Again a rootkit

Hello again:

I think my computer is infected but I am not very sure. I would thank you if somebody could help me with my computer.

I think the problem is an usb memory flash. It might got infected in a computer of my university. When I put the usb memory in my computer and open it manually, avast detects a virus very rare, then I click erase it and finally I can work with it. But when the next day insert the usb again appears the same virus. I think the problem could be in both sides: computer and flash.

So, I'll give you all the stuff you need from my computer... and could anybody suggest me how could I erase virus from USB????

Thank you very much.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:18:41 p.m., on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\HP\KBD\KBD.EXE
C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\winhost.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Archivos de programa\Archivos comunes\DataViz\DvzIncMsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.exe
C:\Archivos de programa\Archivos comunes\Skyscape\SmartUpdate.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O4 - HKLM\..\Run: [Sunkist2k] C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Archivos de programa\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [GGVG] C:\WINDOWS\ndlymr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - S-1-5-18 Startup: Gangsters2Setup.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Sidebar.lnk = C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Skyscape SmartUpdate.lnk = C:\Archivos de programa\Archivos comunes\Skyscape\SmartUpdate.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Gangsters2Setup.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT Startup: Sidebar.lnk = C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.exe (User 'Default user')
O4 - .DEFAULT Startup: Skyscape SmartUpdate.lnk = C:\Archivos de programa\Archivos comunes\Skyscape\SmartUpdate.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Gangsters2Setup.lnk = ?
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Sidebar.lnk = C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.exe
O4 - Startup: Skyscape SmartUpdate.lnk = C:\Archivos de programa\Archivos comunes\Skyscape\SmartUpdate.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Archivos de programa\Archivos comunes\DataViz\DvzIncMsgr.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Vea la imagen original - C:\Archivos de programa\AT&T\AT&T Runner 2\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Archivos de programa\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Archivos de programa\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Archivos de programa\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.es/scan_es/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\Archivos comunes\PCSuite\Services\ServiceLayer.exe

--
End of file - 9654 bytes

 

Deckard's System Scanner

Sorry:
I have more information to help you. When I used Deckard system scanner appeared two times that my computer was infected with a win32:rootkit-gen in the file C:\winhost.exe

Thank you very much, now i wait for the answer
Have a nice dy



Deckard's System Scanner v20071014.68
Run by Propietario on 2008-06-03 16:27:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Propietario.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:27:39 p.m., on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\HP\KBD\KBD.EXE
C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\winhost.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Archivos de programa\Archivos comunes\DataViz\DvzIncMsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.exe
C:\Archivos de programa\Archivos comunes\Skyscape\SmartUpdate.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propietario\Escritorio\dss.exe
C:\ARCHIV~1\TRENDM~1\HIJACK~1\PROPIE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O4 - HKLM\..\Run: [Sunkist2k] C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Archivos de programa\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [GGVG] C:\WINDOWS\ndlymr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - S-1-5-18 Startup: Gangsters2Setup.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Sidebar.lnk = C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Skyscape SmartUpdate.lnk = C:\Archivos de programa\Archivos comunes\Skyscape\SmartUpdate.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Gangsters2Setup.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT Startup: Sidebar.lnk = C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.exe (User 'Default user')
O4 - .DEFAULT Startup: Skyscape SmartUpdate.lnk = C:\Archivos de programa\Archivos comunes\Skyscape\SmartUpdate.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Gangsters2Setup.lnk = ?
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Sidebar.lnk = C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.exe
O4 - Startup: Skyscape SmartUpdate.lnk = C:\Archivos de programa\Archivos comunes\Skyscape\SmartUpdate.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Archivos de programa\Archivos comunes\DataViz\DvzIncMsgr.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Vea la imagen original - C:\Archivos de programa\AT&T\AT&T Runner 2\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Archivos de programa\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Archivos de programa\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Archivos de programa\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.es/scan_es/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\Archivos comunes\PCSuite\Services\ServiceLayer.exe

--
End of file - 9693 bytes

-- Files created between 2008-05-03 and 2008-06-03 -----------------------------

5206-11-08 18:20:46 0 d-------- C:\WINDOWS\system32\NtmsData
2008-05-31 22:23:04 0 d-------- C:\Archivos de programa\Unbound Medicine
2008-05-31 20:41:40 0 d-------- C:\WINDOWS\Skyscape
2008-05-31 20:41:40 0 d-------- C:\Skyscape
2008-05-31 20:41:40 0 d-------- C:\Archivos de programa\Archivos comunes\Skyscape
2008-05-11 22:09:07 29696 -----n--- C:\winhost.exe
2008-05-07 21:06:37 30208 --a------ C:\mont.exe
2008-05-06 20:47:10 60416 --a------ C:\dos32.exe


-- Find3M Report ---------------------------------------------------------------

2008-06-03 01:02:42 0 d-------- C:\Archivos de programa\Red Kings Poker
2008-06-02 22:54:01 0 d-------- C:\Archivos de programa\Full Tilt Poker
2008-06-02 15:09:15 0 d-------- C:\Documents and Settings\Propietario\Datos de programa\uTorrent
2008-06-01 19:15:44 724992 --a----c- C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-31 22:23:04 0 d--h----- C:\Archivos de programa\InstallShield Installation Information
2008-05-31 21:09:48 0 d-------- C:\Archivos de programa\Palm
2008-05-31 20:41:40 0 d-a------ C:\Archivos de programa\Archivos comunes
2008-05-31 14:35:32 0 d-------- C:\Archivos de programa\PartyGaming
2008-05-01 16:59:28 0 d-------- C:\Archivos de programa\Celestia-ED
2008-04-24 22:00:53 19931 --a------ C:\WINDOWS\hosts
2008-04-20 12:49:09 680 --a----c- C:\WINDOWS\AUTOLNCH.REG
2008-04-12 12:08:57 7830 --a------ C:\update.exe
2008-04-06 20:24:00 441164 --a----c- C:\WINDOWS\system32\perfh00A.dat
2008-04-06 20:24:00 69528 --a----c- C:\WINDOWS\system32\perfc00A.dat
2008-04-03 14:41:52 0 d-------- C:\Archivos de programa\Poker Tracker V2
2008-03-17 01:18:22 4096 --a------ C:\WINDOWS\d3dx.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k "= "C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe" [09/08/2003 12:27 p.m.]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 09:42 p.m.]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [07/05/1998 04:04 p.m.]
"HPHUPD05 "= "c:\Archivos de programa\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [23/05/2003 03:03 a.m.]
"HPHmon05 "= "C:\WINDOWS\System32\hphmon05.exe" [23/05/2003 02:56 a.m.]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" []
"AlcxMonitor "= "ALCXMNTR.EXE" [17/02/2004 06:49 a.m. C:\WINDOWS\ALCXMNTR.EXE]
"GGVG "= "C:\WINDOWS\ndlymr.exe" []
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [07/05/2003 02:56 p.m.]
"KBD "= "C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 p.m.]
"PRISMSVR.EXE "= "C:\WINDOWS\system32\PRISMSVR.exe" []
"SunJavaUpdateSched "= "C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25 a.m.]
"HP Software Update "= "C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [17/02/2005 12:11 a.m.]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [17/09/2007 01:07 a.m.]
"nwiz "= "nwiz.exe" [17/09/2007 01:07 a.m. C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [17/09/2007 01:07 a.m.]
"ISUSPM Startup "= "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\isuspm.exe" [11/08/2005 04:30 p.m.]
"ISUSScheduler "= "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" [11/08/2005 04:30 p.m.]
"avast! "= "C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe" [15/05/2008 06:19 p.m.]
"Adobe Reader Speed Launcher "= "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 11:16 p.m.]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 05:42 p.m.]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^GStartup.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propietario^Menú Inicio^Programas^Inicio^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Propietario\Menú Inicio\Programas\Inicio\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propietario^Menú Inicio^Programas^Inicio^Palm Registration.lnk]
path=C:\Documents and Settings\Propietario\Menú Inicio\Programas\Inicio\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propietario^Menú Inicio^Programas^Inicio^palmOne Registration.lnk]
path=C:\Documents and Settings\Propietario\Menú Inicio\Programas\Inicio\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Archivos de programa\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Download Accelerator Manager Free Edition]
C:\Archivos de programa\Tensons\Download Accelerator Manager\Free Edition\dam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
"C:\Archivos de programa\Archivos comunes\InterVideo\SchSvr\SchSvr.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hppwrsav]
C:\SCANJET\PrecisionScanLT\hppwrsav.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Archivos de programa\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Web Companion]
C:\ARCHIV~1\COMMON~1\MOBIPO~1\webcomp.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Archivos de programa\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Archivos de programa\Archivos comunes\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
C:\Archivos de programa\Common files\updater\wupdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Archivos de programa\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinCinemaMgr]
"C:\Archivos de programa\InterVideo\Common\bin\WinCinemaMgr.exe "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ced0595c-db8c-11dc-a3b0-000c76685ce0}]
AutoRun\command- L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe
open\command- L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe



-- End of Deckard's System Scanner: finished at 2008-06-03 16:29:36 ------------

 

Hi meloncito,

First, download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

• Plug in your USB flash drive.
• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Your desktop will vanish for a while, and then reappear. This is normal.
• Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Next, download ComboFix by sUBs from here, saving the file to your desktop. Don't use it yet.

Now, download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Finally, disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Malwarebytes part 1/2

Malwarebytes' Anti-Malware 1.14
Database version: 825

02:14:36 p.m. 04/06/2008
mbam-log-6-4-2008 (14-14-36).txt

Scan type: Quick Scan
Objects scanned: 37965
Time elapsed: 8 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 64
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 12
Files Infected: 160

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Archivos de programa\YourSiteBar (Trojan.Istbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Datos de programa\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4115 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Updater\4115 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\Archivos de programa\VideoEgg\Loader\4115\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\hosts (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\etc\hosts (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\Archivos de programa\YourSiteBar\imagemap_normal.bmp (Trojan.Istbar) -> Quarantined and deleted successfully.
C:\Archivos de programa\YourSiteBar\version.txt (Trojan.Istbar) -> Quarantined and deleted successfully.
C:\Archivos de programa\YourSiteBar\yoursitebar.xml (Trojan.Istbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Datos de programa\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4115\dbghelp.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\dataCollection.tmp (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\dbghelp.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\remoteblacklist (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\report.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

 

Malwarebytes part 2/2

C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Publisher\4152\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Updater\4115\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propietario\Datos de programa\VideoEgg\Updater\4115\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

 

Combofix

ComboFix 08-06-03.4 - Propietario 2008-06-04 14:20:26.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.52.3082.18.614 [GMT -5:00]
Running from: C:\Documents and Settings\Propietario\Escritorio\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kmd.exe
C:\update.exe
C:\WINDOWS\system32\mdm.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

5206-11-08 18:20 . 5206-11-08 18:54 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-04 14:00 . 2008-06-04 14:00 <DIR> d-------- C:\Documents and Settings\Propietario\Datos de programa\Malwarebytes
2008-06-04 14:00 . 2008-06-04 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-06-04 14:00 . 2008-06-04 14:00 <DIR> d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-06-04 14:00 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-04 14:00 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-03 16:27 . 2008-06-03 16:27 <DIR> d-------- C:\Deckard
2008-06-02 23:40 . 2008-06-04 13:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-02 23:40 . 2008-06-02 23:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-31 22:23 . 2008-05-31 22:23 <DIR> d-------- C:\Archivos de programa\Unbound Medicine
2008-05-31 20:41 . 2008-06-01 20:51 <DIR> d-------- C:\WINDOWS\Skyscape
2008-05-31 20:41 . 2008-06-01 20:51 <DIR> d-------- C:\Skyscape
2008-05-31 20:41 . 2008-06-01 20:51 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Skyscape
2008-05-07 21:06 . 2008-05-07 21:06 30,208 --a------ C:\mont.exe
2008-05-06 20:47 . 2008-05-06 20:47 60,416 --a------ C:\dos32.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 18:45 --------- d-----w C:\Archivos de programa\Red Kings Poker
2008-06-03 03:54 --------- d-----w C:\Archivos de programa\Full Tilt Poker
2008-06-02 20:09 --------- d-----w C:\Documents and Settings\Propietario\Datos de programa\uTorrent
2008-06-02 00:15 724,992 -c--a-w C:\WINDOWS\iun6002.exe
2008-06-01 03:23 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-06-01 02:09 --------- d-----w C:\Archivos de programa\Palm
2008-05-31 19:35 --------- d-----w C:\Archivos de programa\PartyGaming
2008-05-01 21:59 --------- d-----w C:\Archivos de programa\Celestia-ED
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 187,168 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 15:23 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-28 06:48 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2007-06-13 08:22 978432 b8917899e0d8f18fcfae3c4a6b1d9435 C:\WINDOWS\explorer.exe
2007-06-13 08:10 1035776 dbb6b75cc6cb2cf8ec0bafca08aed6be C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-11-19 19:39 1006592 64764b2b0b0314932aa8ec10c30eb2ae C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 17:42 1034752 89c8dd146ceaf482d82822766437d93f C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 08:22 978432 b8917899e0d8f18fcfae3c4a6b1d9435 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 08:22 1035776 f8ddb22b6efc5e630d65e241074c2404 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k "= "C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 12:27 139264]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 21:42 212992]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"HPHUPD05 "= "c:\Archivos de programa\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 03:03 49152]
"HPHmon05 "= "C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 02:56 483328]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [ ]
"AlcxMonitor "= "ALCXMNTR.EXE" [2004-02-17 06:49 50176 C:\WINDOWS\ALCXMNTR.EXE]
"GGVG "= "C:\WINDOWS\ndlymr.exe" [ ]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 14:56 188416]
"KBD "= "C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"PRISMSVR.EXE "= "C:\WINDOWS\system32\PRISMSVR.exe" [ ]
"SunJavaUpdateSched "= "C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"HP Software Update "= "C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz "= "nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]
"ISUSPM Startup "= "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler "= "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"avast! "= "C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 18:19 79224]
"Adobe Reader Speed Launcher "= "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
DataViz Inc Messenger.lnk - C:\Archivos de programa\Archivos comunes\DataViz\DvzIncMsgr.exe [2007-07-28 20:29:11 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG "= pvmjpg20.dll
"vidc.ffds "= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^GStartup.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Propietario^Menú Inicio^Programas^Inicio^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Propietario\Menú Inicio\Programas\Inicio\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Propietario^Menú Inicio^Programas^Inicio^Palm Registration.lnk]
path=C:\Documents and Settings\Propietario\Menú Inicio\Programas\Inicio\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Propietario^Menú Inicio^Programas^Inicio^palmOne Registration.lnk]
path=C:\Documents and Settings\Propietario\Menú Inicio\Programas\Inicio\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
--a--c--- 2002-10-07 07:23 90112 c:\Archivos de programa\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Download Accelerator Manager Free Edition]
C:\Archivos de programa\Tensons\Download Accelerator Manager\Free Edition\dam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
--a--c--- 2003-07-02 23:20 155648 C:\Archivos de programa\Archivos comunes\InterVideo\SchSvr\SchSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hppwrsav]
--a--c--- 1999-06-07 13:27 23552 C:\SCANJET\PrecisionScanLT\hppwrsav.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Archivos de programa\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Web Companion]
C:\ARCHIV~1\COMMON~1\MOBIPO~1\webcomp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a--c--- 2006-04-26 08:29 237568 C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a--c--- 2006-04-11 17:52 1409024 C:\Archivos de programa\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 21:16 286720 C:\Archivos de programa\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a--c--- 2003-02-13 08:01 155648 C:\Archivos de programa\Archivos comunes\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
C:\Archivos de programa\Common files\updater\wupdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 14:11 3497984 C:\Archivos de programa\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinCinemaMgr]
--a--c--- 2005-11-08 03:31 278528 C:\Archivos de programa\InterVideo\Common\bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe "=
"C:\\Archivos de programa\\uTorrent\\uTorrent.exe "=
"C:\\Archivos de programa\\Veoh Networks\\Veoh\\VeohClient.exe "=
"C:\\Archivos de programa\\LimeWire\\LimeWire.exe "=
"c:\\dos32.exe "= C:\\dos32.exe
"c:\\mont.exe "= C:\\mont.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16101:TCP "= 16101:TCP:Lime

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 18:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 18:16]
R2 PPSCAN;PPSCAN;C:\WINDOWS\system32\drivers\PPSCAN.sys [2002-03-29 14:58]
R3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 01:08]
S3 usbscan;Controlador de escáner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 00:58]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 02:56:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 14:23:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-04 14:30:44
ComboFix-quarantined-files.txt 2008-06-04 19:30:25

21 dirs 16,719,745,024 bytes libres
30 dirs 16,730,103,808 bytes libres

178 --- E O F --- 2008-05-31 05:41:38

 

Hijack This after combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:31:45 p.m., on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\HP\KBD\KBD.EXE
C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\DataViz\DvzIncMsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.exe
C:\Archivos de programa\Archivos comunes\Skyscape\SmartUpdate.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O4 - HKLM\..\Run: [Sunkist2k] C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Archivos de programa\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [GGVG] C:\WINDOWS\ndlymr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - S-1-5-18 Startup: Gangsters2Setup.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Sidebar.lnk = C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Skyscape SmartUpdate.lnk = C:\Archivos de programa\Archivos comunes\Skyscape\SmartUpdate.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Gangsters2Setup.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT Startup: Sidebar.lnk = C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.exe (User 'Default user')
O4 - .DEFAULT Startup: Skyscape SmartUpdate.lnk = C:\Archivos de programa\Archivos comunes\Skyscape\SmartUpdate.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Gangsters2Setup.lnk = ?
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Sidebar.lnk = C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.exe
O4 - Startup: Skyscape SmartUpdate.lnk = C:\Archivos de programa\Archivos comunes\Skyscape\SmartUpdate.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Archivos de programa\Archivos comunes\DataViz\DvzIncMsgr.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Vea la imagen original - C:\Archivos de programa\AT&T\AT&T Runner 2\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Archivos de programa\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Archivos de programa\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Archivos de programa\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.es/scan_es/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\Archivos comunes\PCSuite\Services\ServiceLayer.exe

--
End of file - 9497 bytes

 

I did a kaspersky online scan

Wednesday, June 04, 2008 5:46:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/06/2008
Kaspersky Anti-Virus database records: 829085


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics
Total number of scanned objects 150811
Number of viruses found 5
Number of infected objects 7
Number of suspicious objects 0
Duration of the scan process 02:56:05

Infected Object Name Virus Name Last Action
C:\Archivos de programa\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\report\Protección residente.txt Object is locked skipped

C:\Archivos de programa\Archivos comunes\Skyscape\smARTupdate.log Object is locked skipped

C:\Archivos de programa\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Archivos de programa\PKR\pkr.exe Infected: not-a-virus:Monitor.Win32.PKRPoker.a skipped

C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.log Object is locked skipped

C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\Propietario\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Propietario\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Propietario\Configuración local\Datos de programa\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

C:\Documents and Settings\Propietario\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Propietario\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Propietario\Configuración local\Historial\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Propietario\Configuración local\Temp\Perflib_Perfdata_3ac.dat Object is locked skipped

C:\Documents and Settings\Propietario\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Propietario\ntuser.dat Object is locked skipped

C:\Documents and Settings\Propietario\NTUSER.DAT.LOG Object is locked skipped

C:\dos32.exe Infected: Trojan.Win32.Agent.mcj skipped

C:\mont.exe Infected: Trojan.Win32.Pakes.cwk skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{F03E59F9-BD9C-4F6B-A5E7-466EAA2AC471}\RP532\A0197070.exe Infected: not-a-virus:Monitor.Win32.PKRPoker.a skipped

C:\System Volume Information\_restore{F03E59F9-BD9C-4F6B-A5E7-466EAA2AC471}\RP545\A0200329.exe Infected: Trojan.Win32.Qhost.aly skipped

C:\System Volume Information\_restore{F03E59F9-BD9C-4F6B-A5E7-466EAA2AC471}\RP551\A0202748.exe Infected: Trojan.Win32.Qhost.aly skipped

C:\System Volume Information\_restore{F03E59F9-BD9C-4F6B-A5E7-466EAA2AC471}\RP559\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_588.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

D:\System Volume Information\_restore{F03E59F9-BD9C-4F6B-A5E7-466EAA2AC471}\RP559\change.log Object is locked skipped

Scan process completed.

 

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Now reboot into Safe Mode and logon to your user account.

1. Open the extracted SDFix folder and double click RunThis.cmd to start the script.
2. Type Y to begin the cleanup process.
3. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
4. Press any Key and it will restart the PC.
5. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
6. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
   (Report.txt will also be copied to Clipboard ready for posting back on the forum).
7. Post the contents of the Report.txt along with a new dss log.

 

SDFix

SDFix: Version 1.188
Run by Propietario on 06/06/2008 at 06:06 p.m.

Microsoft Windows XP [Versión 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 18:23:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed "=dword:00000050
"TracesSuccessful "=dword:00000007

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe "= "C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe:*isabled:Messenger "
"C:\\Archivos de programa\\uTorrent\\uTorrent.exe "= "C:\\Archivos de programa\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent "
"C:\\Archivos de programa\\Veoh Networks\\Veoh\\VeohClient.exe "= "C:\\Archivos de programa\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client "
"C:\\Archivos de programa\\LimeWire\\LimeWire.exe "= "C:\\Archivos de programa\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
"c:\\dos32.exe "= "C:\\dos32.exe:*:Enabledxpsp2res.dll,-22005 "
"c:\\mont.exe "= "C:\\mont.exe:*:Enabledxpsp2res.dll,-22005 "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files :



Files with Hidden Attributes :

Mon 29 Dec 2003 196 A.SHR --- "C:\BOOT.BAK "
Wed 13 Oct 2004 1,694,208 A..H. --- "C:\Archivos de programa\Messenger\msmsgs.exe "
Thu 28 Feb 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys "
Sat 13 Mar 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
Wed 7 Apr 2004 31,744 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\~WRL2738.tmp "
Wed 14 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp "
Sun 12 Sep 2004 153,600 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\~WRL0003.tmp "
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a0599e95d7e3ff7d693d5b86358352ee\BIT2.tmp "
Wed 14 Apr 2004 32,768 A..H. --- "C:\Documents and Settings\Propietario\Datos de programa\Microsoft\Word\~WRL0004.tmp "
Sun 23 Oct 2005 55,296 A..H. --- "C:\Documents and Settings\Propietario\Datos de programa\Microsoft\Word\~WRL0228.tmp "
Sun 23 Oct 2005 52,736 A..H. --- "C:\Documents and Settings\Propietario\Datos de programa\Microsoft\Word\~WRL0231.tmp "
Sun 23 Oct 2005 52,736 A..H. --- "C:\Documents and Settings\Propietario\Datos de programa\Microsoft\Word\~WRL1091.tmp "
Sun 23 Oct 2005 53,248 A..H. --- "C:\Documents and Settings\Propietario\Datos de programa\Microsoft\Word\~WRL1608.tmp "
Mon 11 Oct 2004 78,848 A..H. --- "C:\Documents and Settings\Propietario\Datos de programa\Microsoft\Word\~WRL2032.tmp "
Sun 23 Oct 2005 52,224 A..H. --- "C:\Documents and Settings\Propietario\Datos de programa\Microsoft\Word\~WRL2982.tmp "
Sun 12 Jun 2005 159,744 A..H. --- "C:\Documents and Settings\Propietario\Datos de programa\Microsoft\Word\~WRL3899.tmp "
Sat 22 Oct 2005 50,176 A..H. --- "C:\Documents and Settings\Propietario\Datos de programa\Microsoft\Word\~WRL4042.tmp "
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\Propietario\Datos de programa\U3\temp\Launchpad Removal.exe "
Sun 2 May 2004 44,544 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\~WRL1380.tmp "
Thu 6 May 2004 48,640 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\~WRL2424.tmp "
Mon 6 May 2002 23,552 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL0001.tmp "
Sat 7 Feb 2004 93,184 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL0274.tmp "
Sat 7 Feb 2004 69,120 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL0329.tmp "
Sat 7 Feb 2004 65,536 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL0380.tmp "
Fri 17 May 2002 155,648 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL0431.tmp "
Fri 17 May 2002 161,280 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL0593.tmp "
Sat 7 Feb 2004 62,976 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL0803.tmp "
Wed 5 Dec 2001 564,224 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL0808.tmp "
Sat 7 Feb 2004 58,880 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL0868.tmp "
Sat 7 Feb 2004 65,536 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL0979.tmp "
Sat 10 Mar 2001 61,952 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL0981.tmp "
Fri 7 Mar 2003 19,456 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL0998.tmp "
Sat 5 May 2001 71,680 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL1022.tmp "
Sat 7 Feb 2004 57,856 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL1045.tmp "
Fri 17 May 2002 154,624 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL1146.tmp "
Sun 14 Apr 2002 726,528 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL1152.tmp "
Sat 7 Feb 2004 48,128 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL1177.tmp "
Fri 17 May 2002 158,720 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL1388.tmp "
Sun 9 Mar 2003 20,480 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL1813.tmp "
Fri 17 May 2002 160,256 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL1957.tmp "
Fri 17 May 2002 155,648 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL2338.tmp "
Thu 11 Apr 2002 20,992 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL2653.tmp "
Sat 7 Feb 2004 61,952 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL2812.tmp "
Sun 23 Feb 2003 40,448 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL2827.tmp "
Fri 17 May 2002 158,720 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL2832.tmp "
Sat 7 Feb 2004 69,632 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL2907.tmp "
Sat 7 Feb 2004 65,536 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL3420.tmp "
Tue 9 Apr 2002 20,480 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL3677.tmp "
Thu 11 Apr 2002 22,528 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Mis documentos\~WRL4078.tmp "
Sat 13 Mar 2004 4,348 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Mi m£sica\Copia de seguridad de la licencia\drmv1key.bak "
Sat 23 Dec 2006 20 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Mi m£sica\Copia de seguridad de la licencia\drmv1lic.bak "
Sat 23 Dec 2006 400 A.SH. --- "C:\Documents and Settings\Propietario\Mis documentos\Mi m£sica\Copia de seguridad de la licencia\drmv2key.bak "
Mon 19 Jul 2004 29,696 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0001.tmp "
Mon 19 Jul 2004 29,696 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0002.tmp "
Mon 19 Jul 2004 32,256 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0003.tmp "
Mon 19 Jul 2004 29,696 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0004.tmp "
Mon 19 Jul 2004 30,208 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0005.tmp "
Mon 19 Jul 2004 2,598,912 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0006.tmp "
Mon 19 Jul 2004 31,232 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0007.tmp "
Mon 19 Jul 2004 74,240 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0008.tmp "
Mon 19 Jul 2004 31,232 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0009.tmp "
Mon 19 Jul 2004 37,888 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0010.tmp "
Sat 8 Feb 2003 148,992 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0011.tmp "
Fri 6 Sep 2002 24,576 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0027.tmp "
Mon 19 Jul 2004 30,208 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0113.tmp "
Mon 19 Jul 2004 33,792 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0380.tmp "
Mon 19 Jul 2004 31,232 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0421.tmp "
Sat 8 Feb 2003 150,016 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0508.tmp "
Mon 19 Jul 2004 10,754,048 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0532.tmp "
Mon 19 Jul 2004 38,400 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0664.tmp "
Mon 19 Jul 2004 31,744 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0668.tmp "
Mon 19 Jul 2004 32,768 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0844.tmp "
Mon 19 Jul 2004 32,256 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0875.tmp "
Sat 8 Feb 2003 150,016 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0902.tmp "
Mon 25 Nov 2002 24,576 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0905.tmp "
Mon 19 Nov 2001 19,456 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0941.tmp "
Mon 19 Jul 2004 36,864 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL0972.tmp "
Mon 19 Jul 2004 43,520 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1028.tmp "
Mon 19 Jul 2004 34,304 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1086.tmp "
Mon 19 Jul 2004 30,720 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1091.tmp "
Mon 27 Jan 2003 25,088 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1121.tmp "
Sat 8 Feb 2003 150,016 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1131.tmp "
Mon 27 Jan 2003 19,456 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1138.tmp "
Mon 19 Jul 2004 30,720 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1156.tmp "
Mon 19 Jul 2004 42,496 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1165.tmp "
Mon 19 Jul 2004 55,296 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1203.tmp "
Mon 19 Jul 2004 33,792 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1208.tmp "
Mon 19 Jul 2004 1,620,992 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1257.tmp "
Sat 8 Feb 2003 150,528 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1262.tmp "
Wed 12 Feb 2003 23,552 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1417.tmp "
Wed 12 Feb 2003 25,088 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1440.tmp "
Mon 19 Jul 2004 31,232 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1501.tmp "
Sat 27 Sep 2003 54,784 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1723.tmp "
Mon 19 Jul 2004 43,008 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1812.tmp "
Mon 19 Jul 2004 31,744 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1901.tmp "
Mon 5 May 2003 19,968 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1976.tmp "
Fri 6 Sep 2002 22,016 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1987.tmp "
Sat 8 Feb 2003 149,504 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL1993.tmp "
Mon 19 Jul 2004 33,792 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL2050.tmp "
Sat 8 Feb 2003 144,896 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL2081.tmp "
Mon 27 Jan 2003 26,112 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL2391.tmp "
Sat 8 Feb 2003 149,504 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL2427.tmp "
Mon 19 Jul 2004 38,400 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL2472.tmp "
Thu 29 Aug 2002 20,480 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL2697.tmp "
Mon 19 Jul 2004 33,280 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL2903.tmp "
Mon 19 Jul 2004 30,208 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL2910.tmp "
Sat 8 Feb 2003 151,040 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL2942.tmp "
Mon 19 Jul 2004 36,864 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3023.tmp "
Fri 6 Sep 2002 23,040 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3044.tmp "
Mon 19 Jul 2004 29,696 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3055.tmp "
Mon 19 Jul 2004 35,840 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3102.tmp "
Mon 25 Nov 2002 27,648 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3103.tmp "
Mon 25 Nov 2002 22,016 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3116.tmp "
Mon 19 Jul 2004 29,696 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3165.tmp "
Mon 19 Jul 2004 32,768 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3167.tmp "
Sat 8 Feb 2003 149,504 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3188.tmp "
Mon 19 Jul 2004 29,696 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3192.tmp "
Wed 12 Feb 2003 24,064 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3308.tmp "
Mon 19 Jul 2004 29,696 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3489.tmp "
Mon 19 Jul 2004 31,232 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3520.tmp "
Mon 19 Jul 2004 29,696 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3545.tmp "
Mon 19 Jul 2004 30,720 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3567.tmp "
Mon 19 Jul 2004 29,696 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3584.tmp "
Mon 19 Jul 2004 41,984 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3679.tmp "
Mon 19 Jul 2004 2,598,400 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3689.tmp "
Mon 19 Nov 2001 68,608 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3761.tmp "
Mon 19 Jul 2004 31,744 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3829.tmp "
Mon 19 Jul 2004 55,296 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3836.tmp "
Mon 19 Jul 2004 43,520 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3883.tmp "
Mon 19 Jul 2004 30,720 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3921.tmp "
Sat 8 Feb 2003 150,528 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL3995.tmp "
Mon 19 Jul 2004 152,576 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL4014.tmp "
Mon 19 Jul 2004 32,768 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\~WRL4048.tmp "
Sun 17 Sep 2000 19,968 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\~WRL0001.tmp "
Sun 28 Jan 2001 20,992 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\~WRL0002.tmp "
Mon 16 Apr 2001 20,480 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\~WRL0003.tmp "
Mon 12 Nov 2001 23,552 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\~WRL0004.tmp "
Mon 25 Sep 2000 23,552 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\~WRL3385.tmp "
Sun 12 Jun 2005 156,672 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Cuarto Semestre\Cirug¡a\~WRL0077.tmp "
Sun 12 Jun 2005 150,528 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Cuarto Semestre\Cirug¡a\~WRL0138.tmp "
Sun 12 Jun 2005 189,952 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Cuarto Semestre\Cirug¡a\~WRL0227.tmp "
Sun 12 Jun 2005 148,992 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Cuarto Semestre\Cirug¡a\~WRL0561.tmp "
Sun 12 Jun 2005 190,464 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Cuarto Semestre\Cirug¡a\~WRL0982.tmp "
Sun 12 Jun 2005 162,304 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Cuarto Semestre\Cirug¡a\~WRL2697.tmp "
Sun 12 Jun 2005 160,256 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Cuarto Semestre\Cirug¡a\~WRL2801.tmp "
Sun 12 Jun 2005 164,352 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Cuarto Semestre\Cirug¡a\~WRL3001.tmp "
Sun 12 Jun 2005 148,992 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Cuarto Semestre\Cirug¡a\~WRL3108.tmp "
Sun 12 Jun 2005 221,696 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Cuarto Semestre\Cirug¡a\~WRL3607.tmp "
Sun 12 Jun 2005 144,896 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Cuarto Semestre\Cirug¡a\~WRL3677.tmp "
Thu 16 Feb 2006 154,624 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Quinto Semestre\Cl¡nica I\~WRL0001.tmp "
Sat 6 Aug 2005 63,488 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Quinto Semestre\Introducci¢n a la cl¡nica\~WRL1531.tmp "
Sun 23 Oct 2005 50,688 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Quinto Semestre\Introducci¢n a la cl¡nica\~WRL2940.tmp "
Sun 23 Oct 2005 20,480 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Quinto Semestre\Introducci¢n a la cl¡nica\~WRL3439.tmp "
Fri 21 Apr 2006 155,136 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Cl¡nica II\~WRL0003.tmp "
Sat 22 Apr 2006 155,648 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Cl¡nica II\~WRL0005.tmp "
Thu 30 Mar 2006 132,608 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Cl¡nica II\~WRL0027.tmp "
Thu 30 Mar 2006 135,168 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Cl¡nica II\~WRL1258.tmp "
Thu 30 Mar 2006 136,192 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Cl¡nica II\~WRL1320.tmp "
Thu 30 Mar 2006 133,120 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Cl¡nica II\~WRL1481.tmp "
Thu 30 Mar 2006 136,192 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Cl¡nica II\~WRL1937.tmp "
Thu 30 Mar 2006 133,120 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Cl¡nica II\~WRL2036.tmp "
Thu 30 Mar 2006 133,632 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Cl¡nica II\~WRL2600.tmp "
Thu 30 Mar 2006 133,632 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Cl¡nica II\~WRL2601.tmp "
Thu 30 Mar 2006 135,168 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Cl¡nica II\~WRL2820.tmp "
Thu 30 Mar 2006 134,144 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Cl¡nica II\~WRL3294.tmp "
Wed 24 Nov 2004 38,400 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Tercer Semestre\Microbiolog¡a\~WRL2886.tmp "
Sun 24 Aug 2003 32,768 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\Medicina\~WRL0882.tmp "
Sun 24 Aug 2003 20,480 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\Medicina\~WRL1042.tmp "
Sun 24 Aug 2003 29,696 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\Medicina\~WRL2641.tmp "
Sun 24 Aug 2003 32,256 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\Medicina\~WRL3171.tmp "
Sun 24 Aug 2003 31,232 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\Medicina\~WRL3822.tmp "
Sun 24 Aug 2003 26,624 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\blanca\My Documents\Medicina\~WRL3912.tmp "
Thu 31 Jan 2002 32,256 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL0001.tmp "
Thu 16 May 2002 29,696 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL0004.tmp "
Sun 12 May 2002 36,352 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL0028.tmp "
Fri 17 May 2002 87,040 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL0240.tmp "
Sun 12 May 2002 31,232 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL0250.tmp "
Sun 12 May 2002 36,352 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL0284.tmp "
Thu 16 May 2002 36,864 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL0545.tmp "
Thu 16 May 2002 24,576 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL0619.tmp "
Fri 17 May 2002 99,840 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL1041.tmp "
Sun 12 May 2002 19,456 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL1204.tmp "
Thu 16 May 2002 48,128 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL1238.tmp "
Sun 12 May 2002 31,232 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL1265.tmp "
Sun 12 May 2002 37,376 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL1458.tmp "
Thu 9 May 2002 19,968 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL1689.tmp "
Thu 16 May 2002 27,136 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL2313.tmp "
Sun 12 May 2002 36,864 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL2529.tmp "
Sun 12 May 2002 19,968 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL2654.tmp "
Thu 9 May 2002 23,040 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL2693.tmp "
Thu 9 May 2002 20,480 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL2972.tmp "
Sun 12 May 2002 29,184 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL2992.tmp "
Sun 12 May 2002 19,456 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL3658.tmp "
Sun 12 May 2002 35,328 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Cuarto Semestre\~WRL3734.tmp "
Mon 16 Sep 2002 22,016 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Quinto Semestre\~WRL0594.tmp "
Sun 15 Sep 2002 20,480 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Quinto Semestre\~WRL1865.tmp "
Sun 15 Sep 2002 19,456 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Quinto Semestre\~WRL2614.tmp "
Sun 15 Sep 2002 19,456 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Quinto Semestre\~WRL3234.tmp "
Sun 11 Mar 2001 43,008 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Segundo Semestre\~WRL1045.tmp "
Fri 2 Mar 2001 21,504 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Segundo Semestre\~WRL1222.tmp "
Sun 4 Mar 2001 92,672 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Segundo Semestre\~WRL2065.tmp "
Sun 11 Mar 2001 55,296 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Segundo Semestre\~WRL3375.tmp "
Wed 5 Feb 2003 30,208 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Laptop\Curiel\Archivos Tec de Monterrey\Sexto Semestre\~WRL1476.tmp "
Sat 9 Sep 2006 27,136 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Material Adicional\EXAMEN DE RESIDENCIA\EXAMENES COMPLETOS\BANCO PREGUNTAS UAQ\~WRL1353.tmp "
Sat 9 Sep 2006 30,720 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Material Adicional\EXAMEN DE RESIDENCIA\EXAMENES COMPLETOS\BANCO PREGUNTAS UAQ\~WRL1710.tmp "
Wed 6 Sep 2006 486,400 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Material Adicional\EXAMEN DE RESIDENCIA\EXAMENES COMPLETOS\BANCO PREGUNTAS UAQ\~WRL1991.tmp "
Sun 10 Sep 2006 487,424 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Material Adicional\EXAMEN DE RESIDENCIA\EXAMENES COMPLETOS\BANCO PREGUNTAS UAQ\~WRL2090.tmp "
Sun 10 Sep 2006 487,424 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Material Adicional\EXAMEN DE RESIDENCIA\EXAMENES COMPLETOS\BANCO PREGUNTAS UAQ\~WRL2376.tmp "
Tue 9 Nov 2004 72,704 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Vargas\mas Historias\Do¤a Sara\~WRL2670.tmp "
Sun 7 Nov 2004 69,632 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Vargas\mas Historias\Do¤a Sara\~WRL3081.tmp "
Tue 9 Nov 2004 72,192 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Vargas\mas Historias\Do¤a Sara\~WRL3817.tmp "
Tue 9 Nov 2004 72,704 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Vargas\Quinto semestre\Introducci¢n al la cl¡nica\Historias\Historia Cirrosis\~WRL2670.TMP "
Sun 7 Nov 2004 69,632 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Vargas\Quinto semestre\Introducci¢n al la cl¡nica\Historias\Historia Cirrosis\~WRL3081.TMP "
Tue 9 Nov 2004 72,192 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Vargas\Quinto semestre\Introducci¢n al la cl¡nica\Historias\Historia Cirrosis\~WRL3817.TMP "
Thu 10 Feb 2005 8,192 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Vargas\Sexto semestre\Introducci•n a la clnica\Historias\Calculos\~WRL0066.TMP "
Thu 10 Feb 2005 8,192 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Vargas\Sexto semestre\Introducci•n a la clnica\Historias\Calculos\~WRL0259.TMP "
Thu 10 Feb 2005 8,192 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Vargas\Sexto semestre\Introducci•n a la clnica\Historias\Calculos\~WRL1948.TMP "
Thu 10 Feb 2005 16,384 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Vargas\Sexto semestre\Introducci•n a la clnica\Historias\Calculos\~WRL2064.TMP "
Thu 17 Feb 2005 94,720 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Vargas\Sexto semestre\Introducci•n a la clnica\Historias\Paralisis\~WRL0341.tmp "
Thu 17 Feb 2005 96,256 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Vargas\Sexto semestre\Introducci•n a la clnica\Historias\Paralisis\~WRL2430.tmp "
Thu 17 Feb 2005 162,816 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Vargas\Sexto semestre\Introducci•n a la clnica\Historias\Paralisis\~WRL3488.tmp "
Thu 17 Feb 2005 93,696 A..H. --- "C:\Documents and Settings\Propietario\Mis documentos\Medicina\Sexto Semestre\Vargas\Sexto semesre\Introducci•n a la clnica\Historias\Paralisis\~WRL3676.tmp "

Finished!

 

Hmmm .... please run a new Deckards (dss.exe) scan and post the main.txt log that opens.

 

Deckard's System Scanner

Deckard's System Scanner v20071014.68
Run by Propietario on 2008-06-07 12:13:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Propietario.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:21 p.m., on 07/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\HP\KBD\KBD.EXE
C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\DataViz\DvzIncMsgr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.exe
C:\Archivos de programa\Archivos comunes\Skyscape\SmartUpdate.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Propietario\Escritorio\dss.exe
C:\ARCHIV~1\TRENDM~1\HIJACK~1\PROPIE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O4 - HKLM\..\Run: [Sunkist2k] C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Archivos de programa\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [GGVG] C:\WINDOWS\ndlymr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - S-1-5-18 Startup: Gangsters2Setup.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Sidebar.lnk = C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Skyscape SmartUpdate.lnk = C:\Archivos de programa\Archivos comunes\Skyscape\SmartUpdate.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Gangsters2Setup.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT Startup: Sidebar.lnk = C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.exe (User 'Default user')
O4 - .DEFAULT Startup: Skyscape SmartUpdate.lnk = C:\Archivos de programa\Archivos comunes\Skyscape\SmartUpdate.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Gangsters2Setup.lnk = ?
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Sidebar.lnk = C:\Archivos de programa\Thoosje Sidebar 2.2\Thoosje Sidebar.exe
O4 - Startup: Skyscape SmartUpdate.lnk = C:\Archivos de programa\Archivos comunes\Skyscape\SmartUpdate.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Archivos de programa\Archivos comunes\DataViz\DvzIncMsgr.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Vea la imagen original - C:\Archivos de programa\AT&T\AT&T Runner 2\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Archivos de programa\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Archivos de programa\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Archivos de programa\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.es/scan_es/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\Archivos comunes\PCSuite\Services\ServiceLayer.exe

--
End of file - 9657 bytes

-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

5206-11-08 18:20:46 0 d-------- C:\WINDOWS\system32\NtmsData
2008-06-06 17:58:52 0 d-------- C:\WINDOWS\ERUNT
2008-06-05 22:49:26 0 d-------- C:\Archivos de programa\Vision Video Games
2008-06-04 14:19:22 68096 --a------ C:\WINDOWS\zip.exe
2008-06-04 14:19:22 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-04 14:19:22 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-04 14:19:22 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-04 14:19:22 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-04 14:19:22 98816 --a------ C:\WINDOWS\sed.exe
2008-06-04 14:19:22 80412 --a------ C:\WINDOWS\grep.exe
2008-06-04 14:19:22 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-04 14:00:05 0 d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-06-04 13:57:28 0 drahs---- C:\autorun.inf
2008-05-31 22:23:04 0 d-------- C:\Archivos de programa\Unbound Medicine
2008-05-31 20:41:40 0 d-------- C:\WINDOWS\Skyscape
2008-05-31 20:41:40 0 d-------- C:\Skyscape
2008-05-31 20:41:40 0 d-------- C:\Archivos de programa\Archivos comunes\Skyscape
2008-05-07 21:06:37 30208 --a------ C:\mont.exe


-- Find3M Report ---------------------------------------------------------------

2008-06-04 14:00:09 0 d-------- C:\Documents and Settings\Propietario\Datos de programa\Malwarebytes
2008-06-04 13:45:49 0 d-------- C:\Archivos de programa\Red Kings Poker
2008-06-02 22:54:01 0 d-------- C:\Archivos de programa\Full Tilt Poker
2008-06-02 15:09:15 0 d-------- C:\Documents and Settings\Propietario\Datos de programa\uTorrent
2008-06-01 19:15:44 724992 --a----c- C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-31 22:23:04 0 d--h----- C:\Archivos de programa\InstallShield Installation Information
2008-05-31 21:09:48 0 d-------- C:\Archivos de programa\Palm
2008-05-31 20:41:40 0 d-a------ C:\Archivos de programa\Archivos comunes
2008-05-31 14:35:32 0 d-------- C:\Archivos de programa\PartyGaming
2008-05-06 20:47:12 60416 --a------ C:\dos32.exe
2008-05-01 16:59:28 0 d-------- C:\Archivos de programa\Celestia-ED
2008-04-20 12:49:09 680 --a----c- C:\WINDOWS\AUTOLNCH.REG
2008-04-06 20:24:00 441164 --a----c- C:\WINDOWS\system32\perfh00A.dat
2008-04-06 20:24:00 69528 --a----c- C:\WINDOWS\system32\perfc00A.dat
2008-03-17 01:18:22 4096 --a------ C:\WINDOWS\d3dx.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k "= "C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe" [09/08/2003 12:27 p.m.]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 09:42 p.m.]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [07/05/1998 04:04 p.m.]
"HPHUPD05 "= "c:\Archivos de programa\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [23/05/2003 03:03 a.m.]
"HPHmon05 "= "C:\WINDOWS\System32\hphmon05.exe" [23/05/2003 02:56 a.m.]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" []
"AlcxMonitor "= "ALCXMNTR.EXE" [17/02/2004 06:49 a.m. C:\WINDOWS\ALCXMNTR.EXE]
"GGVG "= "C:\WINDOWS\ndlymr.exe" []
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [07/05/2003 02:56 p.m.]
"KBD "= "C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 p.m.]
"PRISMSVR.EXE "= "C:\WINDOWS\system32\PRISMSVR.exe" []
"SunJavaUpdateSched "= "C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25 a.m.]
"HP Software Update "= "C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [17/02/2005 12:11 a.m.]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [17/09/2007 01:07 a.m.]
"nwiz "= "nwiz.exe" [17/09/2007 01:07 a.m. C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [17/09/2007 01:07 a.m.]
"ISUSPM Startup "= "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\isuspm.exe" [11/08/2005 04:30 p.m.]
"ISUSScheduler "= "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" [11/08/2005 04:30 p.m.]
"avast! "= "C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe" [15/05/2008 06:19 p.m.]
"Adobe Reader Speed Launcher "= "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 11:16 p.m.]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 05:42 p.m.]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^GStartup.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propietario^Menú Inicio^Programas^Inicio^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Propietario\Menú Inicio\Programas\Inicio\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propietario^Menú Inicio^Programas^Inicio^Palm Registration.lnk]
path=C:\Documents and Settings\Propietario\Menú Inicio\Programas\Inicio\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propietario^Menú Inicio^Programas^Inicio^palmOne Registration.lnk]
path=C:\Documents and Settings\Propietario\Menú Inicio\Programas\Inicio\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Archivos de programa\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Download Accelerator Manager Free Edition]
C:\Archivos de programa\Tensons\Download Accelerator Manager\Free Edition\dam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
"C:\Archivos de programa\Archivos comunes\InterVideo\SchSvr\SchSvr.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hppwrsav]
C:\SCANJET\PrecisionScanLT\hppwrsav.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Archivos de programa\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Web Companion]
C:\ARCHIV~1\COMMON~1\MOBIPO~1\webcomp.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Archivos de programa\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Archivos de programa\Archivos comunes\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
C:\Archivos de programa\Common files\updater\wupdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Archivos de programa\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinCinemaMgr]
"C:\Archivos de programa\InterVideo\Common\bin\WinCinemaMgr.exe "




-- End of Deckard's System Scanner: finished at 2008-06-07 12:13:49 ------------

 

Please delete the following files.

C:\dos32.exe
C:\mont.exe

Reboot and verify they are gone, then empty the recycle bin and let me know.