I downloaded this file (it was a subtitle for a movie). When I ran it, my NOD32 displayed a warning that the file was corrupted. So I asked the antivirus to erase the file. Immediately my Antivirus crashed and my Firewall was deactivated. I erased manually the file, activated back the firewall and tried to open the antivirus but couldn't.
After rebooting, I couldn't open my desktop because it took too long. I restarted in safemode, run a full antivirus scan in safemode and activated back the AV protection. Also I ran a full Windows Defender scan and noticed my HDD space was almost full (I had about 7 gigs free just a few hours ago).
I happened to notice this weird folder called: "HelpAssistant.KRAFTWERK" (KRAFTWERK is my pc's name).In this folder, there are numerous copies of my files, as well as thousands of shortcuts to pictures, documents or other folders. Every time I erase this folder, it is created again and keeps making shortcuts to my files until my HDD is full again. I guess this is also what makes my performance very low.
Also, I cannot access to IE or Messenger. Please help!
Actions I took:
*Full Virus Scan
*Full Windows Defender Scan
*Manually erase all .tmp files
*Manually erase "Helpassistan.KRAFTWERK" several times to avoid my HDD to get full
*Ran CW Shredder
*Ran Spybot Search & Destroy (updated, obviously)
*Ran Combofix (sorry I read I shouldn't have done this after I did it)
*Ran TFC
*Ran MBAM twice (renamed "Paquito.exe" to prevent it from not running)
*Ran RootRepeal
*Ran OTL
-------------
MBAM last Log:
Malwarebytes' Anti-Malware 1.41
Database version: 2911
Windows 5.1.2600 Service Pack 3
06/10/2009 3:01:39
mbam-log-2009-10-06 (03-01-39).txt
Scan type: Quick Scan
Objects scanned: 121269
Time elapsed: 17 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-------------------------
RootRepeal Log:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/06 03:11
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: 00000049
Image Path: \Driver\00000049
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA191000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B01000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8BF7000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x860558a0
#: 041 Function Name: NtCreateKey
Status: Hooked by "sptd.sys" at address 0xf73bbb3a
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf73bbc7e
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf73bbff6
#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf73bba18
#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x86054cb0
#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x860550d0
#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf73bc0c0
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf73bbf58
#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xf73bc148
#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x860556d0
#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x860554f0
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x86054ee0
#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x86055310
==EOF==
--------------------
OTL OTL Log
OTL logfile created on: 06/10/2009 3:16:30 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Aurelio\Mis documentos\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
1015,37 Mb Total Physical Memory | 468,71 Mb Available Physical Memory | 46,16% Memory free
2,38 Gb Paging File | 1,93 Gb Available in Paging File | 80,74% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 70,08 Gb Total Space | 5,20 Gb Free Space | 7,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 602,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KRAFTWERK
Current User Name: Aurelio
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Defender\MsMpEng.exe
PRC - [2004/09/08 00:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/08 00:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/08 00:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Bonjour\mDNSResponder.exe
PRC - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2004/09/08 00:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\ZcfgSvc.exe
PRC - [2008/04/14 04:18:57 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Java\jre6\bin\jqs.exe
PRC - [2005/06/09 16:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Archivos de programa\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
PRC - [2004/09/08 00:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/06/24 14:36:40 | 00,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/10/15 04:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/10/15 04:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2004/10/30 22:59:54 | 00,385,024 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2005/09/10 07:19:34 | 00,393,216 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/05/31 13:33:00 | 00,122,941 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2007/01/24 22:24:26 | 00,151,552 | ---- | M] () -- C:\WINDOWS\SQ931STI.EXE
PRC - [2009/03/27 17:29:39 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Defender\MSASCui.exe
PRC - [2005/10/15 04:46:24 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2006/04/06 10:51:04 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Archivos de programa\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Java\jre6\bin\jusched.exe
