Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Low performance, cannot open IE or Messenger, HDD space declining by r


  • Please log in to reply

#1
Buho

Buho

    New Member

  • Member
  • Pip
  • 2 posts
Hi, this is my first time in the forum. I always try to solve my problems without asking questions but this time I have a very complicated problem.

I downloaded this file (it was a subtitle for a movie). When I ran it, my NOD32 displayed a warning that the file was corrupted. So I asked the antivirus to erase the file. Immediately my Antivirus crashed and my Firewall was deactivated. I erased manually the file, activated back the firewall and tried to open the antivirus but couldn't.

After rebooting, I couldn't open my desktop because it took too long. I restarted in safemode, run a full antivirus scan in safemode and activated back the AV protection. Also I ran a full Windows Defender scan and noticed my HDD space was almost full (I had about 7 gigs free just a few hours ago).

I happened to notice this weird folder called: "HelpAssistant.KRAFTWERK" (KRAFTWERK is my pc's name).In this folder, there are numerous copies of my files, as well as thousands of shortcuts to pictures, documents or other folders. Every time I erase this folder, it is created again and keeps making shortcuts to my files until my HDD is full again. I guess this is also what makes my performance very low.

Also, I cannot access to IE or Messenger. Please help!

Actions I took:

*Full Virus Scan
*Full Windows Defender Scan
*Manually erase all .tmp files
*Manually erase "Helpassistan.KRAFTWERK" several times to avoid my HDD to get full
*Ran CW Shredder
*Ran Spybot Search & Destroy (updated, obviously)
*Ran Combofix (sorry I read I shouldn't have done this after I did it)
*Ran TFC
*Ran MBAM twice (renamed "Paquito.exe" to prevent it from not running)
*Ran RootRepeal
*Ran OTL

-------------
MBAM last Log:


Malwarebytes' Anti-Malware 1.41
Database version: 2911
Windows 5.1.2600 Service Pack 3

06/10/2009 3:01:39
mbam-log-2009-10-06 (03-01-39).txt

Scan type: Quick Scan
Objects scanned: 121269
Time elapsed: 17 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------
RootRepeal Log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/06 03:11
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 00000049
Image Path: \Driver\00000049
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA191000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B01000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8BF7000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x860558a0

#: 041 Function Name: NtCreateKey
Status: Hooked by "sptd.sys" at address 0xf73bbb3a

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf73bbc7e

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf73bbff6

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf73bba18

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x86054cb0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x860550d0

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf73bc0c0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf73bbf58

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xf73bc148

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x860556d0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x860554f0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x86054ee0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x86055310

==EOF==

--------------------
OTL OTL Log


OTL logfile created on: 06/10/2009 3:16:30 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Aurelio\Mis documentos\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1015,37 Mb Total Physical Memory | 468,71 Mb Available Physical Memory | 46,16% Memory free
2,38 Gb Paging File | 1,93 Gb Available in Paging File | 80,74% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 70,08 Gb Total Space | 5,20 Gb Free Space | 7,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 602,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRAFTWERK
Current User Name: Aurelio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Defender\MsMpEng.exe
PRC - [2004/09/08 00:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/08 00:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/08 00:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Bonjour\mDNSResponder.exe
PRC - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2004/09/08 00:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\ZcfgSvc.exe
PRC - [2008/04/14 04:18:57 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Java\jre6\bin\jqs.exe
PRC - [2005/06/09 16:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Archivos de programa\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
PRC - [2004/09/08 00:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/06/24 14:36:40 | 00,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/10/15 04:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/10/15 04:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2004/10/30 22:59:54 | 00,385,024 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2005/09/10 07:19:34 | 00,393,216 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/05/31 13:33:00 | 00,122,941 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2007/01/24 22:24:26 | 00,151,552 | ---- | M] () -- C:\WINDOWS\SQ931STI.EXE
PRC - [2009/03/27 17:29:39 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Defender\MSASCui.exe
PRC - [2005/10/15 04:46:24 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2006/04/06 10:51:04 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Archivos de programa\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Java\jre6\bin\jusched.exe
PRC - [2009/05/14 15:47:08 | 02,029,640 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2005/09/02 01:24:08 | 00,684,032 | ---- | M] () -- C:\Archivos de programa\Dell\QuickSet\Quickset.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\iTunes\iTunesHelper.exe
PRC - [2004/09/08 00:03:40 | 00,245,760 | ---- | M] (Intel) -- C:\Archivos de programa\Intel\Wireless\Bin\1XConfig.exe
PRC - [2009/05/09 19:37:50 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe
PRC - [2002/08/09 20:17:16 | 00,520,192 | ---- | M] (3M) -- C:\Archivos de programa\3M\PSN2Lite\Psn2Lite.exe
PRC - [2002/08/09 20:08:36 | 00,065,536 | ---- | M] (3M) -- C:\Archivos de programa\3M\PSN2Lite\PSNGive.exe
PRC - [2009/02/06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\iPod\bin\iPodService.exe
PRC - [2009/03/08 04:31:54 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
PRC - [2008/04/14 04:18:55 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwwin.exe
PRC - [2009/10/06 03:14:26 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aurelio\Mis documentos\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/02/05 01:54:03 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/05/14 15:54:22 | 00,020,680 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2004/09/08 00:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 04:18:33 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 08:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/06/09 16:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Archivos de programa\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/08 00:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2004/09/08 00:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - File not found -- -- (sprtlisten [Auto | Stopped])
SRV - File not found -- -- (SupportSoft RemoteAssist [On_Demand | Stopped])
SRV - [2004/09/10 01:54:15 | 00,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv32.dll -- (TermService [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2004/09/08 00:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/11/03 18:02:00 | 00,916,480 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.1.7.159:8080

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ff [2009/06/11 03:24:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/19 15:50:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Archivos de programa\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {38D8BEB0-8E9C-48E2-B36E-759615F9930F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Dell QuickSet] C:\Archivos de programa\Dell\QuickSet\Quickset.exe ()
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Archivos de programa\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [egui] C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Archivos de programa\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Archivos de programa\Ringz Studio\Storm Codec\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SQ931STI] C:\WINDOWS\SQ931STI.EXE ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Archivos de programa\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Post-it® Software Notes Lite.lnk = C:\Archivos de programa\3M\PSN2Lite\Psn2Lite.exe (3M)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: banorte.com ([nbxi] https in Trusted sites)
O15 - HKCU\..Trusted Domains: banorte.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com.mx ([www.redbanorte] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 75 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://web.atar.rima...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Archivos de programa\Intel\Wireless\Bin\LgNotify.dll - C:\Archivos de programa\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Archivos de programa\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/10 01:57:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1997/09/30 18:53:54 | 00,000,000 | R--D | M] - E:\AUTORUN -- [ CDFS ]
O32 - AutoRun File - [1997/09/24 19:17:52 | 00,000,067 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{d93071dc-95d8-11da-9dc6-00142297beaf}\Shell - "" = AutoRun
O33 - MountPoints2\{d93071dc-95d8-11da-9dc6-00142297beaf}\Shell\AutoRun\command - "" = E:\autorun\autorun.exe -- [1997/09/10 18:52:00 | 00,214,016 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun\autorun.exe -- [1997/09/10 18:52:00 | 00,214,016 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/09/30 02:55:01 | 00,000,000 | ---D | C] -- C:\Archivos de programa\iPod
[2009/09/30 02:54:44 | 00,000,000 | ---D | C] -- C:\Archivos de programa\iTunes
[2009/10/06 00:35:45 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2009/10/05 01:39:09 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft
[2009/09/22 15:26:52 | 00,000,000 | ---D | C] -- C:\Archivos de programa\MSECache
[2009/10/06 00:35:57 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/06 00:35:47 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/06 00:18:23 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aurelio\Escritorio\TFC.exe
[2009/10/05 23:02:08 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/05 20:02:13 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/05 18:28:02 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/05 18:27:36 | 00,000,000 | ---D | C] -- C:\Qoobox

