and period. It's rare if reappear later.

I updated Java successfully, but in add/remove programs I had not the list you gave me (Java, J2SE Runtime, Java Runtime, Java Runtime Environment). I only had: Java™ Update 7.........(114 MB)
Should I install an Optional File? Windows kernel?... the other?... or none?

I made different mistakes trying to run the kaspersky scan, and once I let my Dad browses the net without the Resident Shield program activated. A lot of offers, ads... appear so I reinstall Malwarebytes and run four scans. The 2 last give the same result (two Registry keys infected). I can't understand why, because it's supposed to move the files to quarantine.
Everything return to normal with the advertisings.

Finally, the two last Kaspersky scans with the correct Internet Explorer settings, AVG disabled and the Firewall disabled, run to 62% and then the clock stops. And in the Task Administrator? (Ctrl + Alt + Supr) the Scanning process is missing. The last one gives me back the following data:

Files scanned ................ 30076
Threat names ................. 1
infected objects................. 1
Suspicious objects ............ 0
Duration of the scan........... 01:17:39

Scan is running (62%)


Now scanning: places.sqlite
Location: C:\Documents and....les\cx4g86y3.default

And below at the left corner Internet Explorer shows a yellow triangle with the sign: !
Beside this, a message: error en la página (error in the Site?). After minutes changes into: Scanning.
But the complete image is frozen.

I really want to run the scan. Any suggestions? (At the begining kaspersky says to me that the requeriments are ok).


The DDS log:


DDS (Ver_09-02-01.01) - NTFSx86
Run by GONZALETE ETE TETE at 0:06:29,92 on 07/03/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.54.3082.18.223.94 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: PC Tools Firewall Plus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\PC Tools Firewall Plus\FWService.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\ARCHIV~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService.exe
C:\Archivos de programa\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\GONZALETE ETE TETE\Escritorio\Herramientas de Bleeping Computer\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.ar/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.kaspersky.com/kos/eng/partner/default/languages/english/main.html?n=1236125960810
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\archivos de programa\avg\avg8\avgssie.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\archiv~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\archiv~1\avg\avg8\AVGTOO~1.DLL
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [00PCTFW] "c:\archivos de programa\pc tools firewall plus\FirewallGUI.exe" -s
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\archivos de programa\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gonzal~1\datosd~1\mozilla\firefox\profiles\cx4g86y3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1896539&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ar/
FF - component: c:\archivos de programa\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\archivos de programa\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\documents and settings\gonzalete ete tete\datos de programa\mozilla\firefox\profiles\cx4g86y3.default\extensions\{ca4d3df2-64ad-4af4-aebe-e7bbe7163ace}\components\FFAlert.dll
FF - plugin: c:\archivos de programa\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-8 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-8 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-8 107272]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-3-6 159600]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-3-6 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-3-6 95640]
R3 Ptserlv;PCTEL Serial Device Driver for VIA;c:\windows\system32\drivers\ptserlv.sys [2008-9-9 130942]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2006-11-7 58288]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2006-12-6 83344]

=============== Created Last 30 ================

2009-03-06 11:20 132,976 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-06 11:20 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-06 11:20 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-06 11:20 95,640 a------- c:\windows\system32\drivers\pctplfw.sys
2009-03-03 16:24 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-03 16:24 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-02 03:33 <DIR> --d----- c:\docume~1\gonzal~1\datosd~1\Malwarebytes
2009-03-02 03:33 <DIR> --d----- c:\docume~1\alluse~1\datosd~1\Malwarebytes
2009-03-02 02:58 <DIR> --d----- C:\_OTMoveIt
2009-03-02 01:05 0 a------- C:\~WRD0001.tmp
2009-03-01 18:27 98,304 a------- c:\windows\system32\redmonnt.dll
2009-02-18 23:02 268 a---h--- C:\sqmdata05.sqm
2009-02-18 23:02 244 a---h--- C:\sqmnoopt05.sqm
2009-02-17 17:43 116 a------- c:\windows\NeroDigital.ini
2009-02-17 02:11 268 a---h--- C:\sqmdata04.sqm
2009-02-17 02:11 244 a---h--- C:\sqmnoopt04.sqm
2009-02-16 09:55 268 a---h--- C:\sqmdata03.sqm
2009-02-16 09:55 244 a---h--- C:\sqmnoopt03.sqm
2009-02-16 04:00 268 a---h--- C:\sqmdata02.sqm
2009-02-16 04:00 244 a---h--- C:\sqmnoopt02.sqm
2009-02-14 10:20 <DIR> --d----- c:\docume~1\gonzal~1\datosd~1\Uniblue
2009-02-14 04:35 <DIR> --d----- c:\archivos de programa\Nero
2009-02-14 04:35 <DIR> --d----- c:\archivos de programa\archivos comunes\Ahead
2009-02-14 03:21 <DIR> --d----- c:\documents and settings\gonzalete ete tete\dwhelper
2009-02-13 19:06 <DIR> --d----- c:\archivos de programa\AVG
2009-02-13 15:36 <DIR> --d----- c:\docume~1\alluse~1\datosd~1\Quicksys
2009-02-13 15:36 <DIR> --d----- c:\archivos de programa\Quicksys
2009-02-13 15:35 <DIR> --d----- c:\archivos de programa\Quicksys.RegCleaner.2009.v2.1.0.205
2009-02-12 03:45 <DIR> --d----- c:\archivos de programa\Emsa DLL Register Tool
2009-02-12 01:43 <DIR> --d----- c:\archivos de programa\CCleaner
2009-02-12 01:31 0 a------- c:\windows\Irremote.ini

==================== Find3M ====================

2009-02-11 08:39 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-11 08:39 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-11 08:39 107,272 a------- c:\windows\system32\drivers\avgtdix.sys

============= FINISH: 0:08:11,28 ===============

I upload you the Attach log.
Sorry again and Regards. Gonzalo (Elpianista)

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 07 March 2009 - 11:15 AM

Hello.

None of the optional files are needed.

Doesn't worry about Kaspersky. If it only found 1 item more than half way through, it has already gone through the main areas and found them to be clean.

Please give me an update on the symptoms.

With Regards,
The Panda

#12 Elpianista

Elpianista
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 08 March 2009 - 04:15 PM

Hello Panda:

The good new is that Internet Explorer opens in all users.

Popups still occur. Today with I. Explorer in search for "electric cars" appear a Site "Perfspot" for knowing people.
Always starting Mozilla appear advertisings like:
Popular Screen Savers (http://atribalfusion.com...) or New offer! (Mp4...) (http:adserving.cpxinteractive.com...), a Site called Mercado Libre with classifieds (from houses to computers).
Allways I close them and don't bother. Sometimes naviganting appear more. It's never to much invasive.

I still haven't tried reinstall Nero. (Before having this Nero problem, I couldn't install the KLite codec pack, with the same kind of issue: c'ant register dll's).

Sometimes, some windows desappear from the task bar. Or the task bar don't show all the opened windows.

It's sopposed My PC shows the folders of all Documents users. But one is missing for a long time. (This isn't very important)

During these days I learned to use ATF Cleaner, Malwarebytes, Kasperky online Scanner (I think I need more Ram).
Can you give me a link or list the tools needed for keep the PC functioning correctly? I heard about "disk cleaner" and a tool for fix "logic problems".

Thankyou.

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 08 March 2009 - 06:14 PM

Hello.

Temporary file cleaning tools, and defragmenting should be all that is needed.

Let's look further for what is causing these popups.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.

With Regards,
The Panda

#14 Elpianista

Elpianista
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 09 March 2009 - 12:17 AM

Hola: :thumbup2:

I'm not sure if ComboFix downloaded the Recovery Console. It opened a MS DOS Window and when finished, showed me the log with full screen. I minimized the log and this desappeared, also the desktop. So I had to reboot manually.
After this, the original icon of Internet Explorer appeared (without the litlle arrow).

