17 replies to this topic

[GLEZP]

Hello All,
Yesterday Outerinfo installed itself in my machine and I started having several unusual symptoms. I googled Outerinfo and found this forum and applied the steps explained in (http://forums.whatth...elp_t72137.html) the best I could. Then I run the online active scan from Panda antivirus here (http://www.pandasecu...ons/activescan/) Then I followed this post(http://forums.whatth...elp_t57813.html) basically updating Spybot and running a scan, and then I rebooted and here's a fresh HiJackThis log:

(more info on the steps I followed and the current situation after the log)

Logfile of HijackThis v1.99.1
Scan saved at 22:30:35, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Archivos de programa\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\ARCHIV~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .IVR: C:\Archivos de programa\Internet Explorer\PLUGINS\NPRVRT32.dll
O12 - Plugin for .PAN: C:\Archivos de programa\Internet Explorer\PLUGINS\NpSmNp.dll
O15 - Trusted Zone: http://www.yahoo.com
O15 - Trusted Zone: http://www.washingtondchotelsgroup.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09472BE7-01B1-4B21-9C6B-FCC4FBB34DA7}: NameServer = 80.58.0.33,80.58.32.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{09472BE7-01B1-4B21-9C6B-FCC4FBB34DA7}: NameServer = 80.58.0.33,80.58.32.97
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: iPodSrv - Unknown owner - C:\Archivos de programa\iPod\Bin\iPodSrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe


------------------------------------------------------------------------------------------------------------

SYMPTOMS
I always browse with Firefox, but IE7 opened by it self while browsing. I looked in my desktop and had two new shortcuts named "Windows Update" and "Help and Support Center" that pointed to an Internet address at storageprotector.com and had icons exactly like the Windows ones. I saw a new program installed called Outerinfo in my programs menu. I started the task manager and killed a few processes that I didn't know, some were named 17pholmes. I started experiencing a very slow performance and the CPU came to a halt every few minutes. I started closing down Pop ups trying to sell me antivirus and clean up software that were dubious, Also pressed the red X on all alerts that I saw (they looked very bogus). I started seeing many warnings popping up in my task bar next to the system clock. A process named windows would appear in the task manager at this time. The balloons sprung from a white X inside a red circle like the ComboFix Icon. They asked me to click the balloon and tried to access the internet if I did, but I had disconnected the network cable. Tried to kill the process named window and several others I had never seen before (I also removed an external 500GB Iomega drive at this point). Connected again, tried to run the Panda Antivirus Online Activescan, but couldn't finish the scan because IE7 started opening dozens of tabs and crashed.


STEPS TAKEN SO FAR
I decided I had no idea how to deal with this. I downloaded a virus scanner from Tucows that found nothing. I uninstalled it. I googled 17pholmes and Outerinfo, found this forum and read up. I first followed the How to Remove Outerinfo Pop ups self Help page:

· Looked in "add remove programs" and tried to uninstall Outerinfo, accessed the Outerinfo uninstaller exe and completed the process

· Downloaded ATF Cleaner and cleaned up All Temp files

· Downloaded ComboFix but didn't run it (tried as instructed the rest of the fix first)

· Downloaded and run SUPERAntiSpyware Home Edition (free) followed all instructions and found nothing

· Back to ComboFix, followed the tutorial at bleepingcomputer about ComboFix. I downloaded the Microsoft file and tried to drag it on top of the ComboFix icon to install the Recovery Console but instead Combofix would simply start running, I aborted a couple of times and the third time I allowed it to run. It performed the 41 steps but rebooted the computer without giving me a Log file. I looked in C:\ComboFix.txt but nothing.

· Tried to drag the MS file on top of ComboFix and this time it worked. It said it was installing the Recovery Console and performed a scan that ended up with a Log file. I saved it.

· Run SUPERAntiSpyware Home Edition again, and this time it found several infections, checked, clicked Ok and quarantined them. Saved the Log and rebooted.

· Downloaded and follow the instruction to produce a HiJackThis log.

· Next I tried the Online Antivirus Activescan from Panda again and it completed a scan. It reported that it had found and fixed several viruses and that there were many other threats (dialers, trojans, rootkits, you-name-it, etc.) that it hadn't fix. It gave me yet another log file which I saved too (when I looked at this log file most of this problems seemed to be contained within the quarantined files, except for a few).

· Rebooted and did a second HiJackThis log.

· Found the "Before Posting A Hijackthis Log self Help" and downloaded the updates to Spybot, performed a scan
and fixed the red entries (mostly tracking cookies except to registry entries about a trojan), asked Spybot for produced a log file for my collection (it produced a huge one) and saved it.

· Again rebooted and produced a third HiJackThis log which is posted above.


CURRENT STATUS
Basically I don't know! Apparently the situation is stable, significantly the two shortcuts named "Windows Update" and "Help and Support Center" are now inactive and have lost their icon. I have regained apparent control of the machine and I haven't seen anymore Pop ups, alerts or yellow balloons or performance degradation, but I am still not confident to run my regular programs. I don't know what steps to take now to better secure and scan my machine, I don't know what to do with the logs or the quarantined files, and don't know what to do with the external Iomega HD that was connected at the time of infection (I haven't turned it on again since) and I suppose it might be infected too.

Any advice on how to proceed would be greatly appreciated as I have a lot more doubts about the situation. Also, a big thanks for the help you have already provided setting up those self-help tutorials. I have saved all logs if needed.

[Rorschach112]

Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[GLEZP]

Hello Rorschach112, Thanks for helping me.
Here are the two text files requested. Just for the record, DSS produced a third text file a hijackthis log that I have also saved.
I have a question: when I started noticing that I was infected I had an external drive connected. I turned it off before I started following the self help tutorial and I haven't connected it since. Couldn't it be infected too?, And should I turn it on and include it in the next procedures to make sure it is scanned also?


Deckard's System Scanner v20071014.68
Run by Diseño1 on 2008-02-20 20:52:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-02-20 19:52:30 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2008-02-19 19:11:25 UTC - RP5 - Punto de control del sistema
4: 2008-02-15 07:56:30 UTC - RP4 - Punto de control del sistema
3: 2008-02-13 08:06:41 UTC - RP3 - ComboFix created restore point
2: 2008-02-13 07:41:55 UTC - RP2 - ComboFix created restore point


-- First Restore Point --
1: 2008-02-13 07:28:36 UTC - RP1 - Punto de control del sistema


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Diseño1.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-20 20:55:30
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Archivos de programa\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Intel® Active Monitor\imonNT.exe
C:\Documents and Settings\Diseño1\Escritorio\dss.exe
C:\Archivos de programa\Hijackthis\Diseño1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Archivos de programa\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\ARCHIV~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk.disabled = C:\Archivos de programa\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.adobe.com (HKCU)
O15 - Trusted Zone: https://panel.dreamhost.com (HKCU)
O15 - Trusted Zone: http://www.yahoo.com (HKCU)
O15 - Trusted Zone: http://www.washingtondchotelsgroup.com (HKCU)
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} () - http://codecs.micros...86/wmsp9dmo.cab
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} () - http://codecs.micros...386/msaudio.cab
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://codecs.micros...386/wmv9dmo.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupd...7268.4040277778
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{09472BE7-01B1-4B21-9C6B-FCC4FBB34DA7}: NameServer = 80.58.0.33,80.58.32.97
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonNT.exe
O23 - Service: iPodSrv - Unknown owner - C:\Archivos de programa\iPod\Bin\iPodSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe


--
End of file - 8068 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScript - shell\open\command - C:\WINDOWS\NOTEPAD.EXE "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 SASDIFSV - c:\archivos de programa\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\archivos de programa\superantispyware\saskutil.sys
R1 SMBus (Intel® SMBus Driver) - c:\windows\system32\drivers\smbus.sys <Not Verified; Intel Corporation; Intel® SMBus Controller>
R1 SMBusP (Intel® SMBus Passthru Driver) - c:\windows\system32\drivers\smbusp.sys <Not Verified; Intel Corporation; Intel® SMBus Controller>
R2 iSMBIOS - c:\windows\system32\drivers\ismbios.sys <Not Verified; Intel Corporation; Intel® Active Monitor>
R2 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys
R2 SIODRV - c:\windows\system32\drivers\siodrv.sys <Not Verified; Intel Corporation; Intel® Active Monitor>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\archivos de programa\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SNP2STD (USB2.0 PC Camera (SNP2STD)) - c:\windows\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>

S3 SABProcEnum - c:\archiv~1\mozill~1\sabprocenum.sys (file missing)
S3 SDVPlus (Pinnacle Studio DVplus WDM Renderer) - c:\windows\system32\drivers\sdvplus.sys <Not Verified; Pinnacle Systems; SDVPlus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 imonNT (Intel® Active Monitor) - c:\program files\intel\intel® active monitor\imonnt.exe <Not Verified; Intel Corp.; Intel® Active Monitor>
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>

S2 iPodSrv - c:\archivos de programa\ipod\bin\ipodsrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Adaptador de red 1394
Device ID: V1394\NIC1394\76642C3B308D02
Manufacturer: Microsoft
Name: Adaptador de red 1394
PNP Device ID: V1394\NIC1394\76642C3B308D02
Service: NIC1394


-- Files created between 2008-01-20 and 2008-02-20 -----------------------------

2008-02-13 21:37:02 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-13 21:37:02 3450 --a------ C:\WINDOWS\unins000.dat
2008-02-13 13:20:24 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-02-13 09:07:16 260272 --a------ C:\cmldr
2008-02-13 09:07:14 0 d-------- C:\cmdcons
2008-02-13 08:27:39 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-13 08:27:39 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-13 08:27:39 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-13 08:27:39 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-13 08:09:24 0 d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2008-02-13 07:18:31 0 d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-02-13 07:17:43 0 d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-02-13 03:06:49 0 d-------- C:\Temp


-- Find3M Report ---------------------------------------------------------------

2008-02-20 20:47:21 13111 --a------ C:\WINDOWS\system32\tablet.dat
2008-02-13 09:02:02 0 d-------- C:\Documents and Settings\Diseño1\Datos de programa\ZipGenius
2008-02-13 08:09:25 7655 --a------ C:\WINDOWS\mozver.dat
2008-02-13 07:18:31 0 d-------- C:\Documents and Settings\Diseño1\Datos de programa\SUPERAntiSpyware.com
2008-02-13 07:17:43 0 d-------- C:\Archivos de programa\Archivos comunes
2008-02-13 06:39:41 0 d-------- C:\Archivos de programa\Common Files
2008-02-13 01:10:04 0 d-------- C:\Archivos de programa\Mozilla Thunderbird
2008-02-11 13:13:49 0 d-------- C:\Documents and Settings\Diseño1\Datos de programa\Adobe
2008-02-09 19:14:25 0 d-------- C:\Archivos de programa\eMule
2008-02-04 20:36:02 0 d-------- C:\Archivos de programa\PTGui
2008-01-14 22:29:49 0 d-------- C:\Archivos de programa\onOne Software
2008-01-14 22:29:49 0 d--h----- C:\Archivos de programa\InstallShield Installation Information
2007-12-02 10:35:35 439680 --a----c- C:\WINDOWS\system32\perfh00A.dat
2007-12-02 10:35:35 68696 --a----c- C:\WINDOWS\system32\perfc00A.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 06:31]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 06:32]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 06:32]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 06:31]
"Adobe Photo Downloader"="C:\Archivos de programa\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [05/11/2007 05:32]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [24/08/2001 13:00]
"IMONTRAY"="C:\Program Files\Intel\Intel® Active Monitor\imontray.exe" [20/08/2001 19:24]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [06/12/2005 13:08]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [16/01/2006 14:06]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [06/01/2006 13:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 23:42]
"Yahoo! Pager"="C:\ARCHIV~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 17:43]
"SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]
"SpybotSD TeaTimer"="C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
Acrobat Assistant.lnk.disabled [16/03/2002 19:30:15]
Adobe Gamma Loader.lnk - C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [27/02/2002 14:10:52]
Adobe Reader Speed Launch.lnk.disabled [04/12/2005 18:08:43]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [01/06/2006 18:24:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoOnlinePrintsWizard"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"AdaptecDirectCD"="C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
"QuickTime Task"="C:\archivos de programa\quicktime\qttask.exe" -atboottime
"Share-to-Web Namespace Daemon"=C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"LogitechVideoTray"=C:\Archivos de programa\Logitech\Video\LogiTray.exe
"LogitechVideoRepair"=C:\Archivos de programa\Logitech\Video\ISStart.exe
"ViewMgr"=C:\Archivos de programa\Viewpoint\Viewpoint Manager\ViewMgr.exe
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe
"PCLEPCI"=C:\ARCHIV~1\Pinnacle\PPE\ppe.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7899 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-02-20 20:57:02 ------------









Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Spanish

CPU 0: Intel® Pentium® 4 CPU 2.00GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 511.3 MiB / 222.12 MiB
Pagefile Memory (total/avail): 1248.44 MiB / 1023.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.46 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 34.17 GiB total, 5.32 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SEAGATE ST336706LW SCSI Disk Device - 34.18 GiB - 1 partition
\PARTITION0 (bootable) - Sistema de archivos instalables - 34.17 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Diseño1\Datos de programa
CLASSPATH=.;C:\Archivos de programa\Java\j2re1.4.1\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Archivos de programa\Archivos comunes
COMPUTERNAME=ESTACION1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Diseño1
LOGONSERVER=\\ESTACION1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Archivos de programa\Archivos comunes\Adaptec Shared\System;C:\Archivos de programa\ZipGenius 6;C:\archivos de programa\quicktime\QTSystem;;C:\ARCHIV~1\ARCHIV~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Archivos de programa
PROMPT=$P$G
QTJAVA=C:\Archivos de programa\Java\j2re1.4.1\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DISEO1~1\CONFIG~1\Temp
TMP=C:\DOCUME~1\DISEO1~1\CONFIG~1\Temp
USERDOMAIN=ESTACION1
USERNAME=Diseño1
USERPROFILE=C:\Documents and Settings\Diseño1
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Diseño1 (admin)
Administrador (admin)
Invitado (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Archivos de programa\Archivos comunes\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{9084D215-778B-4BC2-8B57-54AB49E526BF}\setup.exe" -u
--> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{9084D215-778B-4BC2-8B57-54AB49E526BF}\setup.exe" -u -quiet
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACD Media Support Package 1.0 --> MsiExec.exe /X{C531F248-1EC0-4C5D-A32C-A16672929B42}
ACDSee 7.0 --> MsiExec.exe /I{ECE0113B-23D0-4DD8-89E6-D2F026CABF03}
Actualización de seguridad para el Reproductor de Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Actualización de seguridad para el Reproductor de Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Actualización de seguridad para el Reproductor de Windows Media 9 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Actualización de seguridad para el Reproductor de Windows Media 9 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Actualización de seguridad para el Reproductor de Windows Media 9 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Actualización para Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Actualización para Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Actualización para Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Actualización para Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Actualización para Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Actualización para Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Actualización para Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Actualización para Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Actualización para Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Actualización para Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Actualización para Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Actualización para Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Actualización para Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Actualización para Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Actualización para Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Actualización para Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Actualización para Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Actualización para Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe SVG Viewer 3.0 --> C:\Archivos de programa\Archivos comunes\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Archivos de programa\Archivos comunes\Adobe\SVG Viewer 3.0\Uninstall\Install.log
ALi USB2.0 Driver --> C:\WINDOWS\system32\UnUSB20.EXE RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}\Setup.exe" -uninst
Alt-Tab Task Switcher Powertoy for Windows XP --> MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
Audacity 1.2.2 --> "C:\Archivos de programa\Audacity\unins000.exe"
Autopano-SIFT 2.3 --> "C:\Archivos de programa\Autopano-SIFT-2.3\uninstall.exe"
AVIcodec (remove only) --> "C:\Archivos de programa\AVIcodec\uninst.exe"
BookSmart™ 1.9.1 1.9.1 --> F:\BookSmart\uninstall.exe
Bukster 1.15 Beta --> "C:\Archivos de programa\Bukster 1.0 Beta\unins000.exe"
Canon S520 --> C:\WINDOWS\System32\CNMCP3M.EXE -@C:\WINDOWS\IsUn040a.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S520 Installer\Inst\DeIsL1.isu" -pCanon S520-c"C:\BJPrinter\CNMWINDOWS\Canon S520 Installer\Inst\bjinst.dll
ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
Conceptronic Lounge'n'LOOK Series WebCam --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\Setup.exe" -l0x9
Controlador de Logitech® Camera --> "C:\Archivos de programa\Archivos comunes\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"
DivX --> C:\Archivos de programa\DivX\DivXCodecUninstall.exe /CODEC
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
eMule --> "C:\Archivos de programa\eMule\Uninstall.exe"
eRacer --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{8A705053-E325-4A6B-B6B0-10EBB44E3545}\setup.exe"
EVEREST Home Edition v1.50 --> "C:\Archivos de programa\Lavalys\EVEREST Home Edition\unins000.exe"
First Step Guide --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{C797EAF2-707A-4239-BDF3-F2672314A734}\setup.exe" -l0xa UNINSTALL
FLV Player 1.3.3 --> "C:\Archivos de programa\FLVPlayer\uninstall.exe"
Free WMA to MP3 Converter 1.08 --> "C:\Archivos de programa\Free WMA to MP3 Converter\unins000.exe"
FTP Voyager --> C:\WINDOWS\IsUninst.exe -f"C:\Archivos de programa\RhinoSoft.com\FTP Voyager\Uninst.isu" -c"C:\Archivos de programa\RhinoSoft.com\FTP Voyager\FVUninstall.dll"
GetRight --> C:\Archivos de programa\GetRight\GetRight\GETRIGHT.EXE /UNINSTALL
GTK+ Runtime 2.6.2 rev a (remove only) --> C:\Archivos de programa\Common Files\GTK\2.0\uninst.exe
Hijackthis 1.99.1 --> "C:\Archivos de programa\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\Diseño1\Escritorio\HijackThis.exe /uninstall
HP Photo and Imaging 2.2 - Scanjet 3970 Series --> MsiExec.exe /I{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}
HP PrecisionScan Pro 3.0 --> MsiExec.exe /I{22DAFE84-E618-11D3-B2A7-080009FB4A19}
ImageMixer VCD2 --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0xa UNINSTALL
iMove Internet Browser Plugin --> C:\WINDOWS\IsUninst.exe -f"C:\Archivos de programa\iMove\Internet Browser Plugin\IMNP.isu"
Incoming Forces Deliverance --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{E329DB00-B54C-11D4-A2F6-00D0B7BFC628}\setup.exe"
Intel® Active Monitor --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{2E861EC9-FCB8-11D3-939A-00A0C9BA5A55}\setup.exe"
JagoClient Version 4.53 --> "C:\Archivos de programa\JagoClient\unins000.exe"
Java 2 Runtime Environment SE v1.4.1 --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}\setup.exe" Anytext
Java Web Start --> "C:\Archivos de programa\Java Web Start\uninst-javaws.exe"
JBM for Windows 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Archivos de programa\Personal jukebox\Jukebox Manager\Uninst.isu"
Language Pack for Ad-aware 6 --> C:\ARCHIV~1\Lavasoft\AD-AWA~1\Lang\LANGUA~1\UNWISE.EXE C:\ARCHIV~1\Lavasoft\AD-AWA~1\Lang\LANGUA~1\INSTALL.LOG
Lightroom --> MsiExec.exe /I{6297F8EC-D821-4B33-B845-8A8D1A0DF472}
Live Picture Viewer Plugin --> C:\ARCHIV~1\LIVEPI~1\LIVEPI~1\UNWISE.EXE C:\ARCHIV~1\LIVEPI~1\LIVEPI~1\INSTALL.LOG
Macromedia Flash 5 --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{4C93C363-414E-11D4-9756-00C04F8EEB39}\Setup.exe" UNINSTALL
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia HomeSite 5 --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{74307C3F-EBD4-11D4-A4D9-0010A4C3AFF0}\Setup.exe"
Magnifier Powertoy for Windows XP --> MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional --> MsiExec.exe /I{90110C0A-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (2.0.0.12) --> C:\ARCHIV~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9) --> C:\Archivos de programa\Mozilla Thunderbird\uninstall\helper.exe
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Opera 9.10 --> MsiExec.exe /X{5D582D33-EB35-4D77-B7AF-403322D947E6}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PhotoPresets with One-Click WOW! --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{235674B0-A35F-4811-8A8F-E8F42A919EA3}\setup.exe" -l0x9 -uninst -removeonly
Picture Package --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0xa UNINSTALL
Pinnacle Systems PCI Performance Enhancer --> C:\ARCHIV~1\Pinnacle\PPE\UNWISE.EXE C:\ARCHIV~1\Pinnacle\PPE\INSTALL.LOG
Polaroid Dust and Scratch Removal v1.0.0.15.2e --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{7B03B4E6-E3F9-11D5-B9D9-00D0B75C082C}\Setup.exe" -l0x9
PowerDVD --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PTGui --> MsiExec.exe /I{48E5A72D-DA25-437C-971A-E8606DBD2DFD}
PTGui 4.1 --> C:\Archivos de programa\PTGui\Uninstall.exe
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer --> C:\Archivos de programa\Archivos comunes\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RENTA 2004 --> C:\WINDOWS\IsUn040a.exe -fC:\AEAT\RENT2004\RENT2004.ISU
Revisión de Windows XP - KB834707 --> C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Revisión de Windows XP - KB867282 --> C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Revisión de Windows XP - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Revisión de Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Revisión de Windows XP - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Revisión de Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Revisión de Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Revisión de Windows XP - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Revisión de Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Revisión de Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Revisión de Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Revisión de Windows XP - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Revisión de Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Revisión de Windows XP - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Revisión de Windows XP - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Revisión de Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Revisión de Windows XP - KB890923 --> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Revisión de Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Revisión de Windows XP - KB893066 --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Revisión de Windows XP - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Revisión para Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sony USB Driver --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy --> "C:\Archivos de programa\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Studio --> C:\WINDOWS\IsUn040a.exe -f"C:\Archivos de programa\Pinnacle\Studio 7\Studio7.isu" -cC:\WINDOWS\Studio7.dll
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tableta --> C:\Archivos de programa\Tablet\Remove.exe /u
TopStyle Lite (Version 2) --> C:\WINDOWS\unlite2.exe "C:\Archivos de programa\Bradbury\TopStyle2"
TopStyle Lite (Version 3.0) --> C:\WINDOWS\unlite3.exe "C:\Archivos de programa\Bradbury\TopStyle3"
VideoLAN VLC media player 0.8.5 --> C:\Archivos de programa\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only) --> C:\Archivos de programa\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player (Remove Only) --> C:\Archivos de programa\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VP6 VFW Codec --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{A23866A0-738B-4091-9924-0B0DE3988A15}\Setup.exe" -l0x9
Windows Live Messenger --> MsiExec.exe /I{1692CC0E-8798-493A-9580-23555E21C14B}
XviD MPEG-4 Codec --> "C:\Archivos de programa\XviD\UninstXviD.exe"
Yahoo! Messenger --> C:\ARCHIV~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\ARCHIV~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZipGenius 6 (6.0.2.1040) --> "C:\Archivos de programa\ZipGenius 6\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1130 / Success
Event Submitted/Written: 02/19/2008 10:08:48 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1125 / Warning
Event Submitted/Written: 02/15/2008 09:39:53 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows no puede descargar su archivo del Registro de clases - todavía está en uso por otras aplicaciones o servicios. El archivo se descargará cuando no esté en uso.

Event Record #/Type1120 / Success
Event Submitted/Written: 02/13/2008 10:45:13 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1114 / Success
Event Submitted/Written: 02/13/2008 09:17:13 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1107 / Success
Event Submitted/Written: 02/13/2008 00:33:04 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2008-02-20 20:57:02 ------------

[Rorschach112]

Your logs are looking good

Plug in your external drive for the following

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also tell me how your PC is running

[GLEZP]

Did as instructed, the program didn't have any problems deleting anything and no reboots were asked. I have a strong feeling that it *didn't* scan my external drive though (I watched as it progressed through the scan and it never left my C:\ drive, also it took only a couple of minutes) Should I reboot and run it again, or perform a complete full scan? It did remove, amongst other things, one of the bogus links that appeared on my desktop, as I explained in my first post, but not the other. This links had already been disabled by the combination of ComboFix and SUPERAntiSpyware. But I wonder why it removed only one of them. The computer is running apparently fine. I don't notice any sign of malware or unusual CPU usage (I wouldn't know what is unusual though, except when it is something terribly obvious), I have not been running any of my usual programs or using my drives (out of caution) and I have only used the computer for web browsing and nothing else. Still, I see no Pop ups or Error messages or Alerts like I did last week at infection. Here is the resulting Malwarebytes' Anti-Malware log: Malwarebytes' Anti-Malware 1.04 Database version: 383 Scan type: Quick Scan Objects scanned: 25879 Time elapsed: 2 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Diseño1\Escritorio\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.

[Rorschach112]

Your logs are clean ! We need to do a few things

You can delete the tools that we used


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

[GLEZP]

Hello ,
Before I proceed I have two questions?
Which programs should I remove?, the ones that I downloaded under your instructions or all of them including the ones I downloaded following the self help fix (http://forums.whatth...elp_t72137.html)? Those other programs are HijackThis, ComboFix and SUPERAntiSpyware Home Edition. A detailed description of what I did is in my first post.

Also before I remove SUPERAntiSpyware Home Edition, What do I do with the quarantine files that it produced in its second scan?

Here is the log it gave me then, and the files are still quarantined there:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/13/2008 at 11:03 AM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 01:36:49

Memory items scanned : 297
Memory threats detected : 0
Registry items scanned : 5431
Registry threats detected : 0
File items scanned : 90962
File threats detected : 6

Trojan.NetMon/DNSChange
C:\QOOBOX\QUARANTINE\C\ARCHIVOS DE PROGRAMA\NETWORK MONITOR\NETMON.EXE.VIR

Adware.Adservs
C:\QOOBOX\QUARANTINE\C\WINDOWS\RGLZZFFVMQ\ASAPPSRV.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\P1\LIAMDLL2.EXE.VIR

Unclassified.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\RGLZZFFVMQ\COMMAND.EXE.VIR

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\RGLZZFFVMQ\L35WTZISGK.VBS.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS.VIR

[Rorschach112]

Do this

Now lets uninstall Combofix:

• Click START then RUN
• Now type Combofix /u in the runbox and click OK

The above procedure will do the following:

• Delete ComboFix and its associated files and folders.
• Delete VundoFix backups, if present
• Delete the C:\Deckard folder, if present
• Delete the C:_OtMoveIt folder, if present
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Reset System Restore.

Then remove any of the programs left over that we have used. You don't need to keep any besides MBAM


Don't worry about SUPERAntiSpyware detecting those entries

Any more questions ?

[GLEZP]

Ok, followed the procedure to uninstall ComboFix. Then uninstalled HijackThis, DSS, AND SUPERAntiSpyware (I first proceeded to remove the quarantined files). I have three questions (sorry to take up your time, I very much appreciate your help): 1 - Do I need to worry about the external drive, I think it wasn't included in the MBAM quick scan? possibly because I turned it on *after* I installed MBAM but *before* I proceeded to scan. 2 - Panda Online ActiveScan found a lot of threats the last time it run last week. Mostly, I think were items that had been quarantined, but I am not sure all of them were resolved. Should I post the log it produced, or should I scan again? 3 - Sort of off topic but, Can a .JPEG image file, a .CR2 raw image file, or a .PSD photoshop file be infected? Most of my concerns are with the backups of my photography images and I would like to move them to a new drive I will follow your advice on completion and post tomorrow. It is already past midnight here. Thank you again, very much, for your help.

[Rorschach112]

No problem

Do I need to worry about the external drive

Nope

Should I post the log it produced, or should I scan again?

No need, the scans we have ran are far more thorough and are showing up nothing. Chances are Panda is finding stuff we have quarantined. You don't need to worry anyway

Can a .JPEG image file, a .CR2 raw image file, or a .PSD photoshop file be infected?

I think they can but the infection you have had would not have infected them

You have nothing to worry about, your PC is as clean as a whistle

Let me know if you have any more questions

[GLEZP]

Hello Rorschach112, Did as follows: - Removed JRE from machine (but left Java Web Start since it didn't have JRE in the name) Then installed Java Runtime Environment (JRE) 6 Update 4. - Created new restore point and deleted previous ones - I already always download all security updates from MS - Donwloaded and Installed SpywareBlaster, IE-SPYAD, and SpywareGuard 2.2 Minimal Setup (I Chose minimal as per instructions I am downloading from XP) - Secured and locked down IE7 - Downloaded and installed MVPS Hosts file. - I already use Firefox for all my browsing unless a very important website twists my arm behind my back to open up IE7 (nonetheless a website managed to open pop ups in IE7 without my permission when I got infected.) - Read Tony Klein's article for the fourth or fifth time and followed procedures there. Thank you very much for your time and guidance. The computer is running normally and I feel confident is clean. I will run a few complete virus scans for my peace of mind, but you can consider this issue resolved. I have just one last question Where would be the appropiate place in this forums to ask further security doubts? I have several doubts and questions that are not necessarily related to this post. Thanks Again!

[Rorschach112]

Ask them here if you wish Not sure where the best place might be Maybe in the Microsoft Windows™ forum

[GLEZP]

Hi, Thanks Rorschach112, but I wouldn't like to take more of your time than necessary. Please don't feel obligated to answer, and feel free to redirect me to other forums, sub-forums, or pages as you see fit. you can close this topic whenever you like. I'll start with questions about my situation. I do basically three kinds of tasks in my computer: - Image related task where I don't connect to the internet and I work offline. - Regular daily browsing of known safe sites where I read news, or articles about photography, and related stuff. (I have them all in a bookmark folder and they open together in Firefox) - Occasional browsing where I venture into unknown websites, follow links, download, search for stuff, etc. My question is this: Is it possible to be at any risk if I am offline (disconnected from the internet)? I ask this because I would like to create three sort of different sessions to suit the three different types of use I give this computer. - (1) All antivirus, firewall, spyware, malware programs disabled, NO connection to the internet to be safe, a minimum of processes running, to better utilize the system resources for Photoshop and the like. - (2) Minimun antivirus, firewall, spyware configuration to browse my list of daily known safe sites. - (3) All shields up! maximize security to browse unknown sites, download stuff, use messenger, and basically any other internet related activity. (1) and (2) I do everyday, but (3) I might do once every two weeks, so it seems a little overkill for me to have four or five security programs running if I am not connected to the internet and I'm just working in Photoshop for hours. Is there something conceptually wrong with this approach? If it is ok, what would be the difference in security I should apply between (2) and (3)? And, is there an easy way to achieve this in an automated way? for example, I was thinking of creating three users in this PC for the three profiles and logging on to different users depending on the task I'm doing. Is this feasible or do I have to reboot to start some security processes? To sum up: · Am I at risk if I am not connected to the internet? · Is my task oriented approach to security conceptually flawed? · What security differences should there be between (2) and (3)? · Do you know of an easy way to implement this?

[Rorschach112]

Hello

Is it possible to be at any risk if I am offline

Nope you should be safe as long as your PC is clean

I was thinking of creating three users in this PC for the three profiles and logging on to different users depending on the task I'm doing.

I personally don't see the need for this if you follow this policy of yours

- (2) Minimun antivirus, firewall, spyware configuration to browse my list of daily known safe sites.

- (3) All shields up! maximize security to browse unknown sites, download stuff, use messenger, and basically any other internet related activity.

Is my task oriented approach to security conceptually flawed?

The three different methods seem fine. As long as you are careful you could use Option #2 permanently

Do you know of an easy way to implement this?

What I would recommend is installing SpywareGuard and Comodo firewall. These two programs take up barely any system resources, you won't notice them, and will stop nearly any infection


Let me know if you got any more Qs

[GLEZP]

Hi,
Sorry for the time taken, I've been reading up and trying not to ask the wrong questions.

I downloaded COMODO firewall and installed it. I'm very happy with it. It prompted me to do a full scan before starting and reported to have found some malware. Here is the log:

TrojWare.Java.ClassLoader.B(ID = 0x36d5f) C:\Documents and Settings\Diseño1\.jpi_cache\file\1.0\BlackBox.class-4f7d067a-1bda68a2.class
TrojWare.Java.ClassLoader.B(ID = 0x36d5f) C:\Documents and Settings\Diseño1\.jpi_cache\file\1.0\BlackBox.class-64b3b4e-5fbce107.class
TrojWare.Java.NoCheat.A(ID = 0x3236e) C:\Documents and Settings\Diseño1\.jpi_cache\file\1.0\Dummy.class-35388218-4a2ffba7.class
TrojWare.Java.ClassLoader.B(ID = 0x3237a) C:\Documents and Settings\Diseño1\.jpi_cache\file\1.0\Dummy.class-53a11daa-4adf261d.class
TrojWare.Java.NoCheat.A(ID = 0x3236e) C:\Documents and Settings\Diseño1\.jpi_cache\file\1.0\Dummy.class-59f6508d-16ebd5ba.class
TrojWare.Java.ClassLoader.B(ID = 0x3237a) C:\Documents and Settings\Diseño1\.jpi_cache\file\1.0\Dummy.class-63644d4e-5ea4bb9a.class
TrojWare.Java.NoCheat.A(ID = 0x32768) C:\Documents and Settings\Diseño1\.jpi_cache\file\1.0\ok.class-516d207f-2fce0c6a.class
TrojWare.Java.NoCheat.C(ID = 0x3670a) C:\Documents and Settings\Diseño1\.jpi_cache\file\1.0\stat.class-38d5a44c-4d8c00d0.class
TrojWare.Java.NoCheat.C(ID = 0x3670a) C:\Documents and Settings\Diseño1\.jpi_cache\file\1.0\stat.class-c99b337-4eeaf593.class
TrojWare.Java.Exploit.Bytverify(ID = 0x326d9) C:\Documents and Settings\Diseño1\.jpi_cache\file\1.0\VerifierBug.class-1756e264-50d1860a.class
TrojWare.Java.Exploit.Bytverify(ID = 0x326d9) C:\Documents and Settings\Diseño1\.jpi_cache\file\1.0\VerifierBug.class-651800c0-3d2a15d9.class

I deleted the files as it recomended me. That folder is a temp folder with thousands of old files, (ATF didn't clean it) some with similar names to the ones removed. Should I delete all the files there?

Also, I run all the scans I had in full mode (I downloaded SUPERAntiSpyware again to do the full scan) and gave me back this log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/22/2008 at 03:31 PM

Application Version : 3.9.1008

Core Rules Database Version : 3407
Trace Rules Database Version: 1399

Scan type : Complete Scan
Total Scan Time : 02:23:20

Memory items scanned : 334
Memory threats detected : 0
Registry items scanned : 5699
Registry threats detected : 2
File items scanned : 92100
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\Diseño1\Cookies\diseño1@ads.domainsuite[1].txt
C:\Documents and Settings\Diseño1\Cookies\diseño1@ads2.k8l[1].txt
C:\Documents and Settings\Diseño1\Cookies\diseño1@adsby.zwoops[1].txt

Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount

Unclassified.Unknown Origin
C:\ARCHIVOS DE PROGRAMA\COMPLUS APPLICATIONS\JISAGIJAQ89104.DLL


I removed the Cookies, the Trojan and the DLL, I went to that "COMPLUS APPLICATIONS" folder in my program files and deleted the folder.

Looked around and I am concerned with a "microsoft frontpage/Version3.0/Bin" series of folders. It's the ONLY Microsoft folder in my PC in which the name is spelled in lowercase, it is empty, furthermore I don't have Frontpage installed, and it won't let me erase it.

What are this trojan threats that were detected? loose ends and remains from the infection I had?

should I repeat the System Restore Point procedure after removing these entries?

I was in the process of buying a new computer. Is there a way to move only safe files there? I mean, cleaning a PC seems like a never ending spring cleaning process, but is there a way to scan a folder of files to certify it clean before moving it to an external drive that will be connected to the new computer?


Sorry for the paranoid mode again, but running scans to find out more "threats" which I don't understand, or can evaluate left me uneasy.