Foro de Spyware - Ver Mensaje Individual - Problemas con el "Shopping Wizard" Adjunto Log de HJT

Tema: Problemas con el "Shopping Wizard" Adjunto Log de HJT

Ver Mensaje Individual

post #1 (permalink)

07/04/05, 07:34:35

paranoykk

Usuario

Registrado: abr 2005

Ubicación: españa

Mensajes: 2

Problemas con el "Shopping Wizard" Adjunto Log de HJT

Buenas, me han encomendado la mision de arreglar un PC, el cual tiene el problemita de las ventanas de Publicidad con IE, ya me he bajado el Disk Cleaner, HJT, y tb tengo por aqui el Ad Aware 6.0 y el Panda original...
Primeramente he intentado arreglar el problema guiandome por la ayuda que le habeis ofrecido a otros compañeros con problemas similares, pero no ha resultado, ya que en algunos puntos la solucion no me era valida...
Asi que he hecho un scan con HiJackThis y el resultado ha sido el siguiente...

Leerlo y si podeis ayudarme, y antes de nada MUCHISIMAS GRACIAS!!!!

Logfile of HijackThis v1.99.1
Scan saved at 11:53:08, on 07/04/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\ATLNH.EXE
C:\WINDOWS\SYSTEM\SDKRE.EXE
C:\WINDOWS\CRKN.EXE
C:\WINDOWS\WINNQ.EXE
C:\WINDOWS\MSYR32.EXE
C:\WINDOWS\IEQI.EXE
C:\WINDOWS\SYSTEM\SYSGT.EXE
C:\WINDOWS\SYSMP.EXE
C:\WINDOWS\SYSTEM\JAVAPI32.EXE
C:\WINDOWS\SYSTEM\ATLGB32.EXE
C:\WINDOWS\NETEG.EXE
C:\WINDOWS\NETTU32.EXE
C:\WINDOWS\JAVAQU32.EXE
C:\WINDOWS\NETAW32.EXE
C:\WINDOWS\IPGX32.EXE
C:\WINDOWS\SYSTEM\IEZV32.EXE
C:\WINDOWS\WINXJ.EXE
C:\WINDOWS\SYSTEM\CRNU.EXE
C:\WINDOWS\SYSTEM\JAVAWB.EXE
C:\WINDOWS\SDKGX32.EXE
C:\WINDOWS\NTMO.EXE
C:\WINDOWS\MFCJC.EXE
C:\WINDOWS\SYSEL32.EXE
C:\WINDOWS\SYSTEM\ADDSG.EXE
C:\WINDOWS\CRLH32.EXE
C:\WINDOWS\SYSTEM\APIHA.EXE
C:\WINDOWS\D3QB32.EXE
C:\WINDOWS\SYSTEM\ADDWP.EXE
C:\WINDOWS\SYSTEM\JAVANP32.EXE
C:\WINDOWS\ATLSF32.EXE
C:\WINDOWS\SYSTEM\IPBX.EXE
C:\WINDOWS\JAVAMY32.EXE
C:\WINDOWS\SYSTEM\IPZX32.EXE
C:\WINDOWS\SYSTEM\IERF.EXE
C:\WINDOWS\MSHK32.EXE
C:\WINDOWS\SYSTEM\ATLOG.EXE
C:\WINDOWS\WINZC.EXE
C:\WINDOWS\SYSTEM\CRGI.EXE
C:\WINDOWS\SYSTEM\D3MZ.EXE
C:\WINDOWS\SYSTEM\JAVAOG.EXE
C:\WINDOWS\CREM32.EXE
C:\WINDOWS\MFCTK.EXE
C:\WINDOWS\ADDIO32.EXE
C:\WINDOWS\APIWO32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSRQ32.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE
C:\WINDOWS\SYSTEM\IEIG32.EXE
C:\WINDOWS\SYSTEM\D3IL32.EXE
C:\WINDOWS\SYSTEM\SYSCQ32.EXE
C:\WINDOWS\SYSZS32.EXE
C:\WINDOWS\SYSTEM\MFCMS.EXE
C:\WINDOWS\SYSTEM\NETGM.EXE
C:\WINDOWS\SYSTEM\SYSEQ.EXE
C:\WINDOWS\SYSTEM\MSRO32.EXE
C:\WINDOWS\SYSTEM\WINPR32.EXE
C:\WINDOWS\SYSTEM\CRCA32.EXE
C:\WINDOWS\SYSTEM\IEVR.EXE
C:\WINDOWS\SYSTEM\SYSOF.EXE
C:\WINDOWS\SYSTEM\IENB32.EXE
C:\WINDOWS\SYSTEM\APIQT32.EXE
C:\WINDOWS\MSTQ32.EXE
C:\WINDOWS\NTZI32.EXE
C:\WINDOWS\ADDVE.EXE
C:\WINDOWS\JAVAZZ.EXE
C:\WINDOWS\IEFN32.EXE
C:\WINDOWS\SYSTEM\SDKNB32.EXE
C:\WINDOWS\APIJT32.EXE
C:\WINDOWS\SYSTEM\JAVATK.EXE
C:\WINDOWS\APIEJ32.EXE
C:\WINDOWS\SYSTEM\MFCNH32.EXE
C:\WINDOWS\SYSTEM\MSGP32.EXE
C:\WINDOWS\APIAA.EXE
C:\WINDOWS\SYSTEM\JAVAKY32.EXE
C:\WINDOWS\CRAX32.EXE
C:\WINDOWS\SDKWG32.EXE
C:\WINDOWS\SYSFZ32.EXE
C:\WINDOWS\ADDWH32.EXE
C:\WINDOWS\D3YH32.EXE
C:\WINDOWS\ATLQV.EXE
C:\WINDOWS\SYSTEM\NETAG.EXE
C:\WINDOWS\NTVC.EXE
C:\WINDOWS\SYSTEM\APPAL32.EXE
C:\WINDOWS\WINUI.EXE
C:\WINDOWS\MFCJS.EXE
C:\WINDOWS\SYSTEM\SDKXQ32.EXE
C:\WINDOWS\SYSTEM\D3NZ32.EXE
C:\WINDOWS\MFCXZ32.EXE
C:\WINDOWS\SYSTEM\D3EL32.EXE
C:\WINDOWS\SDKDZ.EXE
C:\WINDOWS\SYSTEM\SDKQU32.EXE
C:\WINDOWS\NTOX32.EXE
C:\WINDOWS\WINTT32.EXE
C:\WINDOWS\MSTK32.EXE
C:\WINDOWS\NTXE32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\D3ZY.EXE
C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE
C:\WINDOWS\NTZI32.EXE
C:\WINDOWS\SYSTEM\MSGP32.EXE
C:\WINDOWS\SYSTEM\SYSOF.EXE
C:\WINDOWS\D3YH32.EXE
C:\WINDOWS\NETAW32.EXE
C:\WINDOWS\SYSTEM\IEIG32.EXE
C:\WINDOWS\SYSTEM\D3IL32.EXE
C:\WINDOWS\SYSTEM\D3IL32.EXE
C:\WINDOWS\SYSTEM\NETAG.EXE
C:\WINDOWS\SYSTEM\ADDSG.EXE
C:\HIJACKTHIS_199\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msn.dll/index
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msn.dll/index
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cosbf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://msn.dll/msn
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msn.dll/index
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = res://msn.dll/index
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {44B25686-99F8-F195-F825-431202F0463F} - C:\WINDOWS\NETYT.DLL
O2 - BHO: (no name) - {00BECEA1-A74F-11D9-B8FC-0004D56ECAEF} - C:\WINDOWS\SYSTEM\IFH.DLL (file missing)
O2 - BHO: (no name) - {39C7F14F-A74F-11D9-B8FC-000422D9327D} - C:\WINDOWS\SYSTEM\IFH.DLL (file missing)
O2 - BHO: (no name) - {39C7F152-A74F-11D9-B8FC-0004303585EF} - C:\WINDOWS\SYSTEM\IFH.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [JAVAQU32.EXE] C:\WINDOWS\JAVAQU32.EXE