The log:

ComboFix 09-03-06.02 - GONZALETE ETE TETE 2009-03-09 0:29:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.223.77 [GMT -3:00]
Running from: c:\documents and settings\GONZALETE ETE TETE\Escritorio\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: PC Tools Firewall Plus *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\archivos de programa\outlook
c:\archivos de programa\outlook\extend.dat
c:\archivos de programa\outlook\Outlook.pst
c:\documents and settings\GONZALETE ETE TETE\Menú Inicio\Cheap Pharmacy Online.url
c:\documents and settings\GONZALETE ETE TETE\Menú Inicio\Programas\Videos.url
c:\documents and settings\GONZALETE ETE TETE\Menú Inicio\Search Online.url
c:\documents and settings\GONZALETE ETE TETE\Menú Inicio\VIP Casino.url

.
((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-06 11:20 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-06 11:20 . 2008-12-11 12:32 132,976 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-06 11:20 . 2008-12-11 17:01 95,640 --a------ c:\windows\system32\drivers\pctplfw.sys
2009-03-06 11:20 . 2008-12-11 12:32 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-03 16:24 . 2009-03-03 16:23 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-03 16:24 . 2009-03-03 16:23 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-03 16:23 . 2009-03-03 16:23 <DIR> d-------- c:\archivos de programa\Java
2009-03-02 03:33 . 2009-03-06 23:04 <DIR> d-------- c:\documents and settings\GONZALETE ETE TETE\Datos de programa\Malwarebytes
2009-03-02 03:33 . 2009-03-02 03:33 <DIR> d-------- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2009-03-02 02:58 . 2009-03-02 02:58 <DIR> d-------- C:\_OTMoveIt
2009-03-02 01:05 . 2009-03-02 01:05 0 --a------ C:\~WRD0001.tmp
2009-03-01 18:27 . 2007-08-21 08:32 98,304 --a------ c:\windows\system32\redmonnt.dll
2009-02-18 23:02 . 2009-02-18 23:02 268 --ah----- C:\sqmdata05.sqm
2009-02-18 23:02 . 2009-02-18 23:02 244 --ah----- C:\sqmnoopt05.sqm
2009-02-17 17:43 . 2009-03-02 23:33 116 --a------ c:\windows\NeroDigital.ini
2009-02-17 02:11 . 2009-02-17 02:11 268 --ah----- C:\sqmdata04.sqm
2009-02-17 02:11 . 2009-02-17 02:11 244 --ah----- C:\sqmnoopt04.sqm
2009-02-16 09:55 . 2009-02-16 09:55 268 --ah----- C:\sqmdata03.sqm
2009-02-16 09:55 . 2009-02-16 09:55 244 --ah----- C:\sqmnoopt03.sqm
2009-02-16 04:00 . 2009-02-16 04:00 268 --ah----- C:\sqmdata02.sqm
2009-02-16 04:00 . 2009-02-16 04:00 244 --ah----- C:\sqmnoopt02.sqm
2009-02-14 10:20 . 2009-02-14 10:20 <DIR> d-------- c:\documents and settings\GONZALETE ETE TETE\Datos de programa\Uniblue
2009-02-14 04:35 . 2009-02-14 04:35 <DIR> d-------- c:\archivos de programa\Nero
2009-02-14 04:35 . 2009-02-14 04:43 <DIR> d-------- c:\archivos de programa\Archivos comunes\Ahead
2009-02-14 03:21 . 2009-02-14 03:21 <DIR> d-------- c:\documents and settings\GONZALETE ETE TETE\dwhelper
2009-02-13 19:06 . 2009-02-13 19:06 <DIR> d-------- c:\archivos de programa\AVG
2009-02-13 15:36 . 2009-02-13 15:36 <DIR> d-------- c:\documents and settings\All Users\Datos de programa\Quicksys
2009-02-13 15:36 . 2009-02-13 15:36 <DIR> d-------- c:\archivos de programa\Quicksys
2009-02-13 15:35 . 2009-02-13 15:36 <DIR> d-------- c:\archivos de programa\Quicksys.RegCleaner.2009.v2.1.0.205
2009-02-12 17:35 . 2009-02-13 00:18 <DIR> d-------- c:\documents and settings\GONZALETE ETE TETE\Datos de programa\Ahead
2009-02-12 03:45 . 2009-02-12 03:53 <DIR> d-------- c:\archivos de programa\Emsa DLL Register Tool
2009-02-12 01:43 . 2009-02-12 01:43 <DIR> d-------- c:\archivos de programa\CCleaner
2009-02-12 01:31 . 2009-02-12 01:31 0 --a------ c:\windows\Irremote.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 03:23 --------- d---a-w c:\documents and settings\All Users\Datos de programa\TEMP
2009-03-07 15:09 --------- d-----w c:\documents and settings\All Users\Datos de programa\Google Updater
2009-03-06 14:22 --------- d-----w c:\archivos de programa\PC Tools Firewall Plus
2009-03-06 14:22 --------- d-----w c:\archivos de programa\Archivos comunes\PC Tools
2009-03-04 18:23 --------- d-----w c:\archivos de programa\Portinho
2009-03-02 18:26 --------- d-----w c:\documents and settings\GONZALETE ETE TETE\Datos de programa\Desktopicon
2009-02-15 18:01 --------- d-----w c:\documents and settings\GONZALETE ETE TETE\Datos de programa\BitTorrent
2009-02-14 21:00 --------- d-----w c:\archivos de programa\eMule
2009-02-14 07:10 --------- d-----w c:\archivos de programa\Archivos comunes\InstallShield
2009-02-14 07:09 --------- d--h--w c:\archivos de programa\InstallShield Installation Information
2009-02-13 22:03 --------- d-----w c:\documents and settings\All Users\Datos de programa\avg8
2009-02-12 02:46 --------- d-----w c:\documents and settings\ARNALDO\Datos de programa\BitTorrent
2009-02-11 11:39 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-11 11:39 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-11 11:39 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-11 07:05 --------- d-----w c:\archivos de programa\Google
2009-01-29 00:16 --------- d-----w c:\documents and settings\GONZALETE ETE TETE\Datos de programa\DNA
2009-01-09 15:07 --------- d-----w c:\documents and settings\GONZALETE ETE TETE\Datos de programa\LimeWire
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\archivos de programa\PC Tools Firewall Plus\FirewallGUI.exe" [2008-12-11 2652056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-11 08:39 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a--c--- 2007-10-18 11:34 5724184 c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Archivos de programa\\BitTorrent\\bittorrent.exe"=
"c:\\Archivos de programa\\AVG\\AVG8\\avgupd.exe"=
"c:\\Archivos de programa\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-09-08 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-09-08 107272]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-03-06 159600]
R2 avg8wd;AVG Free8 WatchDog;c:\archiv~1\AVG\AVG8\avgwdsvc.exe [2009-02-13 298264]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-03-06 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-03-06 95640]
R3 Ptserlv;PCTEL Serial Device Driver for VIA;c:\windows\system32\drivers\ptserlv.sys [2008-09-09 130942]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2006-11-07 58288]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2006-12-06 83344]
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\B8214B01920EC9C9.job
- c:\docume~1\gonzal~2\datosd~1\closes~1\open lite dog.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.ar/
uInternet Connection Wizard,ShellNext = hxxp://optimizedby.rmxads.com/iframe3?oGoBAAJ7CAChmg0A4tEIAAIBAAAAAP8AAAABEQICAAOpCgUAMEkAAKKgDAAAAAAAAAAAAAAAAAAAAAAAAAAAAP...1.O88k.....X87zyT....9PgaDVP....0-BoNU.I0mSBEvl3j8jSZIES-XePwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMRCHanHv.AVvLKbmWsTgN9Y6SRpRW.GmeU81nwAAAAA=,,http://motor-show.com.ar/2008/07/30/viables-autos-electricos/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\GONZALETE ETE TETE\Datos de programa\Mozilla\Firefox\Profiles\cx4g86y3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1896539&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ar/
FF - component: c:\archivos de programa\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\archivos de programa\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\documents and settings\GONZALETE ETE TETE\Datos de programa\Mozilla\Firefox\Profiles\cx4g86y3.default\extensions\{ca4d3df2-64ad-4af4-aebe-e7bbe7163ace}\components\FFAlert.dll
FF - plugin: c:\archivos de programa\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 00:32:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Avg\Avg8]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\ACD Systems\PlugIns\V2\InfoCache]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Ahead\Shared\RemoteCtrl]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Benq Corporation\MiraScan V4.03]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\.AAC\OpenWithList]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\.bmp\UndoClass]
@DACL=(02 0000)
@="Paint.Picture"