PRC - [2009/05/14 15:47:08 | 02,029,640 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2005/09/02 01:24:08 | 00,684,032 | ---- | M] () -- C:\Archivos de programa\Dell\QuickSet\Quickset.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\iTunes\iTunesHelper.exe
PRC - [2004/09/08 00:03:40 | 00,245,760 | ---- | M] (Intel) -- C:\Archivos de programa\Intel\Wireless\Bin\1XConfig.exe
PRC - [2009/05/09 19:37:50 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe
PRC - [2002/08/09 20:17:16 | 00,520,192 | ---- | M] (3M) -- C:\Archivos de programa\3M\PSN2Lite\Psn2Lite.exe
PRC - [2002/08/09 20:08:36 | 00,065,536 | ---- | M] (3M) -- C:\Archivos de programa\3M\PSN2Lite\PSNGive.exe
PRC - [2009/02/06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\iPod\bin\iPodService.exe
PRC - [2009/03/08 04:31:54 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
PRC - [2008/04/14 04:18:55 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwwin.exe
PRC - [2009/10/06 03:14:26 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aurelio\Mis documentos\Downloads\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2006/02/05 01:54:03 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/05/14 15:54:22 | 00,020,680 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2004/09/08 00:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 04:18:33 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 08:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/06/09 16:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Archivos de programa\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/08 00:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2004/09/08 00:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - File not found -- -- (sprtlisten [Auto | Stopped])
SRV - File not found -- -- (SupportSoft RemoteAssist [On_Demand | Stopped])
SRV - [2004/09/10 01:54:15 | 00,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv32.dll -- (TermService [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2004/09/08 00:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/11/03 18:02:00 | 00,916,480 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.1.7.159:8080
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ff [2009/06/11 03:24:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/19 15:50:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Archivos de programa\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {38D8BEB0-8E9C-48E2-B36E-759615F9930F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Dell QuickSet] C:\Archivos de programa\Dell\QuickSet\Quickset.exe ()
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Archivos de programa\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [egui] C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Archivos de programa\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Archivos de programa\Ringz Studio\Storm Codec\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SQ931STI] C:\WINDOWS\SQ931STI.EXE ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Archivos de programa\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Post-it® Software Notes Lite.lnk = C:\Archivos de programa\3M\PSN2Lite\Psn2Lite.exe (3M)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: banorte.com ([nbxi] https in Trusted sites)
O15 - HKCU\..Trusted Domains: banorte.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com.mx ([www.redbanorte] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 75 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://web.atar.rima...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Archivos de programa\Intel\Wireless\Bin\LgNotify.dll - C:\Archivos de programa\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Archivos de programa\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/10 01:57:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1997/09/30 18:53:54 | 00,000,000 | R--D | M] - E:\AUTORUN -- [ CDFS ]
O32 - AutoRun File - [1997/09/24 19:17:52 | 00,000,067 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{d93071dc-95d8-11da-9dc6-00142297beaf}\Shell - "" = AutoRun
O33 - MountPoints2\{d93071dc-95d8-11da-9dc6-00142297beaf}\Shell\AutoRun\command - "" = E:\autorun\autorun.exe -- [1997/09/10 18:52:00 | 00,214,016 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun\autorun.exe -- [1997/09/10 18:52:00 | 00,214,016 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/09/30 02:55:01 | 00,000,000 | ---D | C] -- C:\Archivos de programa\iPod
[2009/09/30 02:54:44 | 00,000,000 | ---D | C] -- C:\Archivos de programa\iTunes
[2009/10/06 00:35:45 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2009/10/05 01:39:09 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft
[2009/09/22 15:26:52 | 00,000,000 | ---D | C] -- C:\Archivos de programa\MSECache
[2009/10/06 00:35:57 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/06 00:35:47 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/06 00:18:23 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aurelio\Escritorio\TFC.exe
[2009/10/05 23:02:08 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/05 20:02:13 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/05 18:28:02 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/05 18:27:36 | 00,000,000 | ---D | C] -- C:\Qoobox
========== Files - Modified Within 14 Days ==========
[2009/10/06 03:07:36 | 00,000,344 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/06 03:05:01 | 00,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{01C92CC5-3263-4821-AE46-BD92BDA893C0}.job
[2009/10/06 03:04:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/06 03:04:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/06 03:03:58 | 10,647,63392 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/06 03:01:55 | 04,321,318 | -H-- | M] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\IconCache.db
[2009/10/06 00:36:02 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Paquito.lnk
[2009/10/06 00:18:33 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aurelio\Escritorio\TFC.exe
[2009/10/05 23:23:02 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/05 18:56:19 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/05 17:57:16 | 03,325,144 | R--- | M] () -- C:\Documents and Settings\Aurelio\Escritorio\ComboFix.exe
[2009/10/05 17:32:31 | 00,121,344 | ---- | M] () -- C:\Documents and Settings\Aurelio\Mis documentos\Gastos.xls
[2009/10/05 03:37:30 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/05 01:43:42 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/05 01:18:37 | 00,510,336 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2009/10/05 01:18:28 | 00,445,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/05 01:18:28 | 00,092,812 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2009/10/05 01:18:27 | 00,072,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/01 19:07:59 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Aurelio\Mis documentos\Gastos Piso 3.xls
[2009/09/30 19:46:35 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Aurelio\Mis documentos\Gastos Piso 2.xls
[2009/09/26 16:38:23 | 00,174,592 | ---- | M] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/22 23:08:26 | 00,242,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/22 15:35:33 | 00,055,352 | ---- | M] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT
========== Files - No Company Name ==========
[2009/10/06 01:47:33 | 10,647,63392 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/06 00:36:02 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Paquito.lnk
[2009/10/05 17:56:04 | 03,325,144 | R--- | C] () -- C:\Documents and Settings\Aurelio\Escritorio\ComboFix.exe
[2009/09/30 19:58:55 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Aurelio\Mis documentos\Gastos Piso 3.xls
[2009/09/09 16:04:07 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\keyfile3.drm
[2009/03/28 19:17:13 | 04,321,318 | -H-- | C] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\IconCache.db
[2006/02/21 03:48:50 | 00,055,352 | ---- | C] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT
[2006/02/05 05:55:21 | 00,031,736 | ---- | C] () -- C:\Documents and Settings\Aurelio\Datos de programa\GDIPFONTCACHEV1.DAT
[2006/02/04 20:39:33 | 00,174,592 | ---- | C] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/04 20:06:40 | 00,001,152 | ---- | C] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\FASTWiz.html
[2006/02/04 19:09:31 | 00,034,763 | ---- | C] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\FASTWiz.log
[2006/02/04 18:30:44 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Aurelio\Configuración local\Datos de programa\fusioncache.dat
[2006/02/04 18:30:44 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Aurelio\Datos de programa\desktop.ini
[2006/01/25 21:03:04 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Datos de programa\QSLLPSVCShare
[2004/09/10 01:49:50 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Datos de programa\desktop.ini
========== LOP Check ==========
[2009/09/14 17:32:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Datos de programa
[2009/03/13 11:00:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/14 17:34:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/12 18:03:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/02/05 02:31:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\ACD Systems
[2009/08/22 20:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\ESET
[2007/06/20 22:01:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Grisoft
[2006/01/25 20:58:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Intel
[2009/08/09 20:24:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\PopCap Games
[2008/06/27 04:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\sentinel
[2009/03/14 21:55:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\wmp
[2009/10/05 18:51:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Aurelio\Datos de programa
[2006/02/07 04:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\3M
[2006/02/05 02:54:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\ACD Systems
[2009/08/27 16:36:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\Bullzip
[2006/04/18 03:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\CyberLink
[2006/06/09 02:51:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\ICAClient
[2006/01/25 20:58:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\Intel
[2006/06/04 22:02:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\Ipswitch
[2006/02/06 23:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\Leadertech
[2009/09/25 12:15:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\LimeWire
[2006/02/04 19:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\MSN6
[2009/04/04 09:16:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\MSNInstaller
[2007/05/13 22:34:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\SecondLife
[2007/02/07 22:03:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\Teleca
[2006/02/05 04:43:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\Toshiba
[2009/07/06 12:44:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\U3
[2006/02/05 02:06:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\URUSoft
[2009/09/26 20:27:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aurelio\Datos de programa\uTorrent
[2009/09/18 16:46:03 | 00,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/20 20:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/06 03:07:36 | 00,000,344 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/10/06 03:04:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/06 03:05:01 | 00,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{01C92CC5-3263-4821-AE46-BD92BDA893C0}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32\eventlog.dll >
[2008/04/14 04:18:21 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
< %systemroot%\system32\scecli.dll >
[2008/04/14 04:18:35 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
< End of report >
--------------------
OTL Extras Log
OTL Extras logfile created on: 06/10/2009 3:16:30 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Aurelio\Mis documentos\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
1015,37 Mb Total Physical Memory | 468,71 Mb Available Physical Memory | 46,16% Memory free
2,38 Gb Paging File | 1,93 Gb Available in Paging File | 80,74% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 70,08 Gb Total Space | 5,20 Gb Free Space | 7,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 602,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KRAFTWERK
Current User Name: Aurelio
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Archivos de programa\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Archivos de programa\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"11999:TCP" = 11999:TCP:*:Enabled:Yahoo Games
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" = C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Archivos de programa\uTorrent\uTorrent.exe" = C:\Archivos de programa\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Archivos de programa\Bonjour\mDNSResponder.exe" = C:\Archivos de programa\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Archivos de programa\LimeWire\LimeWire.exe" = C:\Archivos de programa\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Archivos de programa\iTunes\iTunes.exe" = C:\Archivos de programa\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Archivos de programa\Skype\Phone\Skype.exe" = C:\Archivos de programa\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Configuración de la NIC interna
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{236E24F2-D767-406B-B2F0-892D3A0DEA4A}" = CAMARA PC-320395
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 15
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}" = ESET NOD32 Antivirus
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{381CC72A-6BC3-430a-A847-A7BCEB63A8A1}" = SPSS 13.0 for Windows
"{38A0481D-544D-4C01-BB32-39332391D012}" = Windows Live Call
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Los Sims 2
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{778D5912-DF4A-4019-A654-3505151D0756}" = Phantasy Star Online
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83169D43-4660-4347-BC95-E9D6E6BE65CE}" = Microsoft .NET Framework 1.1 Spanish Language Pack
"{853BAA28-5C1E-4678-ADAC-6A37B8A526AB}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0C0A-0000-0000000FF1CE}" = Paquete de compatibilidad para 2007 Office system
"{90170C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2172ACA-FFA8-4808-BD20-08565C7390F9}" = OGA Notifier 1.7.0105.35.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BD1BBE79-BB25-460D-A2BD-D496A5E13786}" = Windows Live Messenger
"{BD8C834E-CA7F-42E0-9860-3C2A33A0C694}" = Cliente de Windows Rights Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0CC7077-C5E9-4E4A-932A-919D34E1D9E5}" = SupportSoft ActiveX Controls 20071015 Cli
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = AstraPix PC100 PC Camera
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.865
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Coda" = Coda codec pack
"EAX Unified (SHELL)" = EAX Unified (SHELL)
"Fallout" = Fallout
"FINAL FANTASY VIII" = FINAL FANTASY VIII
"Flash Movie Player" = Flash Movie Player 1.4
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"hdot264" = hdot264 CODEC
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"InstallShield_{778D5912-DF4A-4019-A654-3505151D0756}" = Phantasy Star Online
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 5.2.13
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matroska Pack" = Matroska Pack (remove only)
"MetaFrame Presentation Server Web Client for Win32" = Cliente Web para Win32 de MetaFrame Presentation Server
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"Stella_is1" = Stella 2.1
"Storm Codec 5" = Storm Codec
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweak UI 2.10" = Tweak UI
"ViPlay" = URUSoft ViPlay
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05/10/2009 18:58:37 | Computer Name = KRAFTWERK | Source = Application Error | ID = 1000
Description = Aplicación con errores: mbam.exe, versión: 1.41.0.0, módulo con error:
unknown, versión 0.0.0.0, dirección de error 0x02429c01.
Error - 05/10/2009 19:01:35 | Computer Name = KRAFTWERK | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: mbam.exe, versión 1.41.0.0, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.
Error - 05/10/2009 19:01:37 | Computer Name = KRAFTWERK | Source = Application Error | ID = 1000
Description = Aplicación con errores: msfeedssync.exe, versión: 8.0.6001.18702,
módulo con error: unknown, versión 0.0.0.0, dirección de error 0x00fd9c01.
Error - 05/10/2009 19:07:11 | Computer Name = KRAFTWERK | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: mbam.exe, versión 1.41.0.0, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.
Error - 05/10/2009 19:32:07 | Computer Name = KRAFTWERK | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: mbam.exe, versión 1.41.0.0, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.
Error - 05/10/2009 19:50:27 | Computer Name = KRAFTWERK | Source = Application Error | ID = 1000
Description = Aplicación con errores: mbam.exe, versión: 1.41.0.0, módulo con error:
unknown, versión 0.0.0.0, dirección de error 0x02409c01.
Error - 05/10/2009 19:52:50 | Computer Name = KRAFTWERK | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: mbam.exe, versión 1.41.0.0, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.
Error - 05/10/2009 19:52:53 | Computer Name = KRAFTWERK | Source = Application Error | ID = 1000
Description = Aplicación con errores: msfeedssync.exe, versión: 8.0.6001.18702,
módulo con error: unknown, versión 0.0.0.0, dirección de error 0x00fd9c01.
Error - 05/10/2009 19:55:05 | Computer Name = KRAFTWERK | Source = Application Error | ID = 1000
Description = Aplicación con errores: msfeedssync.exe, versión: 8.0.6001.18702,
módulo con error: unknown, versión 0.0.0.0, dirección de error 0x00fc9c01.
Error - 05/10/2009 21:06:19 | Computer Name = KRAFTWERK | Source = Application Error | ID = 1000
Description = Aplicación con errores: msfeedssync.exe, versión: 8.0.6001.18702,
módulo con error: unknown, versión 0.0.0.0, dirección de error 0x00ec9c01.
[ System Events ]
Error - 05/10/2009 18:20:25 | Computer Name = KRAFTWERK | Source = Service Control Manager | ID = 7034
Description = El servicio Servicio del iPod se terminó de manera inesperada. Esto
ha sucedido 1 veces.
Error - 05/10/2009 18:26:36 | Computer Name = KRAFTWERK | Source = Service Control Manager | ID = 7000
Description = El servicio SupportSoft Listener Service no pudo iniciarse debido
al siguiente error: %%2
Error - 05/10/2009 18:51:51 | Computer Name = KRAFTWERK | Source = DCOM | ID = 10010
Description = El servidor {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} no se registró
con DCOM dentro del tiempo de espera requerido.
Error - 05/10/2009 18:57:23 | Computer Name = KRAFTWERK | Source = Service Control Manager | ID = 7000
Description = El servicio SupportSoft Listener Service no pudo iniciarse debido
al siguiente error: %%2
Error - 05/10/2009 19:34:40 | Computer Name = KRAFTWERK | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 05/10/2009 19:35:25 | Computer Name = KRAFTWERK | Source = Service Control Manager | ID = 7026
Description = El controlador de inicialización siguiente no se cargó correctamente:
APPDRV eeCtrl ehdrv Fips intelppm Tosrfcom
Error - 05/10/2009 19:37:45 | Computer Name = KRAFTWERK | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 05/10/2009 19:46:12 | Computer Name = KRAFTWERK | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 05/10/2009 19:47:45 | Computer Name = KRAFTWERK | Source = Service Control Manager | ID = 7000
Description = El servicio SupportSoft Listener Service no pudo iniciarse debido
al siguiente error: %%2
Error - 05/10/2009 21:04:15 | Computer Name = KRAFTWERK | Source = Service Control Manager | ID = 7000
Description = El servicio SupportSoft Listener Service no pudo iniciarse debido
al siguiente error: %%2
< End of report >
----------------
Thanks for your help and if you need me to generate any other kind of log just ask.
-Buho