O4 - HKLM\..\RunServices: [ATLNH.EXE] C:\WINDOWS\ATLNH.EXE /s
O4 - HKLM\..\RunServices: [SDKRE.EXE] C:\WINDOWS\SYSTEM\SDKRE.EXE /s
O4 - HKLM\..\RunServices: [CRKN.EXE] C:\WINDOWS\CRKN.EXE /s
O4 - HKLM\..\RunServices: [WINNQ.EXE] C:\WINDOWS\WINNQ.EXE /s
O4 - HKLM\..\RunServices: [MSYR32.EXE] C:\WINDOWS\MSYR32.EXE /s
O4 - HKLM\..\RunServices: [IEQI.EXE] C:\WINDOWS\IEQI.EXE /s
O4 - HKLM\..\RunServices: [SYSGT.EXE] C:\WINDOWS\SYSTEM\SYSGT.EXE /s
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSMP.EXE /s
O4 - HKLM\..\RunServices: [JAVAPI32.EXE] C:\WINDOWS\SYSTEM\JAVAPI32.EXE /s
O4 - HKLM\..\RunServices: [ATLGB32.EXE] C:\WINDOWS\SYSTEM\ATLGB32.EXE /s
O4 - HKLM\..\RunServices: [NETEG.EXE] C:\WINDOWS\NETEG.EXE /s
O4 - HKLM\..\RunServices: [NETTU32.EXE] C:\WINDOWS\NETTU32.EXE /s
O4 - HKLM\..\RunServices: [NETAW32.EXE] C:\WINDOWS\NETAW32.EXE /s
O4 - HKLM\..\RunServices: [IPGX32.EXE] C:\WINDOWS\IPGX32.EXE /s
O4 - HKLM\..\RunServices: [IEZV32.EXE] C:\WINDOWS\SYSTEM\IEZV32.EXE /s
O4 - HKLM\..\RunServices: [WINXJ.EXE] C:\WINDOWS\WINXJ.EXE /s
O4 - HKLM\..\RunServices: [CRNU.EXE] C:\WINDOWS\SYSTEM\CRNU.EXE /s
O4 - HKLM\..\RunServices: [JAVAWB.EXE] C:\WINDOWS\SYSTEM\JAVAWB.EXE /s
O4 - HKLM\..\RunServices: [SDKGX32.EXE] C:\WINDOWS\SDKGX32.EXE /s
O4 - HKLM\..\RunServices: [NTMO.EXE] C:\WINDOWS\NTMO.EXE /s
O4 - HKLM\..\RunServices: [MFCJC.EXE] C:\WINDOWS\MFCJC.EXE /s
O4 - HKLM\..\RunServices: [SYSEL32.EXE] C:\WINDOWS\SYSEL32.EXE /s
O4 - HKLM\..\RunServices: [ADDSG.EXE] C:\WINDOWS\SYSTEM\ADDSG.EXE /s
O4 - HKLM\..\RunServices: [CRLH32.EXE] C:\WINDOWS\CRLH32.EXE /s
O4 - HKLM\..\RunServices: [APIHA.EXE] C:\WINDOWS\SYSTEM\APIHA.EXE /s
O4 - HKLM\..\RunServices: [D3QB32.EXE] C:\WINDOWS\D3QB32.EXE /s
O4 - HKLM\..\RunServices: [ADDWP.EXE] C:\WINDOWS\SYSTEM\ADDWP.EXE /s
O4 - HKLM\..\RunServices: [JAVANP32.EXE] C:\WINDOWS\SYSTEM\JAVANP32.EXE /s
O4 - HKLM\..\RunServices: [ATLSF32.EXE] C:\WINDOWS\ATLSF32.EXE /s
O4 - HKLM\..\RunServices: [IPBX.EXE] C:\WINDOWS\SYSTEM\IPBX.EXE /s
O4 - HKLM\..\RunServices: [JAVAMY32.EXE] C:\WINDOWS\JAVAMY32.EXE /s
O4 - HKLM\..\RunServices: [IPZX32.EXE] C:\WINDOWS\SYSTEM\IPZX32.EXE /s
O4 - HKLM\..\RunServices: [IERF.EXE] C:\WINDOWS\SYSTEM\IERF.EXE /s
O4 - HKLM\..\RunServices: [MSHK32.EXE] C:\WINDOWS\MSHK32.EXE /s
O4 - HKLM\..\RunServices: [ATLOG.EXE] C:\WINDOWS\SYSTEM\ATLOG.EXE /s
O4 - HKLM\..\RunServices: [WINZC.EXE] C:\WINDOWS\WINZC.EXE /s
O4 - HKLM\..\RunServices: [CRGI.EXE] C:\WINDOWS\SYSTEM\CRGI.EXE /s
O4 - HKLM\..\RunServices: [D3MZ.EXE] C:\WINDOWS\SYSTEM\D3MZ.EXE /s
O4 - HKLM\..\RunServices: [JAVAOG.EXE] C:\WINDOWS\SYSTEM\JAVAOG.EXE /s
O4 - HKLM\..\RunServices: [CREM32.EXE] C:\WINDOWS\CREM32.EXE /s
O4 - HKLM\..\RunServices: [MFCTK.EXE] C:\WINDOWS\MFCTK.EXE /s
O4 - HKLM\..\RunServices: [ADDIO32.EXE] C:\WINDOWS\ADDIO32.EXE /s
O4 - HKLM\..\RunServices: [APIWO32.EXE] C:\WINDOWS\APIWO32.EXE /s
O4 - HKLM\..\RunServices: [SYSRQ32.EXE] C:\WINDOWS\SYSTEM\SYSRQ32.EXE /s
O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Pavsched.exe"
O4 - HKLM\..\RunServices: [PAVFIRES] C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O4 - HKLM\..\RunServices: [IEIG32.EXE] C:\WINDOWS\SYSTEM\IEIG32.EXE /s
O4 - HKLM\..\RunServices: [D3IL32.EXE] C:\WINDOWS\SYSTEM\D3IL32.EXE /s
O4 - HKLM\..\RunServices: [SYSCQ32.EXE] C:\WINDOWS\SYSTEM\SYSCQ32.EXE /s
O4 - HKLM\..\RunServices: [SYSZS32.EXE] C:\WINDOWS\SYSZS32.EXE /s
O4 - HKLM\..\RunServices: [MFCMS.EXE] C:\WINDOWS\SYSTEM\MFCMS.EXE /s
O4 - HKLM\..\RunServices: [NETGM.EXE] C:\WINDOWS\SYSTEM\NETGM.EXE /s
O4 - HKLM\..\RunServices: [SYSEQ.EXE] C:\WINDOWS\SYSTEM\SYSEQ.EXE /s
O4 - HKLM\..\RunServices: [MSRO32.EXE] C:\WINDOWS\SYSTEM\MSRO32.EXE /s
O4 - HKLM\..\RunServices: [WINPR32.EXE] C:\WINDOWS\SYSTEM\WINPR32.EXE /s
O4 - HKLM\..\RunServices: [CRCA32.EXE] C:\WINDOWS\SYSTEM\CRCA32.EXE /s
O4 - HKLM\..\RunServices: [IEVR.EXE] C:\WINDOWS\SYSTEM\IEVR.EXE /s
O4 - HKLM\..\RunServices: [SYSOF.EXE] C:\WINDOWS\SYSTEM\SYSOF.EXE /s
O4 - HKLM\..\RunServices: [IENB32.EXE] C:\WINDOWS\SYSTEM\IENB32.EXE /s
O4 - HKLM\..\RunServices: [APIQT32.EXE] C:\WINDOWS\SYSTEM\APIQT32.EXE /s
O4 - HKLM\..\RunServices: [MSTQ32.EXE] C:\WINDOWS\MSTQ32.EXE /s
O4 - HKLM\..\RunServices: [NTZI32.EXE] C:\WINDOWS\NTZI32.EXE /s
O4 - HKLM\..\RunServices: [ADDVE.EXE] C:\WINDOWS\ADDVE.EXE /s
O4 - HKLM\..\RunServices: [JAVAZZ.EXE] C:\WINDOWS\JAVAZZ.EXE /s
O4 - HKLM\..\RunServices: [IEFN32.EXE] C:\WINDOWS\IEFN32.EXE /s
O4 - HKLM\..\RunServices: [SDKNB32.EXE] C:\WINDOWS\SYSTEM\SDKNB32.EXE /s
O4 - HKLM\..\RunServices: [APIJT32.EXE] C:\WINDOWS\APIJT32.EXE /s
O4 - HKLM\..\RunServices: [JAVATK.EXE] C:\WINDOWS\SYSTEM\JAVATK.EXE /s
O4 - HKLM\..\RunServices: [APIEJ32.EXE] C:\WINDOWS\APIEJ32.EXE /s
O4 - HKLM\..\RunServices: [MFCNH32.EXE] C:\WINDOWS\SYSTEM\MFCNH32.EXE /s
O4 - HKLM\..\RunServices: [MSGP32.EXE] C:\WINDOWS\SYSTEM\MSGP32.EXE /s
O4 - HKLM\..\RunServices: [APIAA.EXE] C:\WINDOWS\APIAA.EXE /s
O4 - HKLM\..\RunServices: [JAVAKY32.EXE] C:\WINDOWS\SYSTEM\JAVAKY32.EXE /s
O4 - HKLM\..\RunServices: [CRAX32.EXE] C:\WINDOWS\CRAX32.EXE /s
O4 - HKLM\..\RunServices: [SDKWG32.EXE] C:\WINDOWS\SDKWG32.EXE /s
O4 - HKLM\..\RunServices: [SYSFZ32.EXE] C:\WINDOWS\SYSFZ32.EXE /s
O4 - HKLM\..\RunServices: [ADDWH32.EXE] C:\WINDOWS\ADDWH32.EXE /s
O4 - HKLM\..\RunServices: [D3YH32.EXE] C:\WINDOWS\D3YH32.EXE /s
O4 - HKLM\..\RunServices: [ATLQV.EXE] C:\WINDOWS\ATLQV.EXE /s
O4 - HKLM\..\RunServices: [NETAG.EXE] C:\WINDOWS\SYSTEM\NETAG.EXE /s
O4 - HKLM\..\RunServices: [NTVC.EXE] C:\WINDOWS\NTVC.EXE /s
O4 - HKLM\..\RunServices: [APPAL32.EXE] C:\WINDOWS\SYSTEM\APPAL32.EXE /s
O4 - HKLM\..\RunServices: [WINUI.EXE] C:\WINDOWS\WINUI.EXE /s
O4 - HKLM\..\RunServices: [MFCJS.EXE] C:\WINDOWS\MFCJS.EXE /s
O4 - HKLM\..\RunServices: [SDKXQ32.EXE] C:\WINDOWS\SYSTEM\SDKXQ32.EXE /s
O4 - HKLM\..\RunServices: [D3NZ32.EXE] C:\WINDOWS\SYSTEM\D3NZ32.EXE /s
O4 - HKLM\..\RunServices: [MFCXZ32.EXE] C:\WINDOWS\MFCXZ32.EXE /s
O4 - HKLM\..\RunServices: [D3EL32.EXE] C:\WINDOWS\SYSTEM\D3EL32.EXE /s
O4 - HKLM\..\RunServices: [SDKDZ.EXE] C:\WINDOWS\SDKDZ.EXE /s
O4 - HKLM\..\RunServices: [SDKQU32.EXE] C:\WINDOWS\SYSTEM\SDKQU32.EXE /s
O4 - HKLM\..\RunServices: [NTOX32.EXE] C:\WINDOWS\NTOX32.EXE /s
O4 - HKLM\..\RunServices: [WINTT32.EXE] C:\WINDOWS\WINTT32.EXE /s
O4 - HKLM\..\RunServices: [MSTK32.EXE] C:\WINDOWS\MSTK32.EXE /s
O4 - HKLM\..\RunServices: [NTXE32.EXE] C:\WINDOWS\NTXE32.EXE /s
O4 - HKLM\..\RunServices: [D3ZY.EXE] C:\WINDOWS\D3ZY.EXE /s
O4 - HKCU\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKCU\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://bin.wordsx.cc/aAXxX8XRsfReQWCsjYrS.chm::/on-line.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:\\MAIN.MHT!http://clean-thumbs.com//index//in//index.chm::/ad.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = TELEFONICA
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 80.58.0.33,80.58.32.97
O21 - SSODL: Sysctl Desktop Handler - {23456789-0000-0020-0900-00AAFF6D2EA4} - C:\WINDOWS\System32\NTOSV.DLL (file missing)