[HKEY_LOCAL_MACHINE\software\Classes\.gif\UndoClass]
@DACL=(02 0000)
@="giffile"

[HKEY_LOCAL_MACHINE\software\Classes\.ico\OpenWithList]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\.ico\UndoClass]
@DACL=(02 0000)
@="icofile"

[HKEY_LOCAL_MACHINE\software\Classes\.IFF\OpenWithList]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\.IFF\OpenWithList\Audition.exe]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\.jfif\UndoClass]
@DACL=(02 0000)
@="pjpegfile"

[HKEY_LOCAL_MACHINE\software\Classes\.jpeg\UndoClass]
@DACL=(02 0000)
@="jpegfile"

[HKEY_LOCAL_MACHINE\software\Classes\.jpg\UndoClass]
@DACL=(02 0000)
@="jpegfile"

[HKEY_LOCAL_MACHINE\software\Classes\.mod\OpenWithList]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\.mod\OpenWithProgIds]
@DACL=(02 0000)
"mpegfile"=hex(0):

[HKEY_LOCAL_MACHINE\software\Classes\.MP4\shellex]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\.nfo\Infobase]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\.OGG\ShellEx]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\.png\UndoClass]
@DACL=(02 0000)
@="pngfile"

[HKEY_LOCAL_MACHINE\software\Classes\.psd\OpenWithList]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\.psd\ShellNew]
@DACL=(02 0000)
"NullFile"=""

[HKEY_LOCAL_MACHINE\software\Classes\.stm\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKEY_LOCAL_MACHINE\software\Classes\.tif\UndoClass]
@DACL=(02 0000)
@="MSPaper.Document"

[HKEY_LOCAL_MACHINE\software\Classes\.tiff\UndoClass]
@DACL=(02 0000)
@="MSPaper.Document"

[HKEY_LOCAL_MACHINE\software\Classes\.wmf\UndoClass]
@DACL=(02 0000)
@="wmffile"

[HKEY_LOCAL_MACHINE\software\Classes\Adobe.Illustrator.dwg\CLSID]
@DACL=(02 0000)
@="{C0ED15F0-61BB-11d3-B6CA-00C04F6A0D06}"

[HKEY_LOCAL_MACHINE\software\Classes\Adobe.Illustrator.dwg\DefaultIcon]
@DACL=(02 0000)
@="c:\\Archivos de programa\\Adobe\\Illustrator 10\\Support Files\\Contents\\Windows\\Illustrator.exe,12"

[HKEY_LOCAL_MACHINE\software\Classes\Adobe.Illustrator.dwg\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Adobe.Illustrator.dxf\CLSID]
@DACL=(02 0000)
@="{C0ED15F0-61BB-11d3-B6CA-00C04F6A0D06}"

[HKEY_LOCAL_MACHINE\software\Classes\Adobe.Illustrator.dxf\DefaultIcon]
@DACL=(02 0000)
@="c:\\Archivos de programa\\Adobe\\Illustrator 10\\Support Files\\Contents\\Windows\\Illustrator.exe,13"

[HKEY_LOCAL_MACHINE\software\Classes\Adobe.Illustrator.dxf\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Applications\ACDSee8.exe\shell]
@DACL=(02 0000)
@="Open"

[HKEY_LOCAL_MACHINE\software\Classes\Applications\Audition.exe\shell]
@DACL=(02 0000)
@="Edit"

[HKEY_LOCAL_MACHINE\software\Classes\Applications\BackItUp.exe\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Applications\Flash.exe\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Applications\GOM.exe\shell]
@DACL=(02 0000)
@="open"

[HKEY_LOCAL_MACHINE\software\Classes\Applications\javaw.exe\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Applications\NBR.exe\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Applications\NeroMediaPlayer.exe\shell]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\software\Classes\Applications\Photoshp.exe\shell]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\software\Classes\Applications\RegCloneDVD.exe\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Applications\SAFlashPlayer.exe\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Applications\Winamp.exe\shell]
@DACL=(02 0000)
@="Play"

[HKEY_LOCAL_MACHINE\software\Classes\bak_auto_file\shell]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\software\Classes\cdr_auto_file\shell]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ProgID]
@DACL=(02 0000)
@="IDMIECC.IDMIEHlprObj.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\TypeLib]
@DACL=(02 0000)
@="{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\VersionIndependentProgID]
@DACL=(02 0000)
@="IDMIECC.IDMIEHlprObj"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0dabacb1-1a16-4082-a610-3d0b3a2a94fc}\ProgID]
@DACL=(02 0000)
@="CDDBUIControlWinamp5.CddbWinamp5UI.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0dabacb1-1a16-4082-a610-3d0b3a2a94fc}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0dabacb1-1a16-4082-a610-3d0b3a2a94fc}\TypeLib]
@DACL=(02 0000)
@="{70891d64-b465-4e35-bbfa-6772bb37c966}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0dabacb1-1a16-4082-a610-3d0b3a2a94fc}\VersionIndependentProgID]
@DACL=(02 0000)
@="CDDBUIControlWinamp5.CddbWinamp5UI"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{13E48F16-C974-45BE-816E-2D7E2DAE668E}\ProgID]
@DACL=(02 0000)
@="ZbTaskMovieExportDES.TME_MovieExport.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{13E48F16-C974-45BE-816E-2D7E2DAE668E}\TypeLib]
@DACL=(02 0000)
@="{AB37A450-A651-467A-98D4-6383FB5D2C3A}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{13E48F16-C974-45BE-816E-2D7E2DAE668E}\VersionIndependentProgID]
@DACL=(02 0000)
@="ZbTaskMovieExportDES.TME_MovieExport"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1B223E5B-0C2E-47DE-941E-95DFB73FF697}\ProgID]
@DACL=(02 0000)
@="GLConfigInfo.CoSupportedGames.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1B223E5B-0C2E-47DE-941E-95DFB73FF697}\VersionIndependentProgID]
@DACL=(02 0000)
@="GLConfigInfo.CoSupportedGames"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1FDCE279-48F6-451F-83A6-F67874552B94}\ProgID]
@DACL=(02 0000)
@="ZbTaskMovieDesk.TMD_MovieDeskTask.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1FDCE279-48F6-451F-83A6-F67874552B94}\TypeLib]
@DACL=(02 0000)
@="{44007D26-9B94-4E42-848A-CE75CD473131}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1FDCE279-48F6-451F-83A6-F67874552B94}\VersionIndependentProgID]
@DACL=(02 0000)
@="ZbTaskMovieDesk.TMD_MovieDeskTask"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{367C7F98-00F6-11D5-9780-0050046C5995}\ProgID]
@DACL=(02 0000)
@="GLirc.CoIrc.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{367C7F98-00F6-11D5-9780-0050046C5995}\TypeLib]
@DACL=(02 0000)
@="{367C7F88-00F6-11D5-9780-0050046C5995}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{367C7F98-00F6-11D5-9780-0050046C5995}\VersionIndependentProgID]
@DACL=(02 0000)
@="GLirc.CoIrc"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3FB50047-738F-11D4-A39E-0001023B4289}\Implemented Categories]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3FB50047-738F-11D4-A39E-0001023B4289}\ProgID]
@DACL=(02 0000)
@="GLFriendsPlugin.CoFriendsPlugin.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3FB50047-738F-11D4-A39E-0001023B4289}\TypeLib]
@DACL=(02 0000)
@="{3FB50037-738F-11D4-A39E-0001023B4289}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3FB50047-738F-11D4-A39E-0001023B4289}\VersionIndependentProgID]
@DACL=(02 0000)
@="GLFriendsPlugin.CoFriendsPlugin"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\Control]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\Insertable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\MiscStatus]
@DACL=(02 0000)
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\ProgID]
@DACL=(02 0000)
@="RFXInstMgr.RFXInstMgr.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\TypeLib]
@DACL=(02 0000)
@="{47f59201-8783-11d2-8343-00a0c945a819 }"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\Version]
@DACL=(02 0000)
@="1.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\VersionIndependentProgID]
@DACL=(02 0000)
@="RFXInstMgr.RFXInstMgr"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}\Control]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}\Insertable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}\MiscStatus]
@DACL=(02 0000)
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}\ProgID]
@DACL=(02 0000)
@="XceedSoftware.XceedCompression.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}\TypeLib]
@DACL=(02 0000)
@="{DB797681-40E0-11D2-9BD5-0060082AE372}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}\Verb]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}\Version]
@DACL=(02 0000)
@="4.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}\VersionIndependentProgID]
@DACL=(02 0000)
@="XceedSoftware.XceedCompression"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Control]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Insertable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus]
@DACL=(02 0000)
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ProgID]
@DACL=(02 0000)
@="DownlWithIDM.LinkProcessor.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\TypeLib]
@DACL=(02 0000)
@="{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Version]
@DACL=(02 0000)
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\VersionIndependentProgID]
@DACL=(02 0000)
@="DownlWithIDM.LinkProcessor"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\ProgID]
@DACL=(02 0000)
@="IDMGetAll.IDMAllLinksProcessor.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib]
@DACL=(02 0000)
@="{37294E01-DB54-43AF-9D50-93FF7267DF5D}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\VersionIndependentProgID]
@DACL=(02 0000)
@="IDMGetAll.IDMAllLinksProcessor"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59A0A86A-D4C4-4C97-87D0-7CF0C18A8185}\ProgID]
@DACL=(02 0000)
@="ZbTask_MovieToStill.TMD_MovieToStill.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59A0A86A-D4C4-4C97-87D0-7CF0C18A8185}\TypeLib]
@DACL=(02 0000)
@="{07DFBCF0-D2A9-44EC-96C6-04926FD05B27}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59A0A86A-D4C4-4C97-87D0-7CF0C18A8185}\VersionIndependentProgID]
@DACL=(02 0000)
@="ZbTask_MovieToStill.TMD_MovieToStill"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{69E9B473-22E6-471D-8683-84BD1E4BECE1}\ProgID]
@DACL=(02 0000)
@="CDDBControl.CDDBControl2.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{69E9B473-22E6-471D-8683-84BD1E4BECE1}\VersionIndependentProgID]
@DACL=(02 0000)
@="CDDBControl.CDDBControl2"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6A5A6B52-0C60-D276-4C69-CCEA2DA1570D}\Implemented Categories]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6A5A6B52-0C60-D276-4C69-CCEA2DA1570D}\ProgID]
@DACL=(02 0000)
@="GLConfigInfo.CoAppInfo.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6A5A6B52-0C60-D276-4C69-CCEA2DA1570D}\VersionIndependentProgID]
@DACL=(02 0000)
@="GLConfigInfo.CoAppInfo"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7A49D581-3E1C-45f8-A82F-ABD77D2BCAA4}\InprocServer32]
@DACL=(02 0000)
"Settings"="&Éc¤ÔiDþLcÖó$çóÉDÂ2ÊeilcÖó)çóÉ¢LÔÌL¢ÊÖó±çóÉc¤Ôi|Lc8ÂciÖó&É2iÂ=ÖóÓ))HçóÉÔ|¢cºÖóHçóÉDÂ2ÖóÓ)zçóÉvÂÊc=L¢8ÂciÖó&É2iÂ=ÖóÓ))rçóÉÔ|¢cºÖóHçóÉDÂ2Öó$)zz"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7A49D581-3E1C-45f8-A82F-ABD77D2BCAA4}\ProgID]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7F01D560-A498-48B6-76AF-22218BB9F398}\ProgID]
@DACL=(02 0000)
@="Zb_ui.BSTRVariantMap.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7F01D560-A498-48B6-76AF-22218BB9F398}\TypeLib]
@DACL=(02 0000)
@="{50078E1A-59AA-972C-B27D-745D6EE365A7}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7F01D560-A498-48B6-76AF-22218BB9F398}\VersionIndependentProgID]
@DACL=(02 0000)
@="Zb_ui.BSTRVariantMap"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{842FCA95-BD90-11D5-97B5-0050046C5995}\ProgID]
@DACL=(02 0000)
@="GLPing.Ping.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{842FCA95-BD90-11D5-97B5-0050046C5995}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{842FCA95-BD90-11D5-97B5-0050046C5995}\TypeLib]
@DACL=(02 0000)
@="{20261654-BD9C-11D5-97B5-0050046C5995}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{842FCA95-BD90-11D5-97B5-0050046C5995}\VersionIndependentProgID]
@DACL=(02 0000)
@="GLPing.Ping"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{89E05C7A-3357-45ED-8C96-8E83B526DBD9}\ProgID]
@DACL=(02 0000)
@="GLHost.Host.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{89E05C7A-3357-45ED-8C96-8E83B526DBD9}\TypeLib]
@DACL=(02 0000)
@="{83259057-5BD2-4BA1-BC9B-C15D1EE9694F}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{89E05C7A-3357-45ED-8C96-8E83B526DBD9}\VersionIndependentProgID]
@DACL=(02 0000)
@="GLHost.Host"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{92B4DDAA-CE55-4612-8F3A-6F11E24E3721}\ProgID]
@DACL=(02 0000)
@="VersionFinder.Finder.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{92B4DDAA-CE55-4612-8F3A-6F11E24E3721}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{92B4DDAA-CE55-4612-8F3A-6F11E24E3721}\TypeLib]
@DACL=(02 0000)
@="{9484A729-674E-4D8A-BC0A-0595F4722960}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{92B4DDAA-CE55-4612-8F3A-6F11E24E3721}\VersionIndependentProgID]
@DACL=(02 0000)
@="VersionFinder.Finder"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9AB49752-747A-11D5-97A4-0050046C5995}\ProgID]
@DACL=(02 0000)
@="GLConfigInfo.CoGameConfig.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9AB49752-747A-11D5-97A4-0050046C5995}\VersionIndependentProgID]
@DACL=(02 0000)
@="GLConfigInfo.CoGameConfig"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9B4DEE67-3283-4C5B-B204-D94ACA9BE51C}\ProgID]
@DACL=(02 0000)
@="GLConfigInfo.CoAppInfo.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9B4DEE67-3283-4C5B-B204-D94ACA9BE51C}\VersionIndependentProgID]
@DACL=(02 0000)
@="GLConfigInfo.CoAppInfo"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A64DCF18-1178-11D5-9786-0050046C5995}\ProgID]
@DACL=(02 0000)
@="FileXFer.Transfer.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A64DCF18-1178-11D5-9786-0050046C5995}\TypeLib]
@DACL=(02 0000)
@="{A64DCF07-1178-11D5-9786-0050046C5995}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A64DCF18-1178-11D5-9786-0050046C5995}\VersionIndependentProgID]
@DACL=(02 0000)
@="FileXFer.Transfer"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC5F4A45-F78D-11d4-977C-0050046C5995}\ProgID]
@DACL=(02 0000)
@="GLConfigInfo.CoGameFinder.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC5F4A45-F78D-11d4-977C-0050046C5995}\VersionIndependentProgID]
@DACL=(02 0000)
@="GLConfigInfo.CoGameFinder"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADD8D42B-D9DA-404C-992B-2E45D467722D}\ProgID]
@DACL=(02 0000)
@="GLConfigInfo.CoExtendedConfig.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADD8D42B-D9DA-404C-992B-2E45D467722D}\VersionIndependentProgID]
@DACL=(02 0000)
@="GLConfigInfo.CoExtendedConfig"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDB125A2-433F-43F8-ABC5-2F82424287F2}\ProgID]
@DACL=(02 0000)
@="GLPlugin.Plugin.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDB125A2-433F-43F8-ABC5-2F82424287F2}\TypeLib]
@DACL=(02 0000)
@="{ED26FA88-1322-4456-AF42-74D7187620C5}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDB125A2-433F-43F8-ABC5-2F82424287F2}\VersionIndependentProgID]
@DACL=(02 0000)
@="GLPlugin.Plugin"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bfe639ee-762e-46c4-ae7c-3c34ccc317ff}\ProgID]
@DACL=(02 0000)
@="CDDBControlWinamp5.CddbCredit.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bfe639ee-762e-46c4-ae7c-3c34ccc317ff}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bfe639ee-762e-46c4-ae7c-3c34ccc317ff}\TypeLib]
@DACL=(02 0000)
@="{092c84ce-ce92-439f-9c12-997beea855d2}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bfe639ee-762e-46c4-ae7c-3c34ccc317ff}\VersionIndependentProgID]
@DACL=(02 0000)
@="CDDBControlWinamp5.CddbCredit"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c2e21ac1-675c-4cae-ba0c-98d25a5e5b84}\ProgID]
@DACL=(02 0000)
@="CDDBControlWinamp5.CddbDisc.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c2e21ac1-675c-4cae-ba0c-98d25a5e5b84}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c2e21ac1-675c-4cae-ba0c-98d25a5e5b84}\TypeLib]
@DACL=(02 0000)
@="{092c84ce-ce92-439f-9c12-997beea855d2}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c2e21ac1-675c-4cae-ba0c-98d25a5e5b84}\VersionIndependentProgID]
@DACL=(02 0000)
@="CDDBControlWinamp5.CddbDisc"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CF1EE762-7B0B-4B2E-A085-53BB14FB1A1F}\ProgID]
@DACL=(02 0000)
@="Zb_ui.BSTRVariantMap.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CF1EE762-7B0B-4B2E-A085-53BB14FB1A1F}\TypeLib]
@DACL=(02 0000)
@="{89EDF739-5602-D785-23E2-7FE02AA66B9D}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CF1EE762-7B0B-4B2E-A085-53BB14FB1A1F}\VersionIndependentProgID]
@DACL=(02 0000)
@="Zb_ui.BSTRVariantMap"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\Control]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\Insertable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\MiscStatus]
@DACL=(02 0000)
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\ProgID]
@DACL=(02 0000)
@="XceedSoftware.XceedZip.4"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\TypeLib]
@DACL=(02 0000)
@="{DB797681-40E0-11D2-9BD5-0060082AE372}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\Verb]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\Version]
@DACL=(02 0000)
@="4.2"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\VersionIndependentProgID]
@DACL=(02 0000)
@="XceedSoftware.XceedZip"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f1110c60-736a-4d58-8e2a-4935dfcf9ac7}\ProgID]
@DACL=(02 0000)
@="CDDBControlWinamp5.CddbFullName.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f1110c60-736a-4d58-8e2a-4935dfcf9ac7}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f1110c60-736a-4d58-8e2a-4935dfcf9ac7}\TypeLib]
@DACL=(02 0000)
@="{092c84ce-ce92-439f-9c12-997beea855d2}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f1110c60-736a-4d58-8e2a-4935dfcf9ac7}\VersionIndependentProgID]
@DACL=(02 0000)
@="CDDBControlWinamp5.CddbFullName"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}\Control]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}\Insertable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}\MiscStatus]
@DACL=(02 0000)
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}\ProgID]
@DACL=(02 0000)
@="CDDBControlWinamp5.CDDBWinamp5Control.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}\TypeLib]
@DACL=(02 0000)
@="{092c84ce-ce92-439f-9c12-997beea855d2}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}\Version]
@DACL=(02 0000)
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}\VersionIndependentProgID]
@DACL=(02 0000)
@="CDDBControlWinamp5.CDDBWinamp5Control"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F70F8A55-C490-11D4-9770-0050046C5995}\Implemented Categories]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F70F8A55-C490-11D4-9770-0050046C5995}\ProgID]
@DACL=(02 0000)
@="LobbyPlugin.CoLobbyPlugin.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F70F8A55-C490-11D4-9770-0050046C5995}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F70F8A55-C490-11D4-9770-0050046C5995}\TypeLib]
@DACL=(02 0000)
@="{F70F8A45-C490-11D4-9770-0050046C5995}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F70F8A55-C490-11D4-9770-0050046C5995}\VersionIndependentProgID]
@DACL=(02 0000)
@="LobbyPlugin.CoLobbyPlugin"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F9E7587D-871C-4944-9CEE-FDF6F70AAB60}\InprocServer32]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F9E7587D-871C-4944-9CEE-FDF6F70AAB60}\ProgID]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Flash.ActionScript\DefaultIcon]
@DACL=(02 0000)
@="c:\\ARCHIV~1\\MACROM~1\\FLASH8~2\\Flash.exe,2"