========== Files - Modified Within 14 Days ==========

[2009/10/06 03:07:36 | 00,000,344 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/06 03:05:01 | 00,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{01C92CC5-3263-4821-AE46-BD92BDA893C0}.job
[2009/10/06 03:04:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/06 03:04:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/06 03:03:58 | 10,647,63392 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/06 03:01:55 | 04,321,318 | -H-- | M] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\IconCache.db
[2009/10/06 00:36:02 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Paquito.lnk
[2009/10/06 00:18:33 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aurelio\Escritorio\TFC.exe
[2009/10/05 23:23:02 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/05 18:56:19 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/05 17:57:16 | 03,325,144 | R--- | M] () -- C:\Documents and Settings\Aurelio\Escritorio\ComboFix.exe
[2009/10/05 17:32:31 | 00,121,344 | ---- | M] () -- C:\Documents and Settings\Aurelio\Mis documentos\Gastos.xls
[2009/10/05 03:37:30 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/05 01:43:42 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/05 01:18:37 | 00,510,336 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2009/10/05 01:18:28 | 00,445,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/05 01:18:28 | 00,092,812 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2009/10/05 01:18:27 | 00,072,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/01 19:07:59 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Aurelio\Mis documentos\Gastos Piso 3.xls
[2009/09/30 19:46:35 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Aurelio\Mis documentos\Gastos Piso 2.xls
[2009/09/26 16:38:23 | 00,174,592 | ---- | M] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/22 23:08:26 | 00,242,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/22 15:35:33 | 00,055,352 | ---- | M] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT

========== Files - No Company Name ==========
[2009/10/06 01:47:33 | 10,647,63392 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/06 00:36:02 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Paquito.lnk
[2009/10/05 17:56:04 | 03,325,144 | R--- | C] () -- C:\Documents and Settings\Aurelio\Escritorio\ComboFix.exe
[2009/09/30 19:58:55 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Aurelio\Mis documentos\Gastos Piso 3.xls
[2009/09/09 16:04:07 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\keyfile3.drm
[2009/03/28 19:17:13 | 04,321,318 | -H-- | C] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\IconCache.db
[2006/02/21 03:48:50 | 00,055,352 | ---- | C] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT
[2006/02/05 05:55:21 | 00,031,736 | ---- | C] () -- C:\Documents and Settings\Aurelio\Datos de programa\GDIPFONTCACHEV1.DAT
[2006/02/04 20:39:33 | 00,174,592 | ---- | C] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/04 20:06:40 | 00,001,152 | ---- | C] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\FASTWiz.html
[2006/02/04 19:09:31 | 00,034,763 | ---- | C] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\FASTWiz.log
[2006/02/04 18:30:44 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\fusioncache.dat
[2006/02/04 18:30:44 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Aurelio\Datos de programa\desktop.ini
[2006/01/25 21:03:04 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Datos de programa\QSLLPSVCShare
[2004/09/10 01:49:50 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Datos de programa\desktop.ini

========== LOP Check ==========

[2009/09/14 17:32:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Datos de programa
[2009/03/13 11:00:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/14 17:34:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/12 18:03:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/02/05 02:31:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\ACD Systems
[2009/08/22 20:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\ESET
[2007/06/20 22:01:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Grisoft
[2006/01/25 20:58:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Intel
[2009/08/09 20:24:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\PopCap Games
[2008/06/27 04:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\sentinel
[2009/03/14 21:55:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\wmp
[2009/10/05 18:51:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Aurelio\Datos de programa
[2006/02/07 04:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\3M
[2006/02/05 02:54:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\ACD Systems
[2009/08/27 16:36:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\Bullzip
[2006/04/18 03:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\CyberLink
[2006/06/09 02:51:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\ICAClient
[2006/01/25 20:58:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\Intel
[2006/06/04 22:02:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\Ipswitch
[2006/02/06 23:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\Leadertech
[2009/09/25 12:15:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\LimeWire
[2006/02/04 19:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\MSN6
[2009/04/04 09:16:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\MSNInstaller
[2007/05/13 22:34:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\SecondLife
[2007/02/07 22:03:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\Teleca
[2006/02/05 04:43:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\Toshiba
[2009/07/06 12:44:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\U3
[2006/02/05 02:06:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\URUSoft
[2009/09/26 20:27:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\uTorrent
[2009/09/18 16:46:03 | 00,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/20 20:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/06 03:07:36 | 00,000,344 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/10/06 03:04:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/06 03:05:01 | 00,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{01C92CC5-3263-4821-AE46-BD92BDA893C0}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/14 04:18:21 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 04:18:35 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >

--------------------
OTL Extras Log

OTL Extras logfile created on: 06/10/2009 3:16:30 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Aurelio\Mis documentos\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1015,37 Mb Total Physical Memory | 468,71 Mb Available Physical Memory | 46,16% Memory free
2,38 Gb Paging File | 1,93 Gb Available in Paging File | 80,74% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 70,08 Gb Total Space | 5,20 Gb Free Space | 7,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 602,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRAFTWERK
Current User Name: Aurelio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Archivos de programa\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Archivos de programa\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"11999:TCP" = 11999:TCP:*:Enabled:Yahoo Games
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" = C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Archivos de programa\uTorrent\uTorrent.exe" = C:\Archivos de programa\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Archivos de programa\Bonjour\mDNSResponder.exe" = C:\Archivos de programa\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Archivos de programa\LimeWire\LimeWire.exe" = C:\Archivos de programa\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Archivos de programa\iTunes\iTunes.exe" = C:\Archivos de programa\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Archivos de programa\Skype\Phone\Skype.exe" = C:\Archivos de programa\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Configuración de la NIC interna
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{236E24F2-D767-406B-B2F0-892D3A0DEA4A}" = CAMARA PC-320395
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}" = ESET NOD32 Antivirus
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{381CC72A-6BC3-430a-A847-A7BCEB63A8A1}" = SPSS 13.0 for Windows
"{38A0481D-544D-4C01-BB32-39332391D012}" = Windows Live Call
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Los Sims 2
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{778D5912-DF4A-4019-A654-3505151D0756}" = Phantasy Star Online
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83169D43-4660-4347-BC95-E9D6E6BE65CE}" = Microsoft .NET Framework 1.1 Spanish Language Pack
"{853BAA28-5C1E-4678-ADAC-6A37B8A526AB}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0C0A-0000-0000000FF1CE}" = Paquete de compatibilidad para 2007 Office system
"{90170C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2172ACA-FFA8-4808-BD20-08565C7390F9}" = OGA Notifier 1.7.0105.35.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BD1BBE79-BB25-460D-A2BD-D496A5E13786}" = Windows Live Messenger
"{BD8C834E-CA7F-42E0-9860-3C2A33A0C694}" = Cliente de Windows Rights Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0CC7077-C5E9-4E4A-932A-919D34E1D9E5}" = SupportSoft ActiveX Controls 20071015 Cli
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = AstraPix PC100 PC Camera
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.865
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Coda" = Coda codec pack
"EAX™ Unified (SHELL)" = EAX™ Unified (SHELL)
"Fallout" = Fallout
"FINAL FANTASY VIII" = FINAL FANTASY VIII
"Flash Movie Player" = Flash Movie Player 1.4
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"hdot264" = hdot264 CODEC
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"InstallShield_{778D5912-DF4A-4019-A654-3505151D0756}" = Phantasy Star Online
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 5.2.13
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matroska Pack" = Matroska Pack (remove only)
"MetaFrame Presentation Server Web Client for Win32" = Cliente Web para Win32 de MetaFrame Presentation Server
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"Stella_is1" = Stella 2.1
"Storm Codec 5" = Storm Codec
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweak UI 2.10" = Tweak UI
"ViPlay" = URUSoft ViPlay
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/10/2009 18:58:37 | Computer Name = KRAFTWERK | Source = Application Error | ID = 1000
Description = Aplicación con errores: mbam.exe, versión: 1.41.0.0, módulo con error:
unknown, versión 0.0.0.0, dirección de error 0x02429c01.

Error - 05/10/2009 19:01:35 | Computer Name = KRAFTWERK | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: mbam.exe, versión 1.41.0.0, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 05/10/2009 19:01:37 | Computer Name = KRAFTWERK | Source = Application Error | ID = 1000
Description = Aplicación con errores: msfeedssync.exe, versión: 8.0.6001.18702,
módulo con error: unknown, versión 0.0.0.0, dirección de error 0x00fd9c01.

Error - 05/10/2009 19:07:11 | Computer Name = KRAFTWERK | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: mbam.exe, versión 1.41.0.0, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 05/10/2009 19:32:07 | Computer Name = KRAFTWERK | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: mbam.exe, versión 1.41.0.0, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 05/10/2009 19:50:27 | Computer Name = KRAFTWERK | Source = Application Error | ID = 1000
Description = Aplicación con errores: mbam.exe, versión: 1.41.0.0, módulo con error:
unknown, versión 0.0.0.0, dirección de error 0x02409c01.

Error - 05/10/2009 19:52:50 | Computer Name = KRAFTWERK | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: mbam.exe, versión 1.41.0.0, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 05/10/2009 19:52:53 | Computer Name = KRAFTWERK | Source = Application Error | ID = 1000
Description = Aplicación con errores: msfeedssync.exe, versión: 8.0.6001.18702,
módulo con error: unknown, versión 0.0.0.0, dirección de error 0x00fd9c01.

Error - 05/10/2009 19:55:05 | Computer Name = KRAFTWERK | Source = Application Error | ID = 1000
Description = Aplicación con errores: msfeedssync.exe, versión: 8.0.6001.18702,
módulo con error: unknown, versión 0.0.0.0, dirección de error 0x00fc9c01.

Error - 05/10/2009 21:06:19 | Computer Name = KRAFTWERK | Source = Application Error | ID = 1000
Description = Aplicación con errores: msfeedssync.exe, versión: 8.0.6001.18702,
módulo con error: unknown, versión 0.0.0.0, dirección de error 0x00ec9c01.

[ System Events ]
Error - 05/10/2009 18:20:25 | Computer Name = KRAFTWERK | Source = Service Control Manager | ID = 7034
Description = El servicio Servicio del iPod se terminó de manera inesperada. Esto
ha sucedido 1 veces.

Error - 05/10/2009 18:26:36 | Computer Name = KRAFTWERK | Source = Service Control Manager | ID = 7000
Description = El servicio SupportSoft Listener Service no pudo iniciarse debido
al siguiente error: %%2

Error - 05/10/2009 18:51:51 | Computer Name = KRAFTWERK | Source = DCOM | ID = 10010
Description = El servidor {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} no se registró
con DCOM dentro del tiempo de espera requerido.

Error - 05/10/2009 18:57:23 | Computer Name = KRAFTWERK | Source = Service Control Manager | ID = 7000
Description = El servicio SupportSoft Listener Service no pudo iniciarse debido
al siguiente error: %%2

Error - 05/10/2009 19:34:40 | Computer Name = KRAFTWERK | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05/10/2009 19:35:25 | Computer Name = KRAFTWERK | Source = Service Control Manager | ID = 7026
Description = El controlador de inicialización siguiente no se cargó correctamente:
APPDRV eeCtrl ehdrv Fips intelppm Tosrfcom

Error - 05/10/2009 19:37:45 | Computer Name = KRAFTWERK | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/10/2009 19:46:12 | Computer Name = KRAFTWERK | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05/10/2009 19:47:45 | Computer Name = KRAFTWERK | Source = Service Control Manager | ID = 7000
Description = El servicio SupportSoft Listener Service no pudo iniciarse debido
al siguiente error: %%2

Error - 05/10/2009 21:04:15 | Computer Name = KRAFTWERK | Source = Service Control Manager | ID = 7000
Description = El servicio SupportSoft Listener Service no pudo iniciarse debido
al siguiente error: %%2


< End of report >

----------------


Thanks for your help and if you need me to generate any other kind of log just ask.


-Buho
  • 0

Advertisements


#2
Buho

Buho

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
SOLVED!

Ran Dr. Web Cureit full scan on Safe Mode. Detected and quarentine: Backdoor.Maos Boot

To solve the HDD decrease I had to disable Helpassistant User also on Safe Mode (could not do this on normal screen).


-Buho
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP