Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan [CLOSED]


  • This topic is locked This topic is locked

#31
aquevedo831

aquevedo831

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
CommView for WiFi.lnk -> %SystemDrive%\Users\Public\Desktop\CommView for WiFi.lnk -> [Ver = | Size = 844 bytes | Modified Date = 28/05/2008 09:56:31 p.m. | Attr = ]
Diskeeper 2008.lnk -> %SystemDrive%\Users\Public\Desktop\Diskeeper 2008.lnk -> [Ver = | Size = 1920 bytes | Modified Date = 31/05/2008 12:49:54 p.m. | Attr = ]
Macromedia Dreamweaver 8.lnk -> %SystemDrive%\Users\Public\Desktop\Macromedia Dreamweaver 8.lnk -> [Ver = | Size = 1947 bytes | Modified Date = 20/06/2008 10:31:40 p.m. | Attr = ]
Macromedia Flash 8.lnk -> %SystemDrive%\Users\Public\Desktop\Macromedia Flash 8.lnk -> [Ver = | Size = 1799 bytes | Modified Date = 20/06/2008 10:19:00 p.m. | Attr = ]
Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 818 bytes | Modified Date = 10/06/2008 10:51:22 p.m. | Attr = ]
Norton 360.lnk -> %SystemDrive%\Users\Public\Desktop\Norton 360.lnk -> [Ver = | Size = 1754 bytes | Modified Date = 28/05/2008 02:03:42 p.m. | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %SystemDrive%\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 902 bytes | Modified Date = 25/06/2008 12:13:04 a.m. | Attr = ]
Acoustica MP3 CD Burner.lnk -> %UserProfile%\Desktop\Acoustica MP3 CD Burner.lnk -> [Ver = | Size = 1725 bytes | Modified Date = 28/05/2008 01:37:28 p.m. | Attr = ]
Arturo.exe -> %UserProfile%\Desktop\Arturo.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 07/06/2008 07:37:08 p.m. | Attr = ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 12/06/2008 10:33:04 p.m. | Attr = ]
backups -> %UserProfile%\Desktop\backups -> [Folder | Modified Date = 22/06/2008 08:33:10 p.m. | Attr = ]
Corel Painter X.lnk -> %UserProfile%\Desktop\Corel Painter X.lnk -> [Ver = | Size = 2577 bytes | Modified Date = 24/06/2008 04:08:36 p.m. | Attr = ]
dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 08/06/2008 10:18:04 a.m. | Attr = ]
FixReg.reg -> %UserProfile%\Desktop\FixReg.reg -> [Ver = | Size = 87 bytes | Modified Date = 15/06/2008 05:38:26 p.m. | Attr = ]
frostwire-4.13.5.windows.exe -> %UserProfile%\Desktop\frostwire-4.13.5.windows.exe -> [Ver = | Size = 1135404 bytes | Modified Date = 25/06/2008 10:15:55 p.m. | Attr = ]
Hanson Underneath 2005 Rock Www Pctorrent Com.SEEDPEER.torrent -> %UserProfile%\Desktop\Hanson Underneath 2005 Rock Www Pctorrent Com.SEEDPEER.torrent -> [Ver = | Size = 29939 bytes | Modified Date = 18/06/2008 10:30:06 p.m. | Attr = ]
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 07/06/2008 07:37:08 p.m. | Attr = ]
OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.2 | Size = 291328 bytes | Modified Date = 12/06/2008 10:09:25 p.m. | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 25/06/2008 10:20:03 p.m. | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568483 bytes | Modified Date = 25/06/2008 11:50:56 a.m. | Attr = ]
P90X Videos -> %UserProfile%\Desktop\P90X Videos -> [Folder | Modified Date = 06/06/2008 04:11:30 p.m. | Attr = ]
TELON.jpg -> %UserProfile%\Desktop\TELON.jpg -> [Ver = | Size = 18368 bytes | Modified Date = 30/05/2008 04:17:59 p.m. | Attr = ]
Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 29/05/2008 08:17:31 a.m. | Attr = ]
InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 20/06/2008 10:11:46 p.m. | Attr = ]
Macromedia -> %CommonProgramFiles%\Macromedia -> [Folder | Modified Date = 20/06/2008 10:24:34 p.m. | Attr = ]
microsoft shared -> %CommonProgramFiles%\microsoft shared -> [Folder | Modified Date = 27/05/2008 02:03:18 p.m. | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 28/05/2008 02:48:00 p.m. | Attr = ]
System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 03/06/2008 09:31:47 p.m. | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 24/06/2008 11:49:33 p.m. | Attr = ]

< End of report >
[/code]
  • 0

Advertisements


#32
aquevedo831

aquevedo831

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
Ok. Sorry i had to post it in so many different posts. It would not allow me to attach it because the file was too big. Sorry
  • 0

#33
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Let's see if we can kill it this time around.

Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> 56ffe9d9 -> %UserProfile%\AppData\Local\Temp\ftmrtlpn.DLL [rundll32.exe "C:\Users\Arturo\AppData\Local\Temp\ftmrtlpn.dll",b]
YN -> BM55ccda45 -> %UserProfile%\AppData\Local\Temp\bcemaywl.DLL [Rundll32.exe "C:\Users\Arturo\AppData\Local\Temp\bcemaywl.dll",s]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> BM55ccda45.xml -> %AllUsersProfile%\BM55ccda45.xml
NY -> pskt.ini -> %AllUsersProfile%\pskt.ini
[Files/Folders - Modified Within 30 days]
NY -> 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
NY -> 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
NY -> @Alternate Data Stream - 12 bytes -> %SystemRoot%\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> BM55ccda45.xml -> %AllUsersProfile%\BM55ccda45.xml
NY -> pskt.ini -> %AllUsersProfile%\pskt.ini
NY -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanIt scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#34
aquevedo831

aquevedo831

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\56ffe9d9 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM55ccda45 deleted successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
C:\ProgramData\BM55ccda45.xml moved successfully.
C:\ProgramData\pskt.ini moved successfully.
[Files/Folders - Modified Within 30 days]
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
ADS C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} deleted successfully.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\ProgramData\BM55ccda45.xml not found!
File C:\ProgramData\pskt.ini not found!
C:\Users\Arturo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.16 fix logfile created on 06282008_011842

Files moved on Reboot...
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.







[code=auto:0]OTScanIt logfile created on: 28/06/2008 11:08:52 p.m.
OTScanIt by OldTimer - Version 1.0.15.16 Folder = C:\Users\Arturo\Desktop\OTScanIt
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000080a | Country: México | Language: ESM | Date Format: dd/MM/yyyy

1013.27 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 30.59% Memory free
2.24 Gb Paging File | 0.68 Gb Available in Paging File | 30.54% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 70.63 Gb Free Space | 63.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AQUEVEDO831
Current User Name: Arturo
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
dkservice.exe -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkService.exe -> Diskeeper Corporation [Ver = 12.0.781.0 | Size = 1123608 bytes | Modified Date = 04/04/2008 02:56:18 p.m. | Attr = ]
psiservice.exe -> %SystemRoot%\System32\PSIService.exe -> [Ver = 2.0.0.1 | Size = 174656 bytes | Modified Date = 02/11/2006 08:40:12 p.m. | Attr = ]
xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.12.00 | Size = 386560 bytes | Modified Date = 10/07/2007 10:28:08 p.m. | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.234 | Size = 238968 bytes | Modified Date = 21/02/2008 05:02:53 p.m. | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 28/05/2008 10:33:34 a.m. | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 28/05/2008 01:59:29 p.m. | Attr = ]
comhost.exe -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 3.0.0.71 | Size = 55640 bytes | Modified Date = 22/08/2007 03:21:30 a.m. | Attr = ]
tuneupdefragservice.exe -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.15 | Size = 354560 bytes | Modified Date = 15/05/2008 10:20:16 a.m. | Attr = ]
opera.exe -> %ProgramFiles%\Opera\Opera.exe -> Opera Software [Ver = 8841 | Size = 79360 bytes | Modified Date = 31/03/2008 01:29:20 p.m. | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.16 | Size = 397312 bytes | Modified Date = 20/06/2008 01:47:40 p.m. | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.234 | Size = 238968 bytes | Modified Date = 21/02/2008 05:02:53 p.m. | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
(CertPropSvc) Propagación de certificados [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 3.0.0.71 | Size = 55640 bytes | Modified Date = 22/08/2007 03:21:30 a.m. | Attr = ]
(DcomLaunch) Iniciador de procesos de servidor DCOM [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkService.exe -> Diskeeper Corporation [Ver = 12.0.781.0 | Size = 1123608 bytes | Modified Date = 04/04/2008 02:56:18 p.m. | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> Symantec Corporation [Ver = 3.4.1.234 | Size = 3220856 bytes | Modified Date = 21/02/2008 05:02:44 p.m. | Attr = ]
(LiveUpdate Notice) LiveUpdate Notice [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
(lxbt_device) lxbt_device [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\lxbtcoms.exe -> Lexmark International, Inc. [Ver = 1.27.12.0 | Size = 421888 bytes | Modified Date = 20/02/2004 02:10:08 p.m. | Attr = ]
(MSDTC) Coordinador de transacciones distribuidas [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 3, 2 | Size = 774144 bytes | Modified Date = 15/01/2007 05:14:38 p.m. | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 7, 11, 0 | Size = 266240 bytes | Modified Date = 15/01/2007 04:01:56 p.m. | Attr = ]
(ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Running] -> %SystemRoot%\System32\PSIService.exe -> [Ver = 2.0.0.1 | Size = 174656 bytes | Modified Date = 02/11/2006 08:40:12 p.m. | Attr = ]
(Schedule) Programador de tareas [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
(SCPolicySvc) Directiva de extracción de tarjetas inteligentes [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 28/05/2008 01:59:29 p.m. | Attr = ]
(TrustedInstaller) Instalador de módulos de Windows [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(TuneUp.Defrag) TuneUp Drive Defrag Service [Win32_Own | On_Demand | Running] -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.15 | Size = 354560 bytes | Modified Date = 15/05/2008 10:20:16 a.m. | Attr = ]
(WdiServiceHost) Host del servicio de diagnóstico [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Host de sistema de diagnóstico [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.12.00 | Size = 386560 bytes | Modified Date = 10/07/2007 10:28:08 p.m. | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 107.0.5.5 | Size = 51048 bytes | Modified Date = 18/02/2008 02:37:38 p.m. | Attr = ]
osCheck -> %ProgramFiles%\Norton 360\osCheck.exe ["C:\Program Files\Norton 360\osCheck.exe"] -> Symantec Corporation [Ver = 2.0.0.242 | Size = 988512 bytes | Modified Date = 26/02/2008 09:50:44 a.m. | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 28/05/2008 10:33:34 a.m. | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 13/05/2008 10:13:36 a.m. | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 01:41:36 p.m. | Attr = ]
igfxcui -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 7.14.10.1437 | Size = 204800 bytes | Modified Date = 11/02/2008 06:46:44 p.m. | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
TORiSAN CD-ROM CDR_C36 -> -> File not found
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Controlador de CD-ROM ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 67072 bytes | Modified Date = 19/01/2008 12:49:51 a.m. | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CDDVDW_TS-L632H________________HS02____\5&1e8aa5eb&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 18/09/2006 04:43:36 p.m. | Attr = ]
< HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
::1 localhost -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Aplicación auxiliar de vínculos de Adobe PDF Reader] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 11:08:42 p.m. | Attr = ]
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2008.2.6.3 | Size = 349552 bytes | Modified Date = 23/02/2008 09:08:26 p.m. | Attr = ]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> Symantec Corporation [Ver = 8.2.0.81 | Size = 116088 bytes | Modified Date = 28/05/2008 02:01:11 p.m. | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 25/03/2008 04:28:01 a.m. | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.6.3 | Size = 349552 bytes | Modified Date = 23/02/2008 09:08:26 p.m. | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.6.3 | Size = 349552 bytes | Modified Date = 23/02/2008 09:08:26 p.m. | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Consola de Sun Java] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 25/03/2008 04:28:01 a.m. | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{466D9CFB-0589-4D35-9C3C-C1CFC4B1CA04} -> ([CommView] Atheros AR5006X Wireless Network Adapter) ->
{49CA7757-6E8A-42BE-BBE3-B4E038D3EF49} -> (Microsoft Windows Mobile Remote Adapter) ->
{E77EF834-534E-4446-A324-FD2071D89673} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05D44720-58E3-49E6-BDF6-D00330E511D3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab[StagingUI Object] ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[Checkers Class] ->
{3BB54395-5982-4788-8AF4-B5388FFDD0D8}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab[MSN Games – Buddy Invite] ->
{5736C456-EA94-4AAC-BB08-917ABDD035B3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab[ZonePAChat Object] ->
{5D6F45B3-9043-443D-A792-115447494D24}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab[UnoCtrl Class] ->
{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab[UnoCtrl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] ->
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] ->
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/StProxy.cab55579.cab[MSN Games – Game Communicator] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.1/game_uno1.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.1/game_uno1.dll\\.Owner -> {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.1/game_uno1.dll\\{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/GAME_UNO1.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/GAME_UNO1.dll\\.Owner -> {5D6F45B3-9043-443D-A792-115447494D24} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/GAME_UNO1.dll\\{5D6F45B3-9043-443D-A792-115447494D24} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MessengerStatsPAClient.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/msgrchkr.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/msgrchkr.dll\\.Owner -> {20A60F0D-9AFA-4515-A0FD-83BD84642501} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/msgrchkr.dll\\{20A60F0D-9AFA-4515-A0FD-83BD84642501} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/StagingUI.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/StagingUI.ocx\\.Owner -> {05D44720-58E3-49E6-BDF6-D00330E511D3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/StagingUI.ocx\\{05D44720-58E3-49E6-BDF6-D00330E511D3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/StProxy.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/StProxy.dll\\.Owner -> {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/StProxy.dll\\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZBuddy.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZBuddy.ocx\\.Owner -> {3BB54395-5982-4788-8AF4-B5388FFDD0D8} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZBuddy.ocx\\{3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZIntro.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZPAChat.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZPAChat.ocx\\.Owner -> {5736C456-EA94-4AAC-BB08-917ABDD035B3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZPAChat.ocx\\{5736C456-EA94-4AAC-BB08-917ABDD035B3} -> ->



[Files/Folders - Created Within 30 days]
Archivos de programa -> %SystemDrive%\Archivos de programa -> [Folder | Created Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
BackupReg.reg -> %SystemDrive%\BackupReg.reg -> [Ver = | Size = 244970388 bytes | Created Date = 15/06/2008 05:32:56 p.m. | Attr = ]
Boot -> %SystemDrive%\Boot -> [Folder | Created Date = 13/05/2099 01:25:36 p.m. | Attr = HS]
bootmgr -> %SystemDrive%\bootmgr -> [Ver = | Size = 333203 bytes | Created Date = 13/05/2099 01:25:37 p.m. | Attr = RHS]
BOOTSECT.BAK -> %SystemDrive%\BOOTSECT.BAK -> [Ver = | Size = 8192 bytes | Created Date = 13/05/2099 01:25:38 p.m. | Attr = R S]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 08/06/2008 11:04:55 a.m. | Attr = ]
Diskeeper -> %SystemDrive%\Diskeeper -> [Folder | Created Date = 31/05/2008 01:08:09 p.m. | Attr = HS]
grldr -> %SystemDrive%\grldr -> [Ver = | Size = 171136 bytes | Created Date = 06/06/2008 12:47:48 p.m. | Attr = RHS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 13/05/2099 07:27:34 p.m. | Attr = HS]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 12/06/2008 10:30:52 p.m. | Attr = ]
en-US -> %SystemRoot%\System32\drivers\en-US -> [Folder | Created Date = 03/06/2008 09:31:29 p.m. | Attr = ]
ati2mpad.sys.mui -> %SystemRoot%\System32\drivers\en-US\ati2mpad.sys.mui -> ATI Technologies Inc. [Ver = 5.10.3663.6013 | Size = 3072 bytes | Created Date = 03/06/2008 03:17:28 p.m. | Attr = ]
ati2mtag.sys.mui -> %SystemRoot%\System32\drivers\en-US\ati2mtag.sys.mui -> ATI Technologies Inc. [Ver = 6.14.10.6606 | Size = 3584 bytes | Created Date = 03/06/2008 03:19:16 p.m. | Attr = ]
atikmdag.sys.mui -> %SystemRoot%\System32\drivers\en-US\atikmdag.sys.mui -> ATI Technologies Inc. [Ver = 7.01.01.523 | Size = 3072 bytes | Created Date = 03/06/2008 03:15:45 p.m. | Attr = ]
b57nd60x.sys.mui -> %SystemRoot%\System32\drivers\en-US\b57nd60x.sys.mui -> Broadcom Corporation [Ver = 10.10.0.0 (mbuild.02262007-1449,b57nd60_main.CL-967) | Size = 5120 bytes | Created Date = 03/06/2008 03:23:39 p.m. | Attr = ]
bcm4sbxp.sys.mui -> %SystemRoot%\System32\drivers\en-US\bcm4sbxp.sys.mui -> Broadcom Corporation [Ver = 4.49.0.0 built by: WinDDK | Size = 5120 bytes | Created Date = 03/06/2008 03:15:52 p.m. | Attr = ]
BrParwdm.sys.mui -> %SystemRoot%\System32\drivers\en-US\BrParwdm.sys.mui -> Brother Industries Ltd. [Ver = 1.03 | Size = 2560 bytes | Created Date = 03/06/2008 03:16:06 p.m. | Attr = ]
BrSerId.sys.mui -> %SystemRoot%\System32\drivers\en-US\BrSerId.sys.mui -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 10240 bytes | Created Date = 03/06/2008 03:18:12 p.m. | Attr = ]
cmbp0wdm.sys.mui -> %SystemRoot%\System32\drivers\en-US\cmbp0wdm.sys.mui -> OMNIKEY AG [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 3072 bytes | Created Date = 03/06/2008 03:19:08 p.m. | Attr = ]
cxbp0wdm.sys.mui -> %SystemRoot%\System32\drivers\en-US\cxbp0wdm.sys.mui -> OMNIKEY [Ver = 1.1.1.0 | Size = 3072 bytes | Created Date = 03/06/2008 03:19:08 p.m. | Attr = ]
e100b325.sys.mui -> %SystemRoot%\System32\drivers\en-US\e100b325.sys.mui -> Intel Corporation [Ver = 8.0.22.0 built by: WinDDK | Size = 5120 bytes | Created Date = 03/06/2008 03:23:57 p.m. | Attr = ]
e1e6032.sys.mui -> %SystemRoot%\System32\drivers\en-US\e1e6032.sys.mui -> Intel Corporation [Ver = 9.11.5.7 built by: WinDDK | Size = 19968 bytes | Created Date = 03/06/2008 03:23:54 p.m. | Attr = ]
E1G60I32.sys.mui -> %SystemRoot%\System32\drivers\en-US\E1G60I32.sys.mui -> Intel Corporation [Ver = 8.3.2.8 built by: WinDDK | Size = 16896 bytes | Created Date = 03/06/2008 03:23:45 p.m. | Attr = ]
gpr400.sys.mui -> %SystemRoot%\System32\drivers\en-US\gpr400.sys.mui -> Gemplus [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 3584 bytes | Created Date = 03/06/2008 03:19:08 p.m. | Attr = ]
grserial.sys.mui -> %SystemRoot%\System32\drivers\en-US\grserial.sys.mui -> Gemplus [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 4096 bytes | Created Date = 03/06/2008 03:19:09 p.m. | Attr = ]
ltmdmnt.sys.mui -> %SystemRoot%\System32\drivers\en-US\ltmdmnt.sys.mui -> Agere Systems [Ver = 8.36 | Size = 9728 bytes | Created Date = 03/06/2008 03:17:44 p.m. | Attr = ]
ntrigdigi.sys.mui -> %SystemRoot%\System32\drivers\en-US\ntrigdigi.sys.mui -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 4096 bytes | Created Date = 03/06/2008 03:16:48 p.m. | Attr = ]
nv4_mini.sys.mui -> %SystemRoot%\System32\drivers\en-US\nv4_mini.sys.mui -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 5120 bytes | Created Date = 03/06/2008 03:19:28 p.m. | Attr = ]
pscr.sys.mui -> %SystemRoot%\System32\drivers\en-US\pscr.sys.mui -> SCM Microsystems, Inc. [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 4096 bytes | Created Date = 03/06/2008 03:19:09 p.m. | Attr = ]
SCR111.sys.mui -> %SystemRoot%\System32\drivers\en-US\SCR111.sys.mui -> SCM Microsystems [Ver = 1.01.006 (vista_rtm.061101-2205) | Size = 4096 bytes | Created Date = 03/06/2008 03:19:09 p.m. | Attr = ]
stcusb.sys.mui -> %SystemRoot%\System32\drivers\en-US\stcusb.sys.mui -> SCM Microsystems, Inc. [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 3072 bytes | Created Date = 03/06/2008 03:19:08 p.m. | Attr = ]
yk60x86.sys.mui -> %SystemRoot%\System32\drivers\en-US\yk60x86.sys.mui -> Marvell [Ver = 9.0.32.3 built by: WinDDK | Size = 5632 bytes | Created Date = 03/06/2008 03:17:53 p.m. | Attr = ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Created Date = 10/06/2008 10:51:19 p.m. | Attr = ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 10/06/2008 10:51:19 p.m. | Attr = ]
Msft_User_WpdRapi_01_00_00.Wdf -> %SystemRoot%\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 04/06/2008 07:09:01 p.m. | Attr = H ]
0409 -> %SystemRoot%\System32\0409 -> [Folder | Created Date = 03/06/2008 09:31:34 p.m. | Attr = ]
catroot2 -> %SystemRoot%\System32\catroot2 -> [Folder | Created Date = 13/05/2099 07:29:52 p.m. | Attr = ]
en -> %SystemRoot%\System32\en -> [Folder | Created Date = 03/06/2008 09:31:34 p.m. | Attr = ]
lxbtprod.ver -> %SystemRoot%\System32\lxbtprod.ver -> [Ver = | Size = 27 bytes | Created Date = 19/06/2008 06:06:03 p.m. | Attr = ]
MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 294 bytes | Created Date = 10/06/2008 10:05:11 p.m. | Attr = ]
QuickTime -> %SystemRoot%\System32\QuickTime -> [Folder | Created Date = 20/06/2008 10:13:10 p.m. | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 13/05/2099 07:29:38 p.m. | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Created Date = 13/05/2099 07:29:38 p.m. | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 20/06/2008 10:11:21 p.m. | Attr = ]
en-US -> %SystemRoot%\en-US -> [Folder | Created Date = 03/06/2008 09:31:41 p.m. | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 08/06/2008 11:05:15 a.m. | Attr = ]
Panther -> %SystemRoot%\Panther -> [Folder | Created Date = 13/05/2099 01:25:52 p.m. | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 13/05/2099 07:27:45 p.m. | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 13/05/2099 07:31:11 p.m. | Attr = ]