[HKEY_LOCAL_MACHINE\software\Classes\Flash.ActionScript\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib]
@DACL=(02 0000)
@="{29D67D3C-509A-4544-903F-C8C1B8236554}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib]
@DACL=(02 0000)
@="{E47CAEE0-DEEA-464A-9326-3F2801535A4D}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"

[HKEY_LOCAL_MACHINE\software\Classes\MsnPhotoUpload.PhotoUploadCtl.1\CLSID]
@DACL=(02 0000)
@="{4F1E5B1A-2A80-42ca-8532-2D05CB959537}"

[HKEY_LOCAL_MACHINE\software\Classes\MyWebSearch.PseudoTransparentPlugin\CLSID]
@DACL=(02 0000)
@="{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}"

[HKEY_LOCAL_MACHINE\software\Classes\MyWebSearch.PseudoTransparentPlugin\CurVer]
@DACL=(02 0000)
@="MyWebSearch.PseudoTransparentPlugin.1"

[HKEY_LOCAL_MACHINE\software\Classes\MyWebSearch.PseudoTransparentPlugin.1\CLSID]
@DACL=(02 0000)
@="{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}"

[HKEY_LOCAL_MACHINE\software\Classes\NeroAACType\DefaultIcon]
@DACL=(02 0000)
@="c:\\ARCHIV~1\\Ahead\\nero\\nero.exe,18"

[HKEY_LOCAL_MACHINE\software\Classes\NeroAACType\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\NeroCopyType\DefaultIcon]
@DACL=(02 0000)
@="c:\\ARCHIV~1\\Ahead\\nero\\nero.exe,6"

[HKEY_LOCAL_MACHINE\software\Classes\NeroCopyType\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\NeroCueSheetType\DefaultIcon]
@DACL=(02 0000)
@="c:\\ARCHIV~1\\Ahead\\nero\\nero.exe,5"

[HKEY_LOCAL_MACHINE\software\Classes\NeroCueSheetType\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\NeroErrorType\DefaultIcon]
@DACL=(02 0000)
@="c:\\ARCHIV~1\\Ahead\\nero\\nero.exe,10"

[HKEY_LOCAL_MACHINE\software\Classes\NeroErrorType\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\NeroHDBackupType\DefaultIcon]
@DACL=(02 0000)
@="c:\\ARCHIV~1\\Ahead\\nero\\nero.exe,14"

[HKEY_LOCAL_MACHINE\software\Classes\NeroHDBackupType\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Photoshop.Application.6\Clsid]
@DACL=(02 0000)
@="{6DECC242-87EF-11cf-86B4-444553540000} "

[HKEY_LOCAL_MACHINE\software\Classes\Photoshop.Image.6\CLSID]
@DACL=(02 0000)
@="{5F246A9A-A919-11d3-AB60-00C04FA3014E}"

[HKEY_LOCAL_MACHINE\software\Classes\Photoshop.Image.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\backup\\Archivos de programa\\Adobe\\Photoshop 6.0\\Photoshp.exe,1"

[HKEY_LOCAL_MACHINE\software\Classes\Photoshop.Image.6\Insertable]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\software\Classes\Photoshop.Image.6\protocol]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\software\Classes\Photoshop.Image.6\shell]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\software\Classes\Photoshop.Image.6\shellex]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\software\Classes\Photoshop.PlugIn\DefaultIcon]
@DACL=(02 0000)
@="c:\\backup\\Archivos de programa\\Adobe\\Photoshop 6.0\\Photoshp.exe,2"

[HKEY_LOCAL_MACHINE\software\Classes\Photoshop.PlugIn\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Embed:6.0\File1\Netscape6]
@DACL=(02 0000)
@="1"

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Embed:6.0\File1\Version]
@DACL=(02 0000)
@="6.0.12.46"

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Embed:6.0\File4\Netscape6]
@DACL=(02 0000)
@="1"

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Free:6.0\File12\ACCESSPOINT]
@DACL=(02 0000)
@="DESKTOP"

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Playerfiles:6.0\File39\Netscape6]
@DACL=(02 0000)
@="1"

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Playerfiles:6.0\File39\Version]
@DACL=(02 0000)
@="6.0.12.46"

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Playerfiles:6.0\File41\Netscape6]
@DACL=(02 0000)
@="1"

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Playerfiles:6.0\File41\Version]
@DACL=(02 0000)
@="6.0.12.46"

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Playerfiles:6.0\File42\Netscape6]
@DACL=(02 0000)
@="1"

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\rjjava:1.0\File0\Netscape6]
@DACL=(02 0000)
@="1"

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\rjjava:1.0\File0\Version]
@DACL=(02 0000)
@="1.0.3.46"

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\rjjava:1.0\File2\Netscape6]
@DACL=(02 0000)
@="1"

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\rjjava:1.0\File2\Version]
@DACL=(02 0000)
@="1.0.3.46"

[HKEY_LOCAL_MACHINE\software\Classes\SoundTrax.Project\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\srt_auto_file\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Tipo video NeroHDB\DefaultIcon]
@DACL=(02 0000)
@="c:\\ARCHIV~1\\Ahead\\Nero\\nero.exe,8"

[HKEY_LOCAL_MACHINE\software\Classes\Tipo video NeroHDB\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\TMP_auto_file\shell]
@DACL=(02 0000)
@="Open"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{01C4D4A1-099C-11D3-B6AC-00105A69E391}\1.0]
@DACL=(02 0000)
@="DatabaseManager 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{0684C059-07DD-4B2E-8A1B-D75A6CE591FB}\1.1]
@DACL=(02 0000)
@="NeroVision API 1.1 Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{18E93FFC-C474-4F52-89E0-BF65F00DCCCD}\1.0]
@DACL=(02 0000)
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{19D9631D-F5BA-4137-B806-5B933951D013}\2.0]
@DACL=(02 0000)
@="Microsoft Forms 2.0 Object Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{20261654-BD9C-11D5-97B5-0050046C5995}\1.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{232E6276-81A8-4C5D-8B2F-D64E3FE453DB}\1.0]
@DACL=(02 0000)
@="OPUC 1.1 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{2EE8034A-A9DB-41D4-8942-309BAFD6DF4C}\2.0]
@DACL=(02 0000)
@="Microsoft Forms 2.0 Object Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{367C7F88-00F6-11D5-9780-0050046C5995}\1.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0]
@DACL=(02 0000)
@="IDMGetAll 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{39EB71B1-D410-47C6-BCCA-15B9E2C3A9BD}\1.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0]
@DACL=(02 0000)
@="IDMIECC 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{3FB50037-738F-11D4-A39E-0001023B4289}\1.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{445EC413-DC02-4EBE-B8D3-7AB38D4A1DDD}\1.0]
@DACL=(02 0000)
@="Canon MovieEdit Task Effects Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{46295CB8-D71B-11DA-8750-001185653D78}\1.0]
@DACL=(02 0000)
@="UserBroker library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{46B0BA1A-E257-4812-8E2F-2808E6F52449}\2.0]
@DACL=(02 0000)
@="Microsoft Forms 2.0 Object Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{47F59201-8783-11D2-8343-00A0C945A819}\1.1]
@DACL=(02 0000)
@="RichFX Installation Manager 1.1 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{4B0AB3E1-80F1-11cf-86B4-444553540000}\6.0]
@DACL=(02 0000)
@="Photoshop 6.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0]
@DACL=(02 0000)
@="downlWithIDM 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{6CC9E306-67AE-11D2-A24A-0060979C8AB8}\1.0]
@DACL=(02 0000)
@="PhotoRecord"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{83259057-5BD2-4BA1-BC9B-C15D1EE9694F}\1.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{9484A729-674E-4D8A-BC0A-0595F4722960}\1.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{9971FA8A-8480-48DA-AA05-89C7FC09E6C7}\2.0]
@DACL=(02 0000)
@="Microsoft Forms 2.0 Object Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{A64DCF07-1178-11D5-9786-0050046C5995}\1.0]
@DACL=(02 0000)
@="FileXFer 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{AAAF0528-2124-4DBD-9C63-C91E8C938A01}\2.0]
@DACL=(02 0000)
@="ProtectorExe 2.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{BF84BFD8-B411-4948-9BDA-3A6C02CE7BD4}\1.2]
@DACL=(02 0000)
@="NeroVision API 1.2 Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{BF84BFD8-B411-4948-9BDA-3A6C02CE7BD4}\1.3]
@DACL=(02 0000)
@="NeroVision API 1.3 Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\3.0]
@DACL=(02 0000)
@="protector_dllLib"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{CD45B18D-BAE8-4BE7-9B27-CEBBF7C2FC9B}\2.0]
@DACL=(02 0000)
@="Microsoft Forms 2.0 Object Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D894501B-1FB8-4AD0-AFE2-F26B40EFAF7E}\2.0]
@DACL=(02 0000)
@="Microsoft Forms 2.0 Object Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}\4.2]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{E5490FE9-0B9E-422C-8078-394745FE47EB}\2.0]
@DACL=(02 0000)
@="Microsoft Forms 2.0 Object Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0]
@DACL=(02 0000)
@="IDMan 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{ED26FA88-1322-4456-AF42-74D7187620C5}\1.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{EE8F1C15-C9D9-4FEA-B288-D45955098599}\2.0]
@DACL=(02 0000)
@="Microsoft Forms 2.0 Object Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{F70F8A45-C490-11D4-9770-0050046C5995}\1.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Zb.AutoplayHandler\Shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Clients\Media\Winamp\DefaultIcon]
@DACL=(02 0000)
@="c:\\Archivos de programa\\Winamp\\Winamp.exe,1"

[HKEY_LOCAL_MACHINE\software\Clients\Media\Winamp\InstallInfo]
@DACL=(02 0000)
"IconsVisible"=dword:00000000
"ReinstallCommand"="\"c:\\Archivos de programa\\Winamp\\Winamp.exe\" /REG=AVCDL"
"ShowIconsCommand"="\"c:\\Archivos de programa\\Winamp\\Winamp.exe\" /REG=AVCDL"
"HideIconsCommand"="\"c:\\Archivos de programa\\Winamp\\Winamp.exe\" /UNREG"

[HKEY_LOCAL_MACHINE\software\Clients\Media\Winamp\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\CyberLink\PowerDVD\7.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\CyberLink\PowerDVD\BuildInfo]
@DACL=(02 0000)
"SR_No"="DVD060324-02"
"Setup"="060429"
"RC"="060502"
"Help"="060428"
"Readme"="060421"
"Skin"="060425"
"OlReg"="060413v3(Unicode)"
"RegRC"="060427v3"
"TrialDialog RC"="060418"
"Ver"="7.0.1702.0"
"Utility"="1226"
"UI"="1629"
"Registry"="-"
"DShow"="1625c"
"AVSetting"="1529"
"CPXM"="2207"
"Other"="1613"
"CL264"="1528a"
"Pou"="1613a"
"TrialDialog"="060310_PowerDVD7"
"Sim"="1621"
"UPnP"="1621"
"RichVideo"="1226"

[HKEY_LOCAL_MACHINE\software\CyberLink\PowerDVD\DXM_X.FT]
@DACL=(02 0000)
"DXM_X.FT"=hex:00,00,00,00,01,00,00,00,4d,00,50,00,45,00,47,00,34,00,20,00,41,
00,56,00,43,00,20,00,66,00,69,00,6c,00,65,00,73,00,20,00,28,00,2a,00,2e,00,\

[HKEY_LOCAL_MACHINE\software\CyberLink\PowerDVD\UserReg]
@DACL=(02 0000)
"SR_No"="DVD060324-02"
"Prod_Name"="PowerDVD"
"Prod_Ver"="7.0"
"CustomerNO"="2581"
"Hardware"=""
"Channel"="iSales"
"RegVType"="Deluxe"

[HKEY_LOCAL_MACHINE\software\Fengtao Software\DVDFab Platinum]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Fengtao Software\DVDIdle Pro]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\GoldEsel\Nero Reloaded PlugIn Pack 2.0.4 by GEAR]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\MLS]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Monitors]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Automenu]
@DACL=(02 0000)
"classid"="clsid:6B28F900-8D64-4B80-9963-CC52DDD1FBB4"
"visible"="false"
"tabstop"="false"
"width"="1"
"height"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\BalanceSlider]
@DACL=(02 0000)
"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
"toolTip"="res://wmploc.dll/RT_STRING/#1845"
"min"="-100"
"max"="100"
"value"="wmpprop:player.settings.balance"
"value_onchange"="player.settings.balance=value;"
"accName"="res://wmploc.dll/RT_STRING/#2112"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\browser]
@DACL=(02 0000)
"classid"="clsid:8856F961-340A-11D0-A96B-00C04FD705A2"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Button]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2114"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup]
@DACL=(02 0000)
"classid"="clsid:AE3B6831-25A9-11d3-BD41-00C04F6EA5AE"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CloseButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"upToolTip"="res://wmploc.dll/RT_STRING/#1812"
"onclick"="view.close();"
"accName"="res://wmploc.dll/RT_STRING/#2134"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2135"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CurrentPositionText]
@DACL=(02 0000)
"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
"tabStop"="true"
"justification"="right"
"value"="wmpprop:player.controls.currentPositionString"
"accName"="res://wmploc.dll/RT_STRING/#2103"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CustomSlider]
@DACL=(02 0000)
"classid"="clsid:95F45AA3-ED0A-11D2-BA67-0000F80855E6"
"cursor"="hand"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\DropDownPlaylist]
@DACL=(02 0000)
"classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70"
"playlistItemsVisible"="false"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\DurationText]
@DACL=(02 0000)
"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
"tabStop"="true"
"justification"="right"
"value"="wmpprop:player.currentMedia.DurationString"
"accName"="res://wmploc.dll/RT_STRING/#2104"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\EditBox]
@DACL=(02 0000)
"classid"="clsid:6342FCED-25EA-4033-BDDB-D049A14382D3"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Bars]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\EqualizerSettings]
@DACL=(02 0000)
"classid"="clsid:93EB32F5-87B1-45ad-ACC6-0F2483DB83BB"
"tabStop"="false"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\FFWDButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.fastforward"
"upToolTip"="res://wmploc.dll/RT_STRING/#1804"
"onclick"="player.controls.FastForward()"
"accName"="res://wmploc.dll/RT_STRING/#2120"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2121"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ImageButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"cursor"="hand"
"accName"="res://wmploc.dll/RT_STRING/#2140"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ItemsPlaylist]
@DACL=(02 0000)
"classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70"
"backgroundcolor"="black"
"foregroundcolor"="white"
"columnsVisible"="false"
"columns"="name=Name;Duration=Time"
"dropDownVisible"="false"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\LibraryTree]
@DACL=(02 0000)
"classid"="clsid:D9DE732A-AEE9-4503-9D11-5605589977A8"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ListBox]
@DACL=(02 0000)
"classid"="clsid:FC1880CF-83B9-43A7-A066-C44CE8C82583"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\menu]
@DACL=(02 0000)
"classid"="clsid:BAB3768B-8883-4AEC-9F9B-E14C947913EF"
"visible"="false"
"tabstop"="false"
"width"="1"
"height"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\MinimizeButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"upToolTip"="res://wmploc.dll/RT_STRING/#1811"
"onclick"="view.minimize();"
"accName"="res://wmploc.dll/RT_STRING/#2132"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2133"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\MuteButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"upToolTip"="res://wmploc.dll/RT_STRING/#1807"
"downToolTip"="res://wmploc.dll/RT_STRING/#1808"
"sticky"="true"
"down"="wmpprop:player.settings.mute"
"onClick"="player.settings.mute=down;"
"accName"="res://wmploc.dll/RT_STRING/#2130"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2131"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\NextButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.next"
"upToolTip"="res://wmploc.dll/RT_STRING/#1806"
"onclick"="player.controls.Next()"
"accName"="res://wmploc.dll/RT_STRING/#2124"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2125"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PauseButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.pause"
"upToolTip"="res://wmploc.dll/RT_STRING/#1801"
"onclick"="player.controls.pause()"
"accName"="res://wmploc.dll/RT_STRING/#2116"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PlayButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.play"
"upToolTip"="res://wmploc.dll/RT_STRING/#1800"
"onclick"="player.controls.play()"
"accName"="res://wmploc.dll/RT_STRING/#2115"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Playlist]
@DACL=(02 0000)
"classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\plugin]
@DACL=(02 0000)
"classid"="clsid:AA1AC37B-49A8-4B41-AF69-B0176C5FFC33"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PopUp]
@DACL=(02 0000)
"classid"="clsid:FC1880CF-83B9-43A7-A066-C44CE8C82583"
"popup"="true"
"visible"="false"
"backgroundColor"="menu"
"foregroundColor"="menutext"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PrevButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.previous"
"upToolTip"="res://wmploc.dll/RT_STRING/#1805"
"onclick"="player.controls.Previous()"
"accName"="res://wmploc.dll/RT_STRING/#2126"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2127"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ProgressBar]
@DACL=(02 0000)
"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\RepeatButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"upToolTip"="res://wmploc.dll/RT_STRING/#1816"
"downToolTip"="res://wmploc.dll/RT_STRING/#1817"
"sticky"="true"
"down"="jscript:player.settings.GetMode(\"loop\");"
"onClick"="player.settings.setMode(\"loop\", down);"
"accName"="res://wmploc.dll/RT_STRING/#2138"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2139"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ReturnButton]
@DACL=(02 0000)
"upToolTip"="res://wmploc.dll/RT_STRING/#1813"
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"onclick"="view.returnToMediaCenter();"
"accName"="res://wmploc.dll/RT_STRING/#2128"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2129"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\REWButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.fastreverse"
"upToolTip"="res://wmploc.dll/RT_STRING/#1803"
"onclick"="player.controls.FastReverse()"
"accName"="res://wmploc.dll/RT_STRING/#2122"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2123"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\SeekSlider]
@DACL=(02 0000)
"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
"toolTip"="res://wmploc.dll/RT_STRING/#1809"
"min"="0"
"max"="wmpprop:player.currentmedia.duration"
"value"="wmpprop:player.controls.currentposition"
"ondragend"="player.controls.currentposition=value;"
"foregroundProgress"="wmpprop:player.network.downloadProgress"
"useForegroundProgress"="true"
"accName"="res://wmploc.dll/RT_STRING/#2109"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ShuffleButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"upToolTip"="res://wmploc.dll/RT_STRING/#1814"
"downToolTip"="res://wmploc.dll/RT_STRING/#1815"
"sticky"="true"
"down"="jscript:player.settings.GetMode(\"shuffle\");"
"onClick"="player.settings.setMode(\"shuffle\", down);"
"accName"="res://wmploc.dll/RT_STRING/#2136"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2137"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Slider]
@DACL=(02 0000)
"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\StatusText]
@DACL=(02 0000)
"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
"tabStop"="true"
"value"="wmpprop:player.status"
"accName"="res://wmploc.dll/RT_STRING/#2102"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\StopButton]
@DACL=(02 0000)
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.stop"
"upToolTip"="res://wmploc.dll/RT_STRING/#1802"
"onclick"="player.controls.stop()"
"accName"="res://wmploc.dll/RT_STRING/#2118"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2119"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\taskcenter]
@DACL=(02 0000)
"classid"="clsid:395BF287-6477-495f-8427-2C09A23C3248"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Text]
@DACL=(02 0000)
"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
"tabStop"="false"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\TrackNameText]
@DACL=(02 0000)
"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
"tabStop"="true"
"value"="wmpprop:player.currentmedia.name"
"accName"="res://wmploc.dll/RT_STRING/#2105"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Video]
@DACL=(02 0000)
"classid"="clsid:61CECF11-FC3A-11D2-A1CD-005004602752"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\VideoSettings]
@DACL=(02 0000)
"classid"="clsid:AE7BFAFE-DCC8-4a73-92C8-CC300CA88859"
"tabStop"="false"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\VolumeSlider]
@DACL=(02 0000)
"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
"min"="0"
"max"="100"
"value"="wmpprop:player.settings.volume"
"value_onchange"="if (value!=player.settings.volume){player.settings.volume=value;player.settings.mute=false;}"
"toolTip"="res://wmploc.dll/RT_STRING/#1810"
"accName"="res://wmploc.dll/RT_STRING/#2110"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2111"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\WMPEffects]
@DACL=(02 0000)
"classid"="clsid:47DEA830-D619-4154-B8D8-6B74845D6A2D"
"tabStop"="false"
"width"="250"
"height"="200"
"horizontalAlignment"="stretch"
"verticalAlignment"="stretch"
"currentEffectType"="wmpprop:mediacenter.effectType"
"currentPreset"="wmpprop:mediacenter.effectPreset"
"currentEffectType_onchange"="mediacenter.effectType = currentEffectType;"
"currentPreset_onchange"="mediacenter.effectPreset = currentPreset;"
"onclick"="next();"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\WMPVideo]
@DACL=(02 0000)
"classid"="clsid:61CECF11-FC3A-11D2-A1CD-005004602752"
"horizontalAlignment"="stretch"
"verticalAlignment"="stretch"
"zoom"="wmpprop:mediacenter.videoZoom"
"stretchToFit"="wmpprop:mediacenter.videoStretchToFit"
"backgroundColor"="black"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Setup\WMDMAutoPlayHandlers]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\FIREFOX.EXE]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{0890F930-4F80-4646-BAB1-4B6E5571FB89}]
@DACL=(02 0000)
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1491"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{1F32514F-1561-4922-A604-8A1F478B5A42}]
@DACL=(02 0000)
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1495"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{292AE934-4F49-40bb-9E7E-6F6398ED9C31}]
@DACL=(02 0000)
"FriendlyName"="Nero Fast CD-Burning Plug-in"
"Description"="Grabar CD"
"Capabilities"=dword:40000001

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{52903d79-f993-4de6-8317-20c9c176d823}]
@DACL=(02 0000)
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1496"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{59E7BF52-E5C9-4382-A39A-522DEE9AFDFD}]
@DACL=(02 0000)
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1497"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{5DF031B7-6A37-42D9-8802-E27F4F224332}]
@DACL=(02 0000)
"Capabilities"=dword:00000003
"FriendlyName"="Viz Plug-in"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{5F4BB5C9-4652-489B-8601-EEC0C3C32E2E}]
@DACL=(02 0000)
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1494"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{7F2B1D6B-1357-402C-A1C8-67E59583B41D}]
@DACL=(02 0000)
"Description"="Captions plugin description"
"Capabilities"=dword:000000f0
"FriendlyName"="Captions plugin name"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{93075F62-16B3-43EC-A53B-FFAD0E01D5E7}]
@DACL=(02 0000)
"Capabilities"=dword:00000003
"FriendlyName"="res://wmploc.dll/RT_STRING/#209"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{9695AEF9-9D03-4671-8F2F-FF49D1BB01C4}]
@DACL=(02 0000)
"Description"="Media Information description"
"Capabilities"=dword:00000005
"FriendlyName"="res://wmploc.dll/RT_STRING/#1407"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{976ABECA-93F7-4d81-9187-2A6137829675}]
@DACL=(02 0000)
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1490"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{99DB05E3-F81E-4C8A-A252-F396306AB6FE}]
@DACL=(02 0000)
"Description"="Banner plugin description"
"Capabilities"=dword:000000f0
"FriendlyName"="Banner plugin name"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{9F9562EB-15B6-46C6-A7CB-0A66FC65130E}]
@DACL=(02 0000)
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1493"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{9FA014E3-076F-4865-A73C-117131B8E292}]
@DACL=(02 0000)
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1492"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{D5E49195-ED19-40fb-9EE0-E6625A808B77}]
@DACL=(02 0000)
"Capabilities"=dword:00000003
"FriendlyName"="Video Plug-in"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{E641D09E-E500-4c09-8260-F1CD7B902E9C}]
@DACL=(02 0000)
"FriendlyName"="WM View plugin name"
"Description"="WM View plugin description"
"Capabilities"=dword:000000f0

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{F24A1BC2-2331-4B91-8A13-5A549DA56E9D}]
@DACL=(02 0000)
"Capabilities"=dword:00000003
"FriendlyName"="Border Plug-in"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{FD981763-B6BB-4d51-9143-6D372A0ED56F}]
@DACL=(02 0000)
"FriendlyName"="res://wmploc.dll/RT_STRING/#5822"
"Description"="res://wmploc.dll/RT_STRING/#5823"
"Capabilities"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ñw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage]
@DACL=(02 0000)
"DeviceInterface"="{53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players]
@DACL=(02 0000)
"DeviceInterface"="{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}"
"FilterParameter"="UseExtendedWmdm"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE]
@DACL=(02 0000)
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE RNDIS]
@DACL=(02 0000)
"DeviceInterface"="{ad498944-762f-11d0-8dcb-00c04fc3358c}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice]
@DACL=(02 0000)
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDeviceRNDIS]
@DACL=(02 0000)
"DeviceInterface"="{ad498944-762f-11d0-8dcb-00c04fc3358c}"
"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\NeroBurnPlugin]
@DACL=(02 0000)
"ProgID"="MDNeroBurnPlugin.MDNeroBurnPlugin"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
@DACL=(02 0000)
"ProgID"="WMDMCESP.WMDMCESP"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp]
@DACL=(02 0000)
"PnPAware"=dword:00000001
"ProgID"="WPDSp.WPDServiceProvider"

[HKEY_LOCAL_MACHINE\software\RichFX\Player\Installed-Components]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Trymedia Systems\ActiveMARK Software]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Ubi Soft\Game Service\Plugins]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Ubi Soft\Game Service\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Ubi Soft Entertainment Inc.\ubi.com]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Windows\CurrentVersion]
@DACL=(02 0000)
.
Completion time: 2009-03-09 0:35:23
ComboFix-quarantined-files.txt 2009-03-09 03:35:12

Pre-Run: 1.432.145.920 bytes libres
Post-Run: 1,494,560,768 bytes libres

1358

The Gmer log:

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2009-03-09 01:39:20
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwAllocateVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwAssignProcessToJobObject
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwConnectPort
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwLoadDriver
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwSecureConnectPort
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwSuspendProcess
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwSystemDebugControl
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys ZwWriteVirtualMemory

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Datos de programa\TEMP:C31F31E6

---- EOF - GMER 1.0.12 ----

What you think about a Registry cleaner tool like CCleaner?

Regards, Elpianista.

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 09 March 2009 - 07:14 AM

Hello.

I would not recommend CCleaner.

I think we have found what is causing the popups though. It doesn't load from a normal location, so the other tools didn't pick it up.

Download and Run Lop S&D
You can find a detailed instructions with visuals here:
http://eric.71.mespages.googlepages.com/lop.sd.en
  • Disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Please download Lop S&D by Eric_71 to your desktop, if you have not already or you lost your copy.
  • Double click LopSD.exe to run it. If you are using Windows Vista, right-click on LopSD.exe icon and select Run as administrator.
  • Choose the language by typing of the corresponding letter and pressing Enter.
  • Click OK at the prompt.
  • At this point, close all windows.
  • Type 1 followed by Enter to selection option "1 - Search".
  • When the scan is finished, a report (C:\lopR.txt) will be generated, post the contents of it in your next reply.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users