[Files/Folders - Modified Within 30 days]
Archivos de programa -> %SystemDrive%\Archivos de programa -> [Folder | Modified Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
BackupReg.reg -> %SystemDrive%\BackupReg.reg -> [Ver = | Size = 244970388 bytes | Modified Date = 15/06/2008 05:33:17 p.m. | Attr = ]
BOOTSECT.BAK -> %SystemDrive%\BOOTSECT.BAK -> [Ver = | Size = 8192 bytes | Modified Date = 13/05/2099 01:25:38 p.m. | Attr = R S]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 08/06/2008 11:04:55 a.m. | Attr = ]
Diskeeper -> %SystemDrive%\Diskeeper -> [Folder | Modified Date = 31/05/2008 01:08:12 p.m. | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063272448 bytes | Modified Date = 25/06/2008 02:56:23 p.m. | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 25/06/2008 11:22:07 p.m. | Attr = R ]
ProgramData -> %AllUsersProfile% -> [Folder | Modified Date = 28/06/2008 01:18:43 a.m. | Attr = H ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 28/06/2008 10:01:48 p.m. | Attr = HS]
Windows -> %SystemRoot% -> [Folder | Modified Date = 20/06/2008 10:11:21 p.m. | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 12/06/2008 10:30:52 p.m. | Attr = ]
en-US -> %SystemRoot%\System32\drivers\en-US -> [Folder | Modified Date = 03/06/2008 09:31:34 p.m. | Attr = ]
ati2mpad.sys.mui -> %SystemRoot%\System32\drivers\en-US\ati2mpad.sys.mui -> ATI Technologies Inc. [Ver = 5.10.3663.6013 | Size = 3072 bytes | Modified Date = 03/06/2008 03:17:28 p.m. | Attr = ]
ati2mtag.sys.mui -> %SystemRoot%\System32\drivers\en-US\ati2mtag.sys.mui -> ATI Technologies Inc. [Ver = 6.14.10.6606 | Size = 3584 bytes | Modified Date = 03/06/2008 03:19:16 p.m. | Attr = ]
atikmdag.sys.mui -> %SystemRoot%\System32\drivers\en-US\atikmdag.sys.mui -> ATI Technologies Inc. [Ver = 7.01.01.523 | Size = 3072 bytes | Modified Date = 03/06/2008 03:15:45 p.m. | Attr = ]
b57nd60x.sys.mui -> %SystemRoot%\System32\drivers\en-US\b57nd60x.sys.mui -> Broadcom Corporation [Ver = 10.10.0.0 (mbuild.02262007-1449,b57nd60_main.CL-967) | Size = 5120 bytes | Modified Date = 03/06/2008 03:23:39 p.m. | Attr = ]
bcm4sbxp.sys.mui -> %SystemRoot%\System32\drivers\en-US\bcm4sbxp.sys.mui -> Broadcom Corporation [Ver = 4.49.0.0 built by: WinDDK | Size = 5120 bytes | Modified Date = 03/06/2008 03:15:52 p.m. | Attr = ]
BrParwdm.sys.mui -> %SystemRoot%\System32\drivers\en-US\BrParwdm.sys.mui -> Brother Industries Ltd. [Ver = 1.03 | Size = 2560 bytes | Modified Date = 03/06/2008 03:16:06 p.m. | Attr = ]
BrSerId.sys.mui -> %SystemRoot%\System32\drivers\en-US\BrSerId.sys.mui -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 10240 bytes | Modified Date = 03/06/2008 03:18:12 p.m. | Attr = ]
cmbp0wdm.sys.mui -> %SystemRoot%\System32\drivers\en-US\cmbp0wdm.sys.mui -> OMNIKEY AG [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 3072 bytes | Modified Date = 03/06/2008 03:19:08 p.m. | Attr = ]
cxbp0wdm.sys.mui -> %SystemRoot%\System32\drivers\en-US\cxbp0wdm.sys.mui -> OMNIKEY [Ver = 1.1.1.0 | Size = 3072 bytes | Modified Date = 03/06/2008 03:19:08 p.m. | Attr = ]
e100b325.sys.mui -> %SystemRoot%\System32\drivers\en-US\e100b325.sys.mui -> Intel Corporation [Ver = 8.0.22.0 built by: WinDDK | Size = 5120 bytes | Modified Date = 03/06/2008 03:23:57 p.m. | Attr = ]
e1e6032.sys.mui -> %SystemRoot%\System32\drivers\en-US\e1e6032.sys.mui -> Intel Corporation [Ver = 9.11.5.7 built by: WinDDK | Size = 19968 bytes | Modified Date = 03/06/2008 03:23:54 p.m. | Attr = ]
E1G60I32.sys.mui -> %SystemRoot%\System32\drivers\en-US\E1G60I32.sys.mui -> Intel Corporation [Ver = 8.3.2.8 built by: WinDDK | Size = 16896 bytes | Modified Date = 03/06/2008 03:23:45 p.m. | Attr = ]
gpr400.sys.mui -> %SystemRoot%\System32\drivers\en-US\gpr400.sys.mui -> Gemplus [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 3584 bytes | Modified Date = 03/06/2008 03:19:08 p.m. | Attr = ]
grserial.sys.mui -> %SystemRoot%\System32\drivers\en-US\grserial.sys.mui -> Gemplus [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 4096 bytes | Modified Date = 03/06/2008 03:19:09 p.m. | Attr = ]
ltmdmnt.sys.mui -> %SystemRoot%\System32\drivers\en-US\ltmdmnt.sys.mui -> Agere Systems [Ver = 8.36 | Size = 9728 bytes | Modified Date = 03/06/2008 03:17:44 p.m. | Attr = ]
ntrigdigi.sys.mui -> %SystemRoot%\System32\drivers\en-US\ntrigdigi.sys.mui -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 4096 bytes | Modified Date = 03/06/2008 03:16:48 p.m. | Attr = ]
nv4_mini.sys.mui -> %SystemRoot%\System32\drivers\en-US\nv4_mini.sys.mui -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 5120 bytes | Modified Date = 03/06/2008 03:19:28 p.m. | Attr = ]
pscr.sys.mui -> %SystemRoot%\System32\drivers\en-US\pscr.sys.mui -> SCM Microsystems, Inc. [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 4096 bytes | Modified Date = 03/06/2008 03:19:09 p.m. | Attr = ]
SCR111.sys.mui -> %SystemRoot%\System32\drivers\en-US\SCR111.sys.mui -> SCM Microsystems [Ver = 1.01.006 (vista_rtm.061101-2205) | Size = 4096 bytes | Modified Date = 03/06/2008 03:19:09 p.m. | Attr = ]
stcusb.sys.mui -> %SystemRoot%\System32\drivers\en-US\stcusb.sys.mui -> SCM Microsystems, Inc. [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 3072 bytes | Modified Date = 03/06/2008 03:19:08 p.m. | Attr = ]
yk60x86.sys.mui -> %SystemRoot%\System32\drivers\en-US\yk60x86.sys.mui -> Marvell [Ver = 9.0.32.3 built by: WinDDK | Size = 5632 bytes | Modified Date = 03/06/2008 03:17:53 p.m. | Attr = ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Modified Date = 10/06/2008 07:02:40 p.m. | Attr = ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 10/06/2008 07:02:44 p.m. | Attr = ]
Msft_User_WpdRapi_01_00_00.Wdf -> %SystemRoot%\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf -> [
  • 0

#35
aquevedo831

aquevedo831

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
Msft_User_WpdRapi_01_00_00.Wdf -> %SystemRoot%\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 04/06/2008 07:09:01 p.m. | Attr = H ]
UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 04/06/2008 07:08:54 p.m. | Attr = ]
en-US -> %SystemRoot%\System32\drivers\UMDF\en-US -> [Folder | Modified Date = 03/06/2008 09:31:29 p.m. | Attr = ]
0409 -> %SystemRoot%\System32\0409 -> [Folder | Modified Date = 03/06/2008 09:31:34 p.m. | Attr = ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 4608 bytes | Modified Date = 28/06/2008 11:01:55 p.m. | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 4608 bytes | Modified Date = 28/06/2008 11:01:55 p.m. | Attr = H ]
appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 01/06/2008 10:33:46 a.m. | Attr = ]
Boot -> %SystemRoot%\System32\Boot -> [Folder | Modified Date = 03/06/2008 09:31:34 p.m. | Attr = ]
Branding -> %SystemRoot%\System32\Branding -> [Folder | Modified Date = 03/06/2008 09:31:35 p.m. | Attr = ]
catroot -> %SystemRoot%\System32\catroot -> [Folder | Modified Date = 28/06/2008 10:02:54 p.m. | Attr = ]
catroot2 -> %SystemRoot%\System32\catroot2 -> [Folder | Modified Date = 28/06/2008 10:02:53 p.m. | Attr = ]
com -> %SystemRoot%\System32\com -> [Folder | Modified Date = 03/06/2008 09:28:26 p.m. | Attr = ]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 10/06/2008 10:51:19 p.m. | Attr = ]
DriverStore -> %SystemRoot%\System32\DriverStore -> [Folder | Modified Date = 03/06/2008 09:29:52 p.m. | Attr = ]
en -> %SystemRoot%\System32\en -> [Folder | Modified Date = 03/06/2008 09:31:34 p.m. | Attr = ]
en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 03/06/2008 09:31:28 p.m. | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 392184 bytes | Modified Date = 24/06/2008 11:54:27 p.m. | Attr = ]
FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 24/06/2008 05:49:55 p.m. | Attr = ]
license.rtf -> %SystemRoot%\System32\license.rtf -> [Ver = | Size = 54512 bytes | Modified Date = 13/05/2099 07:32:09 p.m. | Attr = ]
migration -> %SystemRoot%\System32\migration -> [Folder | Modified Date = 11/06/2008 11:40:55 p.m. | Attr = ]
migwiz -> %SystemRoot%\System32\migwiz -> [Folder | Modified Date = 03/06/2008 09:31:35 p.m. | Attr = ]
MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 294 bytes | Modified Date = 10/06/2008 10:05:11 p.m. | Attr = ]
oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 03/06/2008 09:31:34 p.m. | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 101250 bytes | Modified Date = 24/06/2008 03:55:22 p.m. | Attr = ]
perfc00A.dat -> %SystemRoot%\System32\perfc00A.dat -> [Ver = | Size = 128552 bytes | Modified Date = 24/06/2008 03:55:22 p.m. | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 587178 bytes | Modified Date = 24/06/2008 03:55:22 p.m. | Attr = ]
perfh00A.dat -> %SystemRoot%\System32\perfh00A.dat -> [Ver = | Size = 664388 bytes | Modified Date = 24/06/2008 03:55:22 p.m. | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 1470402 bytes | Modified Date = 24/06/2008 03:55:22 p.m. | Attr = ]
Printing_Admin_Scripts -> %SystemRoot%\System32\Printing_Admin_Scripts -> [Folder | Modified Date = 03/06/2008 09:29:51 p.m. | Attr = ]
QuickTime -> %SystemRoot%\System32\QuickTime -> [Folder | Modified Date = 20/06/2008 10:13:12 p.m. | Attr = ]
setup -> %SystemRoot%\System32\setup -> [Folder | Modified Date = 03/06/2008 09:31:34 p.m. | Attr = ]
slmgr -> %SystemRoot%\System32\slmgr -> [Folder | Modified Date = 03/06/2008 09:31:34 p.m. | Attr = ]
sysprep -> %SystemRoot%\System32\sysprep -> [Folder | Modified Date = 03/06/2008 09:31:34 p.m. | Attr = ]
Tasks -> %SystemRoot%\System32\Tasks -> [Folder | Modified Date = 08/06/2008 09:49:40 p.m. | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 03/06/2008 09:29:47 p.m. | Attr = ]
WCN -> %SystemRoot%\System32\WCN -> [Folder | Modified Date = 03/06/2008 09:30:10 p.m. | Attr = ]
winrm -> %SystemRoot%\System32\winrm -> [Folder | Modified Date = 03/06/2008 09:31:35 p.m. | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 03/06/2008 09:28:06 p.m. | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 14/06/2008 10:04:36 p.m. | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 28/06/2008 09:01:52 p.m. | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 13/05/2099 07:29:38 p.m. | Attr = ]
DigitalLocker -> %SystemRoot%\DigitalLocker -> [Folder | Modified Date = 03/06/2008 09:31:43 p.m. | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 20/06/2008 10:22:22 p.m. | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 25/06/2008 02:40:26 p.m. | Attr = S]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 28/06/2008 10:03:00 p.m. | Attr = ]
en-US -> %SystemRoot%\en-US -> [Folder | Modified Date = 03/06/2008 09:31:42 p.m. | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 08/06/2008 11:05:15 a.m. | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 24/06/2008 04:03:20 p.m. | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 31/05/2008 12:49:54 p.m. | Attr = ]
IME -> %SystemRoot%\IME -> [Folder | Modified Date = 03/06/2008 09:31:43 p.m. | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 28/06/2008 09:53:44 p.m. | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 25/06/2008 12:13:15 a.m. | Attr = HS]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 150283812 bytes | Modified Date = 13/06/2008 06:57:02 p.m. | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 14/06/2008 10:05:06 p.m. | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 13/06/2008 06:57:35 p.m. | Attr = ]
MSAgent -> %SystemRoot%\MSAgent -> [Folder | Modified Date = 03/06/2008 09:31:44 p.m. | Attr = ]
Panther -> %SystemRoot%\Panther -> [Folder | Modified Date = 13/05/2099 07:32:10 p.m. | Attr = ]
PolicyDefinitions -> %SystemRoot%\PolicyDefinitions -> [Folder | Modified Date = 03/06/2008 09:31:35 p.m. | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 27/06/2008 06:41:24 p.m. | Attr = ]
rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 03/06/2008 09:54:53 p.m. | Attr = ]
servicing -> %SystemRoot%\servicing -> [Folder | Modified Date = 03/06/2008 09:31:45 p.m. | Attr = ]
System32 -> %SystemRoot%\System32 -> [Folder | Modified Date = 24/06/2008 03:55:22 p.m. | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 28/06/2008 11:08:24 p.m. | Attr = ]
WindowsMobile -> %SystemRoot%\WindowsMobile -> [Folder | Modified Date = 04/06/2008 07:06:20 p.m. | Attr = ]
winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 28/06/2008 10:03:00 p.m. | Attr = ]
1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = | Size = 488 bytes | Modified Date = 28/06/2008 11:00:01 p.m. | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 25/06/2008 02:56:36 p.m. | Attr = H ]
C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader -> [Folder | Modified Date = 02/11/2006 08:02:36 a.m. | Attr = ]
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4194304 bytes | Modified Date = 28/06/2008 09:26:43 p.m. | Attr = ]
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4194304 bytes | Modified Date = 28/06/2008 09:26:43 p.m. | Attr = ]
C:\ProgramData\Microsoft\OFFICE\DATA\ -> C:\ProgramData\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 14/05/2008 02:39:24 p.m. | Attr = ]
opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 14/05/2008 02:39:24 p.m. | Attr = ]
C:\ProgramData\Microsoft\RAC\PublishedData\ -> C:\ProgramData\Microsoft\RAC\PublishedData -> [Folder | Modified Date = 27/06/2008 06:21:27 p.m. | Attr = ]
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [Ver = | Size = 22356 bytes | Modified Date = 28/06/2008 12:20:38 a.m. | Attr = ]
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [Ver = | Size = 48 bytes | Modified Date = 28/06/2008 12:20:38 a.m. | Attr = ]
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 28/06/2008 12:20:38 a.m. | Attr = ]
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [Ver = | Size = 1104 bytes | Modified Date = 28/06/2008 12:20:38 a.m. | Attr = ]
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [Ver = | Size = 6624 bytes | Modified Date = 28/06/2008 12:20:38 a.m. | Attr = ]
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [Ver = | Size = 157904 bytes | Modified Date = 28/06/2008 12:20:38 a.m. | Attr = ]
C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures -> [Folder | Modified Date = 28/05/2008 02:34:09 p.m. | Attr = ]
Administrator.dat -> C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat -> [Ver = | Size = 0 bytes | Modified Date = 02/11/2006 08:02:02 a.m. | Attr = ]
Arturo.dat -> C:\ProgramData\Microsoft\User Account Pictures\Arturo.dat -> [Ver = | Size = 0 bytes | Modified Date = 12/05/2099 09:38:21 p.m. | Attr = ]
Invitado.dat -> C:\ProgramData\Microsoft\User Account Pictures\Invitado.dat -> [Ver = | Size = 0 bytes | Modified Date = 28/05/2008 02:34:09 p.m. | Attr = ]

< End of report >
[/code]
  • 0

#36
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hello aquevedo831,

It looks like we may have had some luck this time around. "thumbsup:

I will get you to clear your temp files and run a couple of scans so that I can check to see that we got it all.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Reboot the computer

I would like you to run MBAM again, only this time I want to see the results of a full scan.

Open Malwarebytes' Anti-Malware.
  • Update the program by selecting the Update tab and click on the Check for Updates button, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please do another Kaspersky online scan to show me that nothing else has reared its head followed by a final DSS scan.

What to post in your next reply:
  • MBAM results
  • Kaspersky results
  • Deckards System Scanner results
Please tell me how the computer is now running (any more pop-ups etc.)

Thanks
  • 0

#37
aquevedo831

aquevedo831

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
Hello,
Sorry for the delay. I have been very busy lately. I will post the results when I can.
  • 0

#38
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Post when you can. :)
  • 0

#39
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP