Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Start Menu doesn't work. Neither any window


  • Please log in to reply

#1
Espirales

Espirales

    Member

  • Member
  • PipPip
  • 13 posts
Need lots of help... :D

Well as the title says, the Start folder Menu doesn't work and if I click on any of the explorer windows I can't get them to work neither. That is, I can't click on the tools, the arrows in the sidebar, click on the icons, or even minimize it or close it. The very same applies to my browser, Firefox in this case.

But if I click Ctrl+Alt+Supr and open the Task Manager, I can get them to work for a little while (that's how I got to write this XD) but it only takes a few clicks on either the toolbar, links, tabs, icons or pretty much anywhere to go dead once again. After a while, the whole things just spasms and I have to restart the PC.

Strange thing as well: I can't move/arrange the icons in my desktop.

Thus, under such horrible circumstances I need some help from the experts. Any help will be greatly appreciated...


I already followed the guide posted up there (with the exception of the very first one, since my comp spasmed everytime I tried running the TFC) and here are my logs:


Malwarebytes Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4674

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2010-09-23 00:20:08
mbam-log-2010-09-23 (00-20-08).txt

Scan type: Quick scan
Objects scanned: 157767
Time elapsed: 15 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 8
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig (Windows.Tool.Disabled) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Archivos de programa\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Archivos de programa\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Archivos de programa\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Archivos de programa\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Archivos de programa\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Archivos de programa\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Archivos de programa\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Archivos de programa\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Archivos de programa\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Archivos de programa\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Archivos de programa\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Archivos de programa\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.



GMER Log:



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-23 01:30:24
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\CONFIG~1\Temp\kfloyfob.sys


---- System - GMER 1.0.15 ----

SSDT            spbo.sys                                                                                                                                             ZwCreateKey [0xF747C0E0]
SSDT            spbo.sys                                                                                                                                             ZwEnumerateKey [0xF749ACA2]
SSDT            spbo.sys                                                                                                                                             ZwEnumerateValueKey [0xF749B030]
SSDT            spbo.sys                                                                                                                                             ZwOpenKey [0xF747C0C0]
SSDT            spbo.sys                                                                                                                                             ZwQueryKey [0xF749B108]
SSDT            spbo.sys                                                                                                                                             ZwQueryValueKey [0xF749AF88]
SSDT            spbo.sys                                                                                                                                             ZwSetValueKey [0xF749B19A]
SSDT            \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Process Protection driver/Panda Software International)                                           ZwTerminateProcess [0xEEB224B2]
SSDT            \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Process Protection driver/Panda Software International)                                           ZwTerminateThread [0xEEB21D72]

INT 0x62        ?                                                                                                                                                    863D8BF8
INT 0x73        ?                                                                                                                                                    863D8BF8
INT 0x83        ?                                                                                                                                                    863D8BF8
INT 0x83        ?                                                                                                                                                    863D8BF8
INT 0xB4        ?                                                                                                                                                    861CAF00
INT 0xB4        ?                                                                                                                                                    861CAF00
INT 0xB4        ?                                                                                                                                                    861CAF00
INT 0xB4        ?                                                                                                                                                    861CAF00

---- Kernel code sections - GMER 1.0.15 ----

?               spbo.sys                                                                                                                                             El sistema no puede hallar el archivo especificado. !
.text           USBPORT.SYS!DllUnload                                                                                                                                F65D68AC 5 Bytes  JMP 861CA4E0 
.text           a3vxplbv.SYS                                                                                                                                         F640F386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text           a3vxplbv.SYS                                                                                                                                         F640F3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text           a3vxplbv.SYS                                                                                                                                         F640F3C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text           a3vxplbv.SYS                                                                                                                                         F640F3C9 1 Byte  [2E]
.text           a3vxplbv.SYS                                                                                                                                         F640F3C9 11 Bytes  [2E, 00, 00, 00, 5A, 02, 00, ...]
.text           ...                                                                                                                                                  
?               C:\WINDOWS\system32\PavTPK.sys                                                                                                                       El sistema no puede hallar el archivo especificado. !
?               C:\WINDOWS\system32\PavSRK.sys                                                                                                                       El sistema no puede hallar el archivo especificado. !
?               system32\drivers\av5flt.sys                                                                                                                          El sistema no puede hallar la ruta especificada. !
?               C:\WINDOWS\system32\DRIVERS\COMFiltr.sys                                                                                                             El sistema no puede hallar el archivo especificado. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtClose                                                       7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtClose + 4                                                   7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtCreateFile                                                  7C91D0AE 1 Byte  [FF]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtCreateFile                                                  7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtCreateFile + 4                                              7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtCreateKey                                                   7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtCreateKey + 4                                               7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtDeleteFile                                                  7C91D23E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtDeleteFile + 4                                              7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtDeleteKey                                                   7C91D24E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtDeleteKey + 4                                               7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtDeleteValueKey                                              7C91D26E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtDeleteValueKey + 4                                          7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtDuplicateObject                                             7C91D29E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtDuplicateObject + 4                                         7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtEnumerateKey                                                7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtEnumerateKey + 4                                            7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtEnumerateValueKey                                           7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtEnumerateValueKey + 4                                       7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtOpenFile                                                    7C91D59E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtOpenFile + 4                                                7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtQueryMultipleValueKey                                       7C91D86E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtQueryMultipleValueKey + 4                                   7C91D872 2 Bytes  [62, 5F]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtQueryValueKey                                               7C91D96E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtQueryValueKey + 4                                           7C91D972 2 Bytes  [65, 5F]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtReadFile                                                    7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtReadFile + 4                                                7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtSetInformationFile                                          7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtSetInformationFile + 4                                      7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtSetValueKey                                                 7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtSetValueKey + 4                                             7C91DDD2 2 Bytes  [68, 5F]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtUnloadKey                                                   7C91DECE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtUnloadKey + 4                                               7C91DED2 2 Bytes  [6B, 5F]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtWriteFile                                                   7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!NtWriteFile + 4                                               7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!LdrLoadDll                                                    7C9263C3 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ntdll.dll!LdrLoadDll + 4                                                7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] kernel32.dll!TerminateProcess                                           7C801E1A 6 Bytes  JMP 5F310F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] kernel32.dll!WriteProcessMemory                                         7C802213 6 Bytes  JMP 5F370F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] kernel32.dll!CreateFileMappingW                                         7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] kernel32.dll!MapViewOfFileEx                                            7C80B936 6 Bytes  JMP 5F340F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] kernel32.dll!CreateRemoteThread                                         7C8104CC 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] kernel32.dll!CreateRemoteThread + 4                                     7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] kernel32.dll!CreateProcessInternalW                                     7C8197B0 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] kernel32.dll!CreateProcessInternalW + 4                                 7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] kernel32.dll!MoveFileWithProgressW                                      7C81F72E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] kernel32.dll!MoveFileWithProgressW + 4                                  7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] kernel32.dll!CopyFileExW                                                7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] USER32.dll!DispatchMessageW                                             7E398A01 6 Bytes  JMP 5FA90F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] USER32.dll!TranslateMessage                                             7E398BF6 6 Bytes  JMP 5F940F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] USER32.dll!DispatchMessageA                                             7E3996B8 6 Bytes  JMP 5F910F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] USER32.dll!CreateAcceleratorTableW                                      7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] USER32.dll!CreateAcceleratorTableW + 4                                  7E39D9BF 2 Bytes  [A4, 5F] {MOVSB ; POP EDI}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] USER32.dll!SetWindowsHookExW                                            7E3A820F 6 Bytes  JMP 5FA60F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] USER32.dll!GetKeyState                                                  7E3A9ED9 6 Bytes  JMP 5FA00F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] USER32.dll!GetAsyncKeyState                                             7E3AA78F 6 Bytes  JMP 5F970F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] USER32.dll!BeginDeferWindowPos                                          7E3AAFB9 6 Bytes  JMP 5F8E0F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] USER32.dll!GetKeyboardState                                             7E3AD226 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] USER32.dll!GetKeyboardState + 4                                         7E3AD22A 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] USER32.dll!SetWindowsHookExA                                            7E3B1211 6 Bytes  JMP 5F8B0F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] USER32.dll!AttachThreadInput                                            7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] USER32.dll!AttachThreadInput + 4                                        7E3B1E56 2 Bytes  [9B, 5F] {WAIT ; POP EDI}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ADVAPI32.dll!CloseServiceHandle                                         77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ADVAPI32.dll!OpenServiceW                                               77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ADVAPI32.dll!StartServiceA                                              77DBFB58 6 Bytes  JMP 5F250F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ADVAPI32.dll!StartServiceW                                              77DC3E94 6 Bytes  JMP 5F280F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ADVAPI32.dll!ControlService                                             77DC4A09 6 Bytes  JMP 5F130F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ADVAPI32.dll!OpenServiceA                                               77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ADVAPI32.dll!LsaAddAccountRights                                        77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ADVAPI32.dll!LsaRemoveAccountRights                                     77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ADVAPI32.dll!ChangeServiceConfigA                                       77E06E69 6 Bytes  JMP 5F040F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ADVAPI32.dll!ChangeServiceConfigW                                       77E07001 6 Bytes  JMP 5F070F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ADVAPI32.dll!ChangeServiceConfig2A                                      77E07101 6 Bytes  JMP 5F0A0F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ADVAPI32.dll!ChangeServiceConfig2W                                      77E07189 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ADVAPI32.dll!ChangeServiceConfig2W + 4                                  77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ADVAPI32.dll!CreateServiceA                                             77E07211 6 Bytes  JMP 5F160F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ADVAPI32.dll!CreateServiceW                                             77E073A9 6 Bytes  JMP 5F190F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ADVAPI32.dll!DeleteService                                              77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ole32.dll!CoCreateInstanceEx                                            774D0526 6 Bytes  JMP 5F880F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ole32.dll!CoGetClassObject                                              774E56C5 6 Bytes  JMP 5F850F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ole32.dll!CLSIDFromProgID                                               774E87F2 6 Bytes  JMP 5F820F5A 
.text           C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe[136] ole32.dll!CLSIDFromProgIDEx                                             7752620D 6 Bytes  JMP 5F7F0F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtClose                                                         7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtClose + 4                                                     7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtCreateFile                                                    7C91D0AE 1 Byte  [FF]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtCreateFile                                                    7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtCreateFile + 4                                                7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtCreateKey                                                     7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtCreateKey + 4                                                 7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtDeleteFile                                                    7C91D23E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtDeleteFile + 4                                                7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtDeleteKey                                                     7C91D24E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtDeleteKey + 4                                                 7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtDeleteValueKey                                                7C91D26E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtDeleteValueKey + 4                                            7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtDuplicateObject                                               7C91D29E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtDuplicateObject + 4                                           7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtEnumerateKey                                                  7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtEnumerateKey + 4                                              7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtEnumerateValueKey                                             7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtEnumerateValueKey + 4                                         7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtOpenFile                                                      7C91D59E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtOpenFile + 4                                                  7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtQueryMultipleValueKey                                         7C91D86E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtQueryMultipleValueKey + 4                                     7C91D872 2 Bytes  [62, 5F]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtQueryValueKey                                                 7C91D96E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtQueryValueKey + 4                                             7C91D972 2 Bytes  [65, 5F]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtReadFile                                                      7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtReadFile + 4                                                  7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtSetInformationFile                                            7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtSetInformationFile + 4                                        7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtSetValueKey                                                   7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtSetValueKey + 4                                               7C91DDD2 2 Bytes  [68, 5F]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtUnloadKey                                                     7C91DECE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtUnloadKey + 4                                                 7C91DED2 2 Bytes  [6B, 5F]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtWriteFile                                                     7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!NtWriteFile + 4                                                 7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!LdrLoadDll                                                      7C9263C3 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ntdll.dll!LdrLoadDll + 4                                                  7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] kernel32.dll!TerminateProcess                                             7C801E1A 6 Bytes  JMP 5F310F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] kernel32.dll!WriteProcessMemory                                           7C802213 6 Bytes  JMP 5F370F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] kernel32.dll!CreateFileMappingW                                           7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] kernel32.dll!MapViewOfFileEx                                              7C80B936 6 Bytes  JMP 5F340F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] kernel32.dll!CreateRemoteThread                                           7C8104CC 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] kernel32.dll!CreateRemoteThread + 4                                       7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] kernel32.dll!CreateProcessInternalW                                       7C8197B0 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] kernel32.dll!CreateProcessInternalW + 4                                   7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] kernel32.dll!MoveFileWithProgressW                                        7C81F72E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] kernel32.dll!MoveFileWithProgressW + 4                                    7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] kernel32.dll!CopyFileExW                                                  7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ADVAPI32.dll!CloseServiceHandle                                           77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ADVAPI32.dll!OpenServiceW                                                 77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ADVAPI32.dll!StartServiceA                                                77DBFB58 6 Bytes  JMP 5F250F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ADVAPI32.dll!StartServiceW                                                77DC3E94 6 Bytes  JMP 5F280F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ADVAPI32.dll!ControlService                                               77DC4A09 6 Bytes  JMP 5F130F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ADVAPI32.dll!OpenServiceA                                                 77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ADVAPI32.dll!LsaAddAccountRights                                          77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ADVAPI32.dll!LsaRemoveAccountRights                                       77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 6 Bytes  JMP 5F040F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 6 Bytes  JMP 5F070F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 6 Bytes  JMP 5F0A0F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ADVAPI32.dll!ChangeServiceConfig2W + 4                                    77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ADVAPI32.dll!CreateServiceA                                               77E07211 6 Bytes  JMP 5F160F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ADVAPI32.dll!CreateServiceW                                               77E073A9 6 Bytes  JMP 5F190F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ADVAPI32.dll!DeleteService                                                77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] USER32.dll!DispatchMessageW                                               7E398A01 6 Bytes  JMP 5FA90F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] USER32.dll!TranslateMessage                                               7E398BF6 6 Bytes  JMP 5F940F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] USER32.dll!DispatchMessageA                                               7E3996B8 6 Bytes  JMP 5F910F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] USER32.dll!CreateAcceleratorTableW                                        7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] USER32.dll!CreateAcceleratorTableW + 4                                    7E39D9BF 2 Bytes  [A4, 5F] {MOVSB ; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] USER32.dll!SetWindowsHookExW                                              7E3A820F 6 Bytes  JMP 5FA60F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] USER32.dll!GetKeyState                                                    7E3A9ED9 6 Bytes  JMP 5FA00F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] USER32.dll!GetAsyncKeyState                                               7E3AA78F 6 Bytes  JMP 5F970F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] USER32.dll!BeginDeferWindowPos                                            7E3AAFB9 6 Bytes  JMP 5F8E0F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] USER32.dll!GetKeyboardState                                               7E3AD226 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] USER32.dll!GetKeyboardState + 4                                           7E3AD22A 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] USER32.dll!SetWindowsHookExA                                              7E3B1211 6 Bytes  JMP 5F8B0F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] USER32.dll!AttachThreadInput                                              7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] USER32.dll!AttachThreadInput + 4                                          7E3B1E56 2 Bytes  [9B, 5F] {WAIT ; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ole32.dll!CoCreateInstanceEx                                              774D0526 6 Bytes  JMP 5F880F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ole32.dll!CoGetClassObject                                                774E56C5 6 Bytes  JMP 5F850F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ole32.dll!CLSIDFromProgID                                                 774E87F2 6 Bytes  JMP 5F820F5A 
.text           C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe[252] ole32.dll!CLSIDFromProgIDEx                                               7752620D 6 Bytes  JMP 5F7F0F5A 
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtClose                                                                                                             7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtClose + 4                                                                                                         7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtCreateFile                                                                                                        7C91D0AE 1 Byte  [FF]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtCreateFile                                                                                                        7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtCreateFile + 4                                                                                                    7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtCreateKey                                                                                                         7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtCreateKey + 4                                                                                                     7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtDeleteFile                                                                                                        7C91D23E 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtDeleteFile + 4                                                                                                    7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtDeleteKey                                                                                                         7C91D24E 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtDeleteKey + 4                                                                                                     7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtDeleteValueKey                                                                                                    7C91D26E 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtDeleteValueKey + 4                                                                                                7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtDuplicateObject                                                                                                   7C91D29E 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtDuplicateObject + 4                                                                                               7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtEnumerateKey                                                                                                      7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtEnumerateKey + 4                                                                                                  7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtEnumerateValueKey                                                                                                 7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtEnumerateValueKey + 4                                                                                             7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtOpenFile                                                                                                          7C91D59E 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtOpenFile + 4                                                                                                      7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtQueryMultipleValueKey                                                                                             7C91D86E 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtQueryMultipleValueKey + 4                                                                                         7C91D872 2 Bytes  [62, 5F]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtQueryValueKey                                                                                                     7C91D96E 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtQueryValueKey + 4                                                                                                 7C91D972 2 Bytes  [65, 5F]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtReadFile                                                                                                          7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtReadFile + 4                                                                                                      7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtSetInformationFile                                                                                                7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtSetInformationFile + 4                                                                                            7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtSetValueKey                                                                                                       7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtSetValueKey + 4                                                                                                   7C91DDD2 2 Bytes  [68, 5F]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtUnloadKey                                                                                                         7C91DECE 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtUnloadKey + 4                                                                                                     7C91DED2 2 Bytes  [6B, 5F]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtWriteFile                                                                                                         7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!NtWriteFile + 4                                                                                                     7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!LdrLoadDll                                                                                                          7C9263C3 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ntdll.dll!LdrLoadDll + 4                                                                                                      7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\HP\KBD\KBD.EXE[320] kernel32.dll!TerminateProcess                                                                                                 7C801E1A 6 Bytes  JMP 5F310F5A 
.text           C:\HP\KBD\KBD.EXE[320] kernel32.dll!WriteProcessMemory                                                                                               7C802213 6 Bytes  JMP 5F370F5A 
.text           C:\HP\KBD\KBD.EXE[320] kernel32.dll!CreateFileMappingW                                                                                               7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           C:\HP\KBD\KBD.EXE[320] kernel32.dll!MapViewOfFileEx                                                                                                  7C80B936 6 Bytes  JMP 5F340F5A 
.text           C:\HP\KBD\KBD.EXE[320] kernel32.dll!CreateRemoteThread                                                                                               7C8104CC 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] kernel32.dll!CreateRemoteThread + 4                                                                                           7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           C:\HP\KBD\KBD.EXE[320] kernel32.dll!CreateProcessInternalW                                                                                           7C8197B0 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] kernel32.dll!CreateProcessInternalW + 4                                                                                       7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           C:\HP\KBD\KBD.EXE[320] kernel32.dll!MoveFileWithProgressW                                                                                            7C81F72E 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] kernel32.dll!MoveFileWithProgressW + 4                                                                                        7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\HP\KBD\KBD.EXE[320] kernel32.dll!CopyFileExW                                                                                                      7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           C:\HP\KBD\KBD.EXE[320] USER32.dll!DispatchMessageW                                                                                                   7E398A01 6 Bytes  JMP 5FA90F5A 
.text           C:\HP\KBD\KBD.EXE[320] USER32.dll!TranslateMessage                                                                                                   7E398BF6 6 Bytes  JMP 5F940F5A 
.text           C:\HP\KBD\KBD.EXE[320] USER32.dll!DispatchMessageA                                                                                                   7E3996B8 6 Bytes  JMP 5F910F5A 
.text           C:\HP\KBD\KBD.EXE[320] USER32.dll!CreateAcceleratorTableW                                                                                            7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] USER32.dll!CreateAcceleratorTableW + 4                                                                                        7E39D9BF 2 Bytes  [A4, 5F] {MOVSB ; POP EDI}
.text           C:\HP\KBD\KBD.EXE[320] USER32.dll!SetWindowsHookExW                                                                                                  7E3A820F 6 Bytes  JMP 5FA60F5A 
.text           C:\HP\KBD\KBD.EXE[320] USER32.dll!GetKeyState                                                                                                        7E3A9ED9 6 Bytes  JMP 5FA00F5A 
.text           C:\HP\KBD\KBD.EXE[320] USER32.dll!GetAsyncKeyState                                                                                                   7E3AA78F 6 Bytes  JMP 5F970F5A 
.text           C:\HP\KBD\KBD.EXE[320] USER32.dll!BeginDeferWindowPos                                                                                                7E3AAFB9 6 Bytes  JMP 5F8E0F5A 
.text           C:\HP\KBD\KBD.EXE[320] USER32.dll!GetKeyboardState                                                                                                   7E3AD226 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] USER32.dll!GetKeyboardState + 4                                                                                               7E3AD22A 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           C:\HP\KBD\KBD.EXE[320] USER32.dll!SetWindowsHookExA                                                                                                  7E3B1211 6 Bytes  JMP 5F8B0F5A 
.text           C:\HP\KBD\KBD.EXE[320] USER32.dll!AttachThreadInput                                                                                                  7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] USER32.dll!AttachThreadInput + 4                                                                                              7E3B1E56 2 Bytes  [9B, 5F] {WAIT ; POP EDI}
.text           C:\HP\KBD\KBD.EXE[320] ADVAPI32.dll!CloseServiceHandle                                                                                               77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           C:\HP\KBD\KBD.EXE[320] ADVAPI32.dll!OpenServiceW                                                                                                     77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           C:\HP\KBD\KBD.EXE[320] ADVAPI32.dll!StartServiceA                                                                                                    77DBFB58 6 Bytes  JMP 5F250F5A 
.text           C:\HP\KBD\KBD.EXE[320] ADVAPI32.dll!StartServiceW                                                                                                    77DC3E94 6 Bytes  JMP 5F280F5A 
.text           C:\HP\KBD\KBD.EXE[320] ADVAPI32.dll!ControlService                                                                                                   77DC4A09 6 Bytes  JMP 5F130F5A 
.text           C:\HP\KBD\KBD.EXE[320] ADVAPI32.dll!OpenServiceA                                                                                                     77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           C:\HP\KBD\KBD.EXE[320] ADVAPI32.dll!LsaAddAccountRights                                                                                              77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           C:\HP\KBD\KBD.EXE[320] ADVAPI32.dll!LsaRemoveAccountRights                                                                                           77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           C:\HP\KBD\KBD.EXE[320] ADVAPI32.dll!ChangeServiceConfigA                                                                                             77E06E69 6 Bytes  JMP 5F040F5A 
.text           C:\HP\KBD\KBD.EXE[320] ADVAPI32.dll!ChangeServiceConfigW                                                                                             77E07001 6 Bytes  JMP 5F070F5A 
.text           C:\HP\KBD\KBD.EXE[320] ADVAPI32.dll!ChangeServiceConfig2A                                                                                            77E07101 6 Bytes  JMP 5F0A0F5A 
.text           C:\HP\KBD\KBD.EXE[320] ADVAPI32.dll!ChangeServiceConfig2W                                                                                            77E07189 3 Bytes  [FF, 25, 1E]
.text           C:\HP\KBD\KBD.EXE[320] ADVAPI32.dll!ChangeServiceConfig2W + 4                                                                                        77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\HP\KBD\KBD.EXE[320] ADVAPI32.dll!CreateServiceA                                                                                                   77E07211 6 Bytes  JMP 5F160F5A 
.text           C:\HP\KBD\KBD.EXE[320] ADVAPI32.dll!CreateServiceW                                                                                                   77E073A9 6 Bytes  JMP 5F190F5A 
.text           C:\HP\KBD\KBD.EXE[320] ADVAPI32.dll!DeleteService                                                                                                    77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           C:\HP\KBD\KBD.EXE[320] ole32.dll!CoCreateInstanceEx                                                                                                  774D0526 6 Bytes  JMP 5F880F5A 
.text           C:\HP\KBD\KBD.EXE[320] ole32.dll!CoGetClassObject                                                                                                    774E56C5 6 Bytes  JMP 5F850F5A 
.text           C:\HP\KBD\KBD.EXE[320] ole32.dll!CLSIDFromProgID                                                                                                     774E87F2 6 Bytes  JMP 5F820F5A 
.text           C:\HP\KBD\KBD.EXE[320] ole32.dll!CLSIDFromProgIDEx                                                                                                   7752620D 6 Bytes  JMP 5F7F0F5A 
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtClose                                                                                                       7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtClose + 4                                                                                                   7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtCreateFile                                                                                                  7C91D0AE 1 Byte  [FF]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtCreateFile                                                                                                  7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtCreateFile + 4                                                                                              7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtCreateKey                                                                                                   7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtCreateKey + 4                                                                                               7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtDeleteFile                                                                                                  7C91D23E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtDeleteFile + 4                                                                                              7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtDeleteKey                                                                                                   7C91D24E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtDeleteKey + 4                                                                                               7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtDeleteValueKey                                                                                              7C91D26E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtDeleteValueKey + 4                                                                                          7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtDuplicateObject                                                                                             7C91D29E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtDuplicateObject + 4                                                                                         7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtEnumerateKey                                                                                                7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtEnumerateKey + 4                                                                                            7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtEnumerateValueKey                                                                                           7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtEnumerateValueKey + 4                                                                                       7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtOpenFile                                                                                                    7C91D59E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtOpenFile + 4                                                                                                7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtQueryMultipleValueKey                                                                                       7C91D86E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtQueryMultipleValueKey + 4                                                                                   7C91D872 2 Bytes  [62, 5F]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtQueryValueKey                                                                                               7C91D96E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtQueryValueKey + 4                                                                                           7C91D972 2 Bytes  [65, 5F]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtReadFile                                                                                                    7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtReadFile + 4                                                                                                7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtSetInformationFile                                                                                          7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtSetInformationFile + 4                                                                                      7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtSetValueKey                                                                                                 7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtSetValueKey + 4                                                                                             7C91DDD2 2 Bytes  [68, 5F]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtUnloadKey                                                                                                   7C91DECE 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtUnloadKey + 4                                                                                               7C91DED2 2 Bytes  [6B, 5F]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtWriteFile                                                                                                   7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!NtWriteFile + 4                                                                                               7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!LdrLoadDll                                                                                                    7C9263C3 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ntdll.dll!LdrLoadDll + 4                                                                                                7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[640] kernel32.dll!TerminateProcess                                                                                           7C801E1A 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\Explorer.EXE[640] kernel32.dll!WriteProcessMemory                                                                                         7C802213 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\Explorer.EXE[640] kernel32.dll!CreateFileMappingW                                                                                         7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\Explorer.EXE[640] kernel32.dll!MapViewOfFileEx                                                                                            7C80B936 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\Explorer.EXE[640] kernel32.dll!CreateRemoteThread                                                                                         7C8104CC 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] kernel32.dll!CreateRemoteThread + 4                                                                                     7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[640] kernel32.dll!CreateProcessInternalW                                                                                     7C8197B0 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] kernel32.dll!CreateProcessInternalW + 4                                                                                 7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[640] kernel32.dll!MoveFileWithProgressW                                                                                      7C81F72E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] kernel32.dll!MoveFileWithProgressW + 4                                                                                  7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[640] kernel32.dll!CopyFileExW                                                                                                7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\Explorer.EXE[640] ADVAPI32.dll!CloseServiceHandle                                                                                         77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\Explorer.EXE[640] ADVAPI32.dll!OpenServiceW                                                                                               77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\Explorer.EXE[640] ADVAPI32.dll!StartServiceA                                                                                              77DBFB58 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\Explorer.EXE[640] ADVAPI32.dll!StartServiceW                                                                                              77DC3E94 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\Explorer.EXE[640] ADVAPI32.dll!ControlService                                                                                             77DC4A09 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\Explorer.EXE[640] ADVAPI32.dll!OpenServiceA                                                                                               77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\Explorer.EXE[640] ADVAPI32.dll!LsaAddAccountRights                                                                                        77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\Explorer.EXE[640] ADVAPI32.dll!LsaRemoveAccountRights                                                                                     77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\Explorer.EXE[640] ADVAPI32.dll!ChangeServiceConfigA                                                                                       77E06E69 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\Explorer.EXE[640] ADVAPI32.dll!ChangeServiceConfigW                                                                                       77E07001 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\Explorer.EXE[640] ADVAPI32.dll!ChangeServiceConfig2A                                                                                      77E07101 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\Explorer.EXE[640] ADVAPI32.dll!ChangeServiceConfig2W                                                                                      77E07189 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] ADVAPI32.dll!ChangeServiceConfig2W + 4                                                                                  77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[640] ADVAPI32.dll!CreateServiceA                                                                                             77E07211 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\Explorer.EXE[640] ADVAPI32.dll!CreateServiceW                                                                                             77E073A9 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\Explorer.EXE[640] ADVAPI32.dll!DeleteService                                                                                              77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\Explorer.EXE[640] USER32.dll!DispatchMessageW                                                                                             7E398A01 6 Bytes  JMP 5FA30F5A 
.text           C:\WINDOWS\Explorer.EXE[640] USER32.dll!TranslateMessage                                                                                             7E398BF6 6 Bytes  JMP 5F8E0F5A 
.text           C:\WINDOWS\Explorer.EXE[640] USER32.dll!DispatchMessageA                                                                                             7E3996B8 6 Bytes  JMP 5F8B0F5A 
.text           C:\WINDOWS\Explorer.EXE[640] USER32.dll!CreateAcceleratorTableW                                                                                      7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] USER32.dll!CreateAcceleratorTableW + 4                                                                                  7E39D9BF 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[640] USER32.dll!SetWindowsHookExW                                                                                            7E3A820F 6 Bytes  JMP 5FA00F5A 
.text           C:\WINDOWS\Explorer.EXE[640] USER32.dll!GetKeyState                                                                                                  7E3A9ED9 6 Bytes  JMP 5F9A0F5A 
.text           C:\WINDOWS\Explorer.EXE[640] USER32.dll!GetAsyncKeyState                                                                                             7E3AA78F 6 Bytes  JMP 5F910F5A 
.text           C:\WINDOWS\Explorer.EXE[640] USER32.dll!BeginDeferWindowPos                                                                                          7E3AAFB9 6 Bytes  JMP 5F880F5A 
.text           C:\WINDOWS\Explorer.EXE[640] USER32.dll!GetKeyboardState                                                                                             7E3AD226 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] USER32.dll!GetKeyboardState + 4                                                                                         7E3AD22A 2 Bytes  [98, 5F] {CWDE ; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[640] USER32.dll!SetWindowsHookExA                                                                                            7E3B1211 6 Bytes  JMP 5F850F5A 
.text           C:\WINDOWS\Explorer.EXE[640] USER32.dll!AttachThreadInput                                                                                            7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[640] USER32.dll!AttachThreadInput + 4                                                                                        7E3B1E56 2 Bytes  [95, 5F] {XCHG EBP, EAX; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[640] ole32.dll!CLSIDFromProgID                                                                                               774E87F2 6 Bytes  JMP 5F820F5A 
.text           C:\WINDOWS\Explorer.EXE[640] ole32.dll!CLSIDFromProgIDEx                                                                                             7752620D 6 Bytes  JMP 5F7F0F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtClose                                                                                         7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtClose + 4                                                                                     7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtCreateFile                                                                                    7C91D0AE 1 Byte  [FF]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtCreateFile                                                                                    7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtCreateFile + 4                                                                                7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtCreateKey                                                                                     7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtCreateKey + 4                                                                                 7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtDeleteFile                                                                                    7C91D23E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtDeleteFile + 4                                                                                7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtDeleteKey                                                                                     7C91D24E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtDeleteKey + 4                                                                                 7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtDeleteValueKey                                                                                7C91D26E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtDeleteValueKey + 4                                                                            7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtDuplicateObject                                                                               7C91D29E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtDuplicateObject + 4                                                                           7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtEnumerateKey                                                                                  7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtEnumerateKey + 4                                                                              7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtEnumerateValueKey                                                                             7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtEnumerateValueKey + 4                                                                         7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtOpenFile                                                                                      7C91D59E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtOpenFile + 4                                                                                  7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtQueryMultipleValueKey                                                                         7C91D86E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtQueryMultipleValueKey + 4                                                                     7C91D872 2 Bytes  [62, 5F]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtQueryValueKey                                                                                 7C91D96E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtQueryValueKey + 4                                                                             7C91D972 2 Bytes  [65, 5F]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtReadFile                                                                                      7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtReadFile + 4                                                                                  7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtSetInformationFile                                                                            7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtSetInformationFile + 4                                                                        7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtSetValueKey                                                                                   7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtSetValueKey + 4                                                                               7C91DDD2 2 Bytes  [68, 5F]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtUnloadKey                                                                                     7C91DECE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtUnloadKey + 4                                                                                 7C91DED2 2 Bytes  [6B, 5F]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtWriteFile                                                                                     7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!NtWriteFile + 4                                                                                 7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!LdrLoadDll                                                                                      7C9263C3 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ntdll.dll!LdrLoadDll + 4                                                                                  7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\Archivos de programa\DNA\btdna.exe[736] kernel32.dll!TerminateProcess                                                                             7C801E1A 6 Bytes  JMP 5F310F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] kernel32.dll!WriteProcessMemory                                                                           7C802213 6 Bytes  JMP 5F370F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] kernel32.dll!CreateFileMappingW                                                                           7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] kernel32.dll!MapViewOfFileEx                                                                              7C80B936 6 Bytes  JMP 5F340F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] kernel32.dll!CreateRemoteThread                                                                           7C8104CC 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] kernel32.dll!CreateRemoteThread + 4                                                                       7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           C:\Archivos de programa\DNA\btdna.exe[736] kernel32.dll!CreateProcessInternalW                                                                       7C8197B0 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] kernel32.dll!CreateProcessInternalW + 4                                                                   7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           C:\Archivos de programa\DNA\btdna.exe[736] kernel32.dll!MoveFileWithProgressW                                                                        7C81F72E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] kernel32.dll!MoveFileWithProgressW + 4                                                                    7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Archivos de programa\DNA\btdna.exe[736] kernel32.dll!CopyFileExW                                                                                  7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ADVAPI32.dll!CloseServiceHandle                                                                           77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ADVAPI32.dll!OpenServiceW                                                                                 77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ADVAPI32.dll!StartServiceA                                                                                77DBFB58 6 Bytes  JMP 5F250F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ADVAPI32.dll!StartServiceW                                                                                77DC3E94 6 Bytes  JMP 5F280F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ADVAPI32.dll!ControlService                                                                               77DC4A09 6 Bytes  JMP 5F130F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ADVAPI32.dll!OpenServiceA                                                                                 77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ADVAPI32.dll!LsaAddAccountRights                                                                          77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ADVAPI32.dll!LsaRemoveAccountRights                                                                       77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ADVAPI32.dll!ChangeServiceConfigA                                                                         77E06E69 6 Bytes  JMP 5F040F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ADVAPI32.dll!ChangeServiceConfigW                                                                         77E07001 6 Bytes  JMP 5F070F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ADVAPI32.dll!ChangeServiceConfig2A                                                                        77E07101 6 Bytes  JMP 5F0A0F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ADVAPI32.dll!ChangeServiceConfig2W                                                                        77E07189 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] ADVAPI32.dll!ChangeServiceConfig2W + 4                                                                    77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Archivos de programa\DNA\btdna.exe[736] ADVAPI32.dll!CreateServiceA                                                                               77E07211 6 Bytes  JMP 5F160F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ADVAPI32.dll!CreateServiceW                                                                               77E073A9 6 Bytes  JMP 5F190F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ADVAPI32.dll!DeleteService                                                                                77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] USER32.dll!DispatchMessageW                                                                               7E398A01 6 Bytes  JMP 5FA90F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] USER32.dll!TranslateMessage                                                                               7E398BF6 6 Bytes  JMP 5F940F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] USER32.dll!DispatchMessageA                                                                               7E3996B8 6 Bytes  JMP 5F910F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] USER32.dll!CreateAcceleratorTableW                                                                        7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] USER32.dll!CreateAcceleratorTableW + 4                                                                    7E39D9BF 2 Bytes  [A4, 5F] {MOVSB ; POP EDI}
.text           C:\Archivos de programa\DNA\btdna.exe[736] USER32.dll!SetWindowsHookExW                                                                              7E3A820F 6 Bytes  JMP 5FA60F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] USER32.dll!GetKeyState                                                                                    7E3A9ED9 6 Bytes  JMP 5FA00F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] USER32.dll!GetAsyncKeyState                                                                               7E3AA78F 6 Bytes  JMP 5F970F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] USER32.dll!BeginDeferWindowPos                                                                            7E3AAFB9 6 Bytes  JMP 5F8E0F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] USER32.dll!GetKeyboardState                                                                               7E3AD226 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] USER32.dll!GetKeyboardState + 4                                                                           7E3AD22A 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           C:\Archivos de programa\DNA\btdna.exe[736] USER32.dll!SetWindowsHookExA                                                                              7E3B1211 6 Bytes  JMP 5F8B0F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] USER32.dll!AttachThreadInput                                                                              7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\DNA\btdna.exe[736] USER32.dll!AttachThreadInput + 4                                                                          7E3B1E56 2 Bytes  [9B, 5F] {WAIT ; POP EDI}
.text           C:\Archivos de programa\DNA\btdna.exe[736] ole32.dll!CoCreateInstanceEx                                                                              774D0526 6 Bytes  JMP 5F880F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ole32.dll!CoGetClassObject                                                                                774E56C5 6 Bytes  JMP 5F850F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ole32.dll!CLSIDFromProgID                                                                                 774E87F2 6 Bytes  JMP 5F820F5A 
.text           C:\Archivos de programa\DNA\btdna.exe[736] ole32.dll!CLSIDFromProgIDEx                                                                               7752620D 6 Bytes  JMP 5F7F0F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtClose                                                                       7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtClose + 4                                                                   7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtCreateFile                                                                  7C91D0AE 1 Byte  [FF]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtCreateFile                                                                  7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtCreateFile + 4                                                              7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtCreateKey                                                                   7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtCreateKey + 4                                                               7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtDeleteFile                                                                  7C91D23E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtDeleteFile + 4                                                              7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtDeleteKey                                                                   7C91D24E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtDeleteKey + 4                                                               7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtDeleteValueKey                                                              7C91D26E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtDeleteValueKey + 4                                                          7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtDuplicateObject                                                             7C91D29E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtDuplicateObject + 4                                                         7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}

Edited by Espirales, 23 September 2010 - 01:24 AM.

  • 0

Advertisements


#2
Espirales

Espirales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Continues GMER Log:


.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtEnumerateKey                                                                7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtEnumerateKey + 4                                                            7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtEnumerateValueKey                                                           7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtEnumerateValueKey + 4                                                       7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtOpenFile                                                                    7C91D59E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtOpenFile + 4                                                                7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtQueryMultipleValueKey                                                       7C91D86E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtQueryMultipleValueKey + 4                                                   7C91D872 2 Bytes  [62, 5F]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtQueryValueKey                                                               7C91D96E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtQueryValueKey + 4                                                           7C91D972 2 Bytes  [65, 5F]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtReadFile                                                                    7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtReadFile + 4                                                                7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtSetInformationFile                                                          7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtSetInformationFile + 4                                                      7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtSetValueKey                                                                 7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtSetValueKey + 4                                                             7C91DDD2 2 Bytes  [68, 5F]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtUnloadKey                                                                   7C91DECE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtUnloadKey + 4                                                               7C91DED2 2 Bytes  [6B, 5F]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtWriteFile                                                                   7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!NtWriteFile + 4                                                               7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!LdrLoadDll                                                                    7C9263C3 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ntdll.dll!LdrLoadDll + 4                                                                7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] kernel32.dll!TerminateProcess                                                           7C801E1A 6 Bytes  JMP 5F310F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] kernel32.dll!WriteProcessMemory                                                         7C802213 6 Bytes  JMP 5F370F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] kernel32.dll!CreateFileMappingW                                                         7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] kernel32.dll!MapViewOfFileEx                                                            7C80B936 6 Bytes  JMP 5F340F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] kernel32.dll!CreateRemoteThread                                                         7C8104CC 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] kernel32.dll!CreateRemoteThread + 4                                                     7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] kernel32.dll!CreateProcessInternalW                                                     7C8197B0 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] kernel32.dll!CreateProcessInternalW + 4                                                 7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] kernel32.dll!MoveFileWithProgressW                                                      7C81F72E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] kernel32.dll!MoveFileWithProgressW + 4                                                  7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] kernel32.dll!CopyFileExW                                                                7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ADVAPI32.dll!CloseServiceHandle                                                         77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ADVAPI32.dll!OpenServiceW                                                               77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ADVAPI32.dll!StartServiceA                                                              77DBFB58 6 Bytes  JMP 5F250F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ADVAPI32.dll!StartServiceW                                                              77DC3E94 6 Bytes  JMP 5F280F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ADVAPI32.dll!ControlService                                                             77DC4A09 6 Bytes  JMP 5F130F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ADVAPI32.dll!OpenServiceA                                                               77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ADVAPI32.dll!LsaAddAccountRights                                                        77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ADVAPI32.dll!LsaRemoveAccountRights                                                     77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ADVAPI32.dll!ChangeServiceConfigA                                                       77E06E69 6 Bytes  JMP 5F040F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ADVAPI32.dll!ChangeServiceConfigW                                                       77E07001 6 Bytes  JMP 5F070F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ADVAPI32.dll!ChangeServiceConfig2A                                                      77E07101 6 Bytes  JMP 5F0A0F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ADVAPI32.dll!ChangeServiceConfig2W                                                      77E07189 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ADVAPI32.dll!ChangeServiceConfig2W + 4                                                  77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ADVAPI32.dll!CreateServiceA                                                             77E07211 6 Bytes  JMP 5F160F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ADVAPI32.dll!CreateServiceW                                                             77E073A9 6 Bytes  JMP 5F190F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ADVAPI32.dll!DeleteService                                                              77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] USER32.dll!DispatchMessageW                                                             7E398A01 6 Bytes  JMP 5FA90F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] USER32.dll!TranslateMessage                                                             7E398BF6 6 Bytes  JMP 5F940F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] USER32.dll!DispatchMessageA                                                             7E3996B8 6 Bytes  JMP 5F910F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] USER32.dll!CreateAcceleratorTableW                                                      7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] USER32.dll!CreateAcceleratorTableW + 4                                                  7E39D9BF 2 Bytes  [A4, 5F] {MOVSB ; POP EDI}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] USER32.dll!SetWindowsHookExW                                                            7E3A820F 6 Bytes  JMP 5FA60F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] USER32.dll!GetKeyState                                                                  7E3A9ED9 6 Bytes  JMP 5FA00F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] USER32.dll!GetAsyncKeyState                                                             7E3AA78F 6 Bytes  JMP 5F970F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] USER32.dll!BeginDeferWindowPos                                                          7E3AAFB9 6 Bytes  JMP 5F8E0F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] USER32.dll!GetKeyboardState                                                             7E3AD226 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] USER32.dll!GetKeyboardState + 4                                                         7E3AD22A 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] USER32.dll!SetWindowsHookExA                                                            7E3B1211 6 Bytes  JMP 5F8B0F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] USER32.dll!AttachThreadInput                                                            7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] USER32.dll!AttachThreadInput + 4                                                        7E3B1E56 2 Bytes  [9B, 5F] {WAIT ; POP EDI}
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ole32.dll!CoCreateInstanceEx                                                            774D0526 6 Bytes  JMP 5F880F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ole32.dll!CoGetClassObject                                                              774E56C5 6 Bytes  JMP 5F850F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ole32.dll!CLSIDFromProgID                                                               774E87F2 6 Bytes  JMP 5F820F5A 
.text           C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe[740] ole32.dll!CLSIDFromProgIDEx                                                             7752620D 6 Bytes  JMP 5F7F0F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtClose                                                                   7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtClose + 4                                                               7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtCreateFile                                                              7C91D0AE 1 Byte  [FF]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtCreateFile                                                              7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtCreateFile + 4                                                          7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtCreateKey                                                               7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtCreateKey + 4                                                           7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtDeleteFile                                                              7C91D23E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtDeleteFile + 4                                                          7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtDeleteKey                                                               7C91D24E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtDeleteKey + 4                                                           7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtDeleteValueKey                                                          7C91D26E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtDeleteValueKey + 4                                                      7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtDuplicateObject                                                         7C91D29E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtDuplicateObject + 4                                                     7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtEnumerateKey                                                            7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtEnumerateKey + 4                                                        7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtEnumerateValueKey                                                       7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtEnumerateValueKey + 4                                                   7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtOpenFile                                                                7C91D59E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtOpenFile + 4                                                            7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtQueryMultipleValueKey                                                   7C91D86E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtQueryMultipleValueKey + 4                                               7C91D872 2 Bytes  [62, 5F]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtQueryValueKey                                                           7C91D96E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtQueryValueKey + 4                                                       7C91D972 2 Bytes  [65, 5F]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtReadFile                                                                7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtReadFile + 4                                                            7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtSetInformationFile                                                      7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtSetInformationFile + 4                                                  7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtSetValueKey                                                             7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtSetValueKey + 4                                                         7C91DDD2 2 Bytes  [68, 5F]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtUnloadKey                                                               7C91DECE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtUnloadKey + 4                                                           7C91DED2 2 Bytes  [6B, 5F]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtWriteFile                                                               7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!NtWriteFile + 4                                                           7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!LdrLoadDll                                                                7C9263C3 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ntdll.dll!LdrLoadDll + 4                                                            7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] kernel32.dll!TerminateProcess                                                       7C801E1A 6 Bytes  JMP 5F310F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] kernel32.dll!WriteProcessMemory                                                     7C802213 6 Bytes  JMP 5F370F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] kernel32.dll!CreateFileMappingW                                                     7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] kernel32.dll!MapViewOfFileEx                                                        7C80B936 6 Bytes  JMP 5F340F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] kernel32.dll!CreateRemoteThread                                                     7C8104CC 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] kernel32.dll!CreateRemoteThread + 4                                                 7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] kernel32.dll!CreateProcessInternalW                                                 7C8197B0 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] kernel32.dll!CreateProcessInternalW + 4                                             7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] kernel32.dll!MoveFileWithProgressW                                                  7C81F72E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] kernel32.dll!MoveFileWithProgressW + 4                                              7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] kernel32.dll!CopyFileExW                                                            7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] USER32.dll!DispatchMessageW                                                         7E398A01 6 Bytes  JMP 5FA90F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] USER32.dll!TranslateMessage                                                         7E398BF6 6 Bytes  JMP 5F940F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] USER32.dll!DispatchMessageA                                                         7E3996B8 6 Bytes  JMP 5F910F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] USER32.dll!CreateAcceleratorTableW                                                  7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] USER32.dll!CreateAcceleratorTableW + 4                                              7E39D9BF 2 Bytes  [A4, 5F] {MOVSB ; POP EDI}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] USER32.dll!SetWindowsHookExW                                                        7E3A820F 6 Bytes  JMP 5FA60F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] USER32.dll!GetKeyState                                                              7E3A9ED9 6 Bytes  JMP 5FA00F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] USER32.dll!GetAsyncKeyState                                                         7E3AA78F 6 Bytes  JMP 5F970F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] USER32.dll!BeginDeferWindowPos                                                      7E3AAFB9 6 Bytes  JMP 5F8E0F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] USER32.dll!GetKeyboardState                                                         7E3AD226 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] USER32.dll!GetKeyboardState + 4                                                     7E3AD22A 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] USER32.dll!SetWindowsHookExA                                                        7E3B1211 6 Bytes  JMP 5F8B0F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] USER32.dll!AttachThreadInput                                                        7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] USER32.dll!AttachThreadInput + 4                                                    7E3B1E56 2 Bytes  [9B, 5F] {WAIT ; POP EDI}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ADVAPI32.dll!CloseServiceHandle                                                     77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ADVAPI32.dll!OpenServiceW                                                           77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ADVAPI32.dll!StartServiceA                                                          77DBFB58 6 Bytes  JMP 5F250F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ADVAPI32.dll!StartServiceW                                                          77DC3E94 6 Bytes  JMP 5F280F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ADVAPI32.dll!ControlService                                                         77DC4A09 6 Bytes  JMP 5F130F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ADVAPI32.dll!OpenServiceA                                                           77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ADVAPI32.dll!LsaAddAccountRights                                                    77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ADVAPI32.dll!LsaRemoveAccountRights                                                 77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ADVAPI32.dll!ChangeServiceConfigA                                                   77E06E69 6 Bytes  JMP 5F040F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ADVAPI32.dll!ChangeServiceConfigW                                                   77E07001 6 Bytes  JMP 5F070F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ADVAPI32.dll!ChangeServiceConfig2A                                                  77E07101 6 Bytes  JMP 5F0A0F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ADVAPI32.dll!ChangeServiceConfig2W                                                  77E07189 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ADVAPI32.dll!ChangeServiceConfig2W + 4                                              77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ADVAPI32.dll!CreateServiceA                                                         77E07211 6 Bytes  JMP 5F160F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ADVAPI32.dll!CreateServiceW                                                         77E073A9 6 Bytes  JMP 5F190F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ADVAPI32.dll!DeleteService                                                          77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ole32.dll!CoCreateInstanceEx                                                        774D0526 6 Bytes  JMP 5F880F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ole32.dll!CoGetClassObject                                                          774E56C5 6 Bytes  JMP 5F850F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ole32.dll!CLSIDFromProgID                                                           774E87F2 6 Bytes  JMP 5F820F5A 
.text           C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe[796] ole32.dll!CLSIDFromProgIDEx                                                         7752620D 6 Bytes  JMP 5F7F0F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtClose                                                                                7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtClose + 4                                                                            7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtCreateFile                                                                           7C91D0AE 1 Byte  [FF]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtCreateFile                                                                           7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtCreateFile + 4                                                                       7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtCreateKey                                                                            7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtCreateKey + 4                                                                        7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtDeleteFile                                                                           7C91D23E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtDeleteFile + 4                                                                       7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtDeleteKey                                                                            7C91D24E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtDeleteKey + 4                                                                        7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtDeleteValueKey                                                                       7C91D26E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtDeleteValueKey + 4                                                                   7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtDuplicateObject                                                                      7C91D29E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtDuplicateObject + 4                                                                  7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtEnumerateKey                                                                         7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtEnumerateKey + 4                                                                     7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtEnumerateValueKey                                                                    7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtEnumerateValueKey + 4                                                                7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtOpenFile                                                                             7C91D59E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtOpenFile + 4                                                                         7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtQueryMultipleValueKey                                                                7C91D86E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtQueryMultipleValueKey + 4                                                            7C91D872 2 Bytes  [62, 5F]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtQueryValueKey                                                                        7C91D96E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtQueryValueKey + 4                                                                    7C91D972 2 Bytes  [65, 5F]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtReadFile                                                                             7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtReadFile + 4                                                                         7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtSetInformationFile                                                                   7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtSetInformationFile + 4                                                               7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtSetValueKey                                                                          7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtSetValueKey + 4                                                                      7C91DDD2 2 Bytes  [68, 5F]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtUnloadKey                                                                            7C91DECE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtUnloadKey + 4                                                                        7C91DED2 2 Bytes  [6B, 5F]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtWriteFile                                                                            7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!NtWriteFile + 4                                                                        7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!LdrLoadDll                                                                             7C9263C3 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ntdll.dll!LdrLoadDll + 4                                                                         7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] kernel32.dll!TerminateProcess                                                                    7C801E1A 6 Bytes  JMP 5F310F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] kernel32.dll!WriteProcessMemory                                                                  7C802213 6 Bytes  JMP 5F370F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] kernel32.dll!CreateFileMappingW                                                                  7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] kernel32.dll!MapViewOfFileEx                                                                     7C80B936 6 Bytes  JMP 5F340F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] kernel32.dll!CreateRemoteThread                                                                  7C8104CC 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] kernel32.dll!CreateRemoteThread + 4                                                              7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] kernel32.dll!CreateProcessInternalW                                                              7C8197B0 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] kernel32.dll!CreateProcessInternalW + 4                                                          7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] kernel32.dll!MoveFileWithProgressW                                                               7C81F72E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] kernel32.dll!MoveFileWithProgressW + 4                                                           7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] kernel32.dll!CopyFileExW                                                                         7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ADVAPI32.dll!CloseServiceHandle                                                                  77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ADVAPI32.dll!OpenServiceW                                                                        77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ADVAPI32.dll!StartServiceA                                                                       77DBFB58 6 Bytes  JMP 5F250F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ADVAPI32.dll!StartServiceW                                                                       77DC3E94 6 Bytes  JMP 5F280F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ADVAPI32.dll!ControlService                                                                      77DC4A09 6 Bytes  JMP 5F130F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ADVAPI32.dll!OpenServiceA                                                                        77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ADVAPI32.dll!LsaAddAccountRights                                                                 77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ADVAPI32.dll!LsaRemoveAccountRights                                                              77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ADVAPI32.dll!ChangeServiceConfigA                                                                77E06E69 6 Bytes  JMP 5F040F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ADVAPI32.dll!ChangeServiceConfigW                                                                77E07001 6 Bytes  JMP 5F070F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A                                                               77E07101 6 Bytes  JMP 5F0A0F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W                                                               77E07189 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W + 4                                                           77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ADVAPI32.dll!CreateServiceA                                                                      77E07211 6 Bytes  JMP 5F160F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ADVAPI32.dll!CreateServiceW                                                                      77E073A9 6 Bytes  JMP 5F190F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ADVAPI32.dll!DeleteService                                                                       77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ole32.dll!CoCreateInstanceEx                                                                     774D0526 6 Bytes  JMP 5F880F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ole32.dll!CoGetClassObject                                                                       774E56C5 6 Bytes  JMP 5F850F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ole32.dll!CLSIDFromProgID                                                                        774E87F2 6 Bytes  JMP 5F820F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] ole32.dll!CLSIDFromProgIDEx                                                                      7752620D 6 Bytes  JMP 5F7F0F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] USER32.dll!DispatchMessageW                                                                      7E398A01 6 Bytes  JMP 5FA90F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] USER32.dll!TranslateMessage                                                                      7E398BF6 6 Bytes  JMP 5F940F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] USER32.dll!DispatchMessageA                                                                      7E3996B8 6 Bytes  JMP 5F910F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] USER32.dll!CreateAcceleratorTableW                                                               7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] USER32.dll!CreateAcceleratorTableW + 4                                                           7E39D9BF 2 Bytes  [A4, 5F] {MOVSB ; POP EDI}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] USER32.dll!SetWindowsHookExW                                                                     7E3A820F 6 Bytes  JMP 5FA60F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] USER32.dll!GetKeyState                                                                           7E3A9ED9 6 Bytes  JMP 5FA00F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] USER32.dll!GetAsyncKeyState                                                                      7E3AA78F 6 Bytes  JMP 5F970F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] USER32.dll!BeginDeferWindowPos                                                                   7E3AAFB9 6 Bytes  JMP 5F8E0F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] USER32.dll!GetKeyboardState                                                                      7E3AD226 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] USER32.dll!GetKeyboardState + 4                                                                  7E3AD22A 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] USER32.dll!SetWindowsHookExA                                                                     7E3B1211 6 Bytes  JMP 5F8B0F5A 
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] USER32.dll!AttachThreadInput                                                                     7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Java\jre6\bin\jqs.exe[1608] USER32.dll!AttachThreadInput + 4                                                                 7E3B1E56 2 Bytes  [9B, 5F] {WAIT ; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtClose                                                                                                       7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtClose + 4                                                                                                   7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtCreateFile                                                                                                  7C91D0AE 1 Byte  [FF]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtCreateFile                                                                                                  7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtCreateFile + 4                                                                                              7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtCreateKey                                                                                                   7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtCreateKey + 4                                                                                               7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtDeleteFile                                                                                                  7C91D23E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtDeleteFile + 4                                                                                              7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtDeleteKey                                                                                                   7C91D24E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtDeleteKey + 4                                                                                               7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtDeleteValueKey                                                                                              7C91D26E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtDeleteValueKey + 4                                                                                          7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtDuplicateObject                                                                                             7C91D29E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtDuplicateObject + 4                                                                                         7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtEnumerateKey                                                                                                7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtEnumerateKey + 4                                                                                            7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtEnumerateValueKey                                                                                           7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtEnumerateValueKey + 4                                                                                       7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtOpenFile                                                                                                    7C91D59E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtOpenFile + 4                                                                                                7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtQueryMultipleValueKey                                                                                       7C91D86E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtQueryMultipleValueKey + 4                                                                                   7C91D872 2 Bytes  [62, 5F]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtQueryValueKey                                                                                               7C91D96E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtQueryValueKey + 4                                                                                           7C91D972 2 Bytes  [65, 5F]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtReadFile                                                                                                    7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtReadFile + 4                                                                                                7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtSetInformationFile                                                                                          7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtSetInformationFile + 4                                                                                      7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtSetValueKey                                                                                                 7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtSetValueKey + 4                                                                                             7C91DDD2 2 Bytes  [68, 5F]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtUnloadKey                                                                                                   7C91DECE 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtUnloadKey + 4                                                                                               7C91DED2 2 Bytes  [6B, 5F]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtWriteFile                                                                                                   7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!NtWriteFile + 4                                                                                               7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!LdrLoadDll                                                                                                    7C9263C3 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ntdll.dll!LdrLoadDll + 4                                                                                                7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] kernel32.dll!TerminateProcess                                                                                           7C801E1A 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] kernel32.dll!WriteProcessMemory                                                                                         7C802213 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] kernel32.dll!CreateFileMappingW                                                                                         7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] kernel32.dll!MapViewOfFileEx                                                                                            7C80B936 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] kernel32.dll!CreateRemoteThread                                                                                         7C8104CC 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] kernel32.dll!CreateRemoteThread + 4                                                                                     7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] kernel32.dll!CreateProcessInternalW                                                                                     7C8197B0 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] kernel32.dll!CreateProcessInternalW + 4                                                                                 7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] kernel32.dll!MoveFileWithProgressW                                                                                      7C81F72E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] kernel32.dll!MoveFileWithProgressW + 4                                                                                  7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] kernel32.dll!CopyFileExW                                                                                                7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] USER32.dll!DispatchMessageW                                                                                             7E398A01 6 Bytes  JMP 5FA90F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] USER32.dll!TranslateMessage                                                                                             7E398BF6 6 Bytes  JMP 5F940F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] USER32.dll!DispatchMessageA                                                                                             7E3996B8 6 Bytes  JMP 5F910F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] USER32.dll!CreateAcceleratorTableW                                                                                      7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] USER32.dll!CreateAcceleratorTableW + 4                                                                                  7E39D9BF 2 Bytes  [A4, 5F] {MOVSB ; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] USER32.dll!SetWindowsHookExW                                                                                            7E3A820F 6 Bytes  JMP 5FA60F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] USER32.dll!GetKeyState                                                                                                  7E3A9ED9 6 Bytes  JMP 5FA00F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] USER32.dll!GetAsyncKeyState                                                                                             7E3AA78F 6 Bytes  JMP 5F970F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] USER32.dll!BeginDeferWindowPos                                                                                          7E3AAFB9 6 Bytes  JMP 5F8E0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] USER32.dll!GetKeyboardState                                                                                             7E3AD226 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] USER32.dll!GetKeyboardState + 4                                                                                         7E3AD22A 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] USER32.dll!SetWindowsHookExA                                                                                            7E3B1211 6 Bytes  JMP 5F8B0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] USER32.dll!AttachThreadInput                                                                                            7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] USER32.dll!AttachThreadInput + 4                                                                                        7E3B1E56 2 Bytes  [9B, 5F] {WAIT ; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ADVAPI32.dll!CloseServiceHandle                                                                                         77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ADVAPI32.dll!OpenServiceW                                                                                               77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ADVAPI32.dll!StartServiceA                                                                                              77DBFB58 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ADVAPI32.dll!StartServiceW                                                                                              77DC3E94 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ADVAPI32.dll!ControlService                                                                                             77DC4A09 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ADVAPI32.dll!OpenServiceA                                                                                               77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ADVAPI32.dll!LsaAddAccountRights                                                                                        77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ADVAPI32.dll!LsaRemoveAccountRights                                                                                     77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ADVAPI32.dll!ChangeServiceConfigA                                                                                       77E06E69 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ADVAPI32.dll!ChangeServiceConfigW                                                                                       77E07001 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ADVAPI32.dll!ChangeServiceConfig2A                                                                                      77E07101 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ADVAPI32.dll!ChangeServiceConfig2W                                                                                      77E07189 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ADVAPI32.dll!ChangeServiceConfig2W + 4                                                                                  77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ADVAPI32.dll!CreateServiceA                                                                                             77E07211 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ADVAPI32.dll!CreateServiceW                                                                                             77E073A9 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ADVAPI32.dll!DeleteService                                                                                              77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ole32.dll!CoCreateInstanceEx                                                                                            774D0526 6 Bytes  JMP 5F880F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ole32.dll!CoGetClassObject                                                                                              774E56C5 6 Bytes  JMP 5F850F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ole32.dll!CLSIDFromProgID                                                                                               774E87F2 6 Bytes  JMP 5F820F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[2032] ole32.dll!CLSIDFromProgIDEx                                                                                             7752620D 6 Bytes  JMP 5F7F0F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtClose                                                                 7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtClose + 4                                                             7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtCreateFile                                                            7C91D0AE 1 Byte  [FF]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtCreateFile                                                            7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtCreateFile + 4                                                        7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtCreateKey                                                             7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtCreateKey + 4                                                         7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtDeleteFile                                                            7C91D23E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtDeleteFile + 4                                                        7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtDeleteKey                                                             7C91D24E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtDeleteKey + 4                                                         7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtDeleteValueKey                                                        7C91D26E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtDeleteValueKey + 4                                                    7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtDuplicateObject                                                       7C91D29E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtDuplicateObject + 4                                                   7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtEnumerateKey                                                          7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtEnumerateKey + 4                                                      7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtEnumerateValueKey                                                     7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtEnumerateValueKey + 4                                                 7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtOpenFile                                                              7C91D59E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtOpenFile + 4                                                          7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtQueryMultipleValueKey                                                 7C91D86E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtQueryMultipleValueKey + 4                                             7C91D872 2 Bytes  [62, 5F]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtQueryValueKey                                                         7C91D96E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtQueryValueKey + 4                                                     7C91D972 2 Bytes  [65, 5F]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtReadFile                                                              7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtReadFile + 4                                                          7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtSetInformationFile                                                    7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtSetInformationFile + 4                                                7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtSetValueKey                                                           7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtSetValueKey + 4                                                       7C91DDD2 2 Bytes  [68, 5F]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtUnloadKey                                                             7C91DECE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtUnloadKey + 4                                                         7C91DED2 2 Bytes  [6B, 5F]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtWriteFile                                                             7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!NtWriteFile + 4                                                         7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!LdrLoadDll                                                              7C9263C3 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ntdll.dll!LdrLoadDll + 4                                                          7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] kernel32.dll!TerminateProcess                                                     7C801E1A 6 Bytes  JMP 5F310F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] kernel32.dll!WriteProcessMemory                                                   7C802213 6 Bytes  JMP 5F370F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] kernel32.dll!CreateFileMappingW                                                   7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] kernel32.dll!MapViewOfFileEx                                                      7C80B936 6 Bytes  JMP 5F340F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] kernel32.dll!CreateRemoteThread                                                   7C8104CC 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] kernel32.dll!CreateRemoteThread + 4                                               7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] kernel32.dll!CreateProcessInternalW                                               7C8197B0 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] kernel32.dll!CreateProcessInternalW + 4                                           7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] kernel32.dll!MoveFileWithProgressW                                                7C81F72E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] kernel32.dll!MoveFileWithProgressW + 4                                            7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] kernel32.dll!CopyFileExW                                                          7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] USER32.dll!DispatchMessageW                                                       7E398A01 6 Bytes  JMP 5FA90F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] USER32.dll!TranslateMessage                                                       7E398BF6 6 Bytes  JMP 5F940F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] USER32.dll!DispatchMessageA                                                       7E3996B8 6 Bytes  JMP 5F910F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] USER32.dll!CreateAcceleratorTableW                                                7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] USER32.dll!CreateAcceleratorTableW + 4                                            7E39D9BF 2 Bytes  [A4, 5F] {MOVSB ; POP EDI}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] USER32.dll!SetWindowsHookExW                                                      7E3A820F 6 Bytes  JMP 5FA60F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] USER32.dll!GetKeyState                                                            7E3A9ED9 6 Bytes  JMP 5FA00F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] USER32.dll!GetAsyncKeyState                                                       7E3AA78F 6 Bytes  JMP 5F970F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] USER32.dll!BeginDeferWindowPos                                                    7E3AAFB9 6 Bytes  JMP 5F8E0F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] USER32.dll!GetKeyboardState                                                       7E3AD226 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] USER32.dll!GetKeyboardState + 4                                                   7E3AD22A 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] USER32.dll!SetWindowsHookExA                                                      7E3B1211 6 Bytes  JMP 5F8B0F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] USER32.dll!AttachThreadInput                                                      7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] USER32.dll!AttachThreadInput + 4                                                  7E3B1E56 2 Bytes  [9B, 5F] {WAIT ; POP EDI}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ADVAPI32.dll!CloseServiceHandle                                                   77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ADVAPI32.dll!OpenServiceW                                                         77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ADVAPI32.dll!StartServiceA                                                        77DBFB58 6 Bytes  JMP 5F250F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ADVAPI32.dll!StartServiceW                                                        77DC3E94 6 Bytes  JMP 5F280F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ADVAPI32.dll!ControlService                                                       77DC4A09 6 Bytes  JMP 5F130F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ADVAPI32.dll!OpenServiceA                                                         77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ADVAPI32.dll!LsaAddAccountRights                                                  77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ADVAPI32.dll!LsaRemoveAccountRights                                               77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ADVAPI32.dll!ChangeServiceConfigA                                                 77E06E69 6 Bytes  JMP 5F040F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ADVAPI32.dll!ChangeServiceConfigW                                                 77E07001 6 Bytes  JMP 5F070F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ADVAPI32.dll!ChangeServiceConfig2A                                                77E07101 6 Bytes  JMP 5F0A0F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ADVAPI32.dll!ChangeServiceConfig2W                                                77E07189 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ADVAPI32.dll!ChangeServiceConfig2W + 4                                            77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ADVAPI32.dll!CreateServiceA                                                       77E07211 6 Bytes  JMP 5F160F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ADVAPI32.dll!CreateServiceW                                                       77E073A9 6 Bytes  JMP 5F190F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ADVAPI32.dll!DeleteService                                                        77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ole32.dll!CoCreateInstanceEx                                                      774D0526 6 Bytes  JMP 5F880F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ole32.dll!CoGetClassObject                                                        774E56C5 6 Bytes  JMP 5F850F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ole32.dll!CLSIDFromProgID                                                         774E87F2 6 Bytes  JMP 5F820F5A 
.text           C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe[2276] ole32.dll!CLSIDFromProgIDEx                                                       7752620D 6 Bytes  JMP 5F7F0F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtClose                                                                                               7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtClose + 4                                                                                           7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtCreateFile                                                                                          7C91D0AE 1 Byte  [FF]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtCreateFile                                                                                          7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtCreateFile + 4                                                                                      7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtCreateKey                                                                                           7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtCreateKey + 4                                                                                       7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtDeleteFile                                                                                          7C91D23E 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtDeleteFile + 4                                                                                      7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtDeleteKey                                                                                           7C91D24E 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtDeleteKey + 4                                                                                       7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtDeleteValueKey                                                                                      7C91D26E 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtDeleteValueKey + 4                                                                                  7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtDuplicateObject                                                                                     7C91D29E 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtDuplicateObject + 4                                                                                 7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtEnumerateKey                                                                                        7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtEnumerateKey + 4                                                                                    7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtEnumerateValueKey                                                                                   7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtEnumerateValueKey + 4                                                                               7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtOpenFile                                                                                            7C91D59E 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtOpenFile + 4                                                                                        7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtQueryMultipleValueKey                                                                               7C91D86E 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtQueryMultipleValueKey + 4                                                                           7C91D872 2 Bytes  [62, 5F]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtQueryValueKey                                                                                       7C91D96E 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtQueryValueKey + 4                                                                                   7C91D972 2 Bytes  [65, 5F]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtReadFile                                                                                            7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtReadFile + 4                                                                                        7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtSetInformationFile                                                                                  7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtSetInformationFile + 4                                                                              7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtSetValueKey                                                                                         7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtSetValueKey + 4                                                                                     7C91DDD2 2 Bytes  [68, 5F]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtUnloadKey                                                                                           7C91DECE 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtUnloadKey + 4                                                                                       7C91DED2 2 Bytes  [6B, 5F]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtWriteFile                                                                                           7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!NtWriteFile + 4                                                                                       7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!LdrLoadDll                                                                                            7C9263C3 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ntdll.dll!LdrLoadDll + 4                                                                                        7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           c:\windows\system\hpsysdrv.exe[2356] kernel32.dll!TerminateProcess                                                                                   7C801E1A 6 Bytes  JMP 5F310F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] kernel32.dll!WriteProcessMemory                                                                                 7C802213 6 Bytes  JMP 5F370F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] kernel32.dll!CreateFileMappingW                                                                                 7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] kernel32.dll!MapViewOfFileEx                                                                                    7C80B936 6 Bytes  JMP 5F340F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] kernel32.dll!CreateRemoteThread                                                                                 7C8104CC 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] kernel32.dll!CreateRemoteThread + 4                                                                             7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           c:\windows\system\hpsysdrv.exe[2356] kernel32.dll!CreateProcessInternalW                                                                             7C8197B0 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] kernel32.dll!CreateProcessInternalW + 4                                                                         7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           c:\windows\system\hpsysdrv.exe[2356] kernel32.dll!MoveFileWithProgressW                                                                              7C81F72E 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] kernel32.dll!MoveFileWithProgressW + 4                                                                          7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           c:\windows\system\hpsysdrv.exe[2356] kernel32.dll!CopyFileExW                                                                                        7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] USER32.dll!DispatchMessageW                                                                                     7E398A01 6 Bytes  JMP 5FA90F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] USER32.dll!TranslateMessage                                                                                     7E398BF6 6 Bytes  JMP 5F940F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] USER32.dll!DispatchMessageA                                                                                     7E3996B8 6 Bytes  JMP 5F910F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] USER32.dll!CreateAcceleratorTableW                                                                              7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] USER32.dll!CreateAcceleratorTableW + 4                                                                          7E39D9BF 2 Bytes  [A4, 5F] {MOVSB ; POP EDI}
.text           c:\windows\system\hpsysdrv.exe[2356] USER32.dll!SetWindowsHookExW                                                                                    7E3A820F 6 Bytes  JMP 5FA60F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] USER32.dll!GetKeyState                                                                                          7E3A9ED9 6 Bytes  JMP 5FA00F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] USER32.dll!GetAsyncKeyState                                                                                     7E3AA78F 6 Bytes  JMP 5F970F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] USER32.dll!BeginDeferWindowPos                                                                                  7E3AAFB9 6 Bytes  JMP 5F8E0F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] USER32.dll!GetKeyboardState                                                                                     7E3AD226 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] USER32.dll!GetKeyboardState + 4                                                                                 7E3AD22A 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           c:\windows\system\hpsysdrv.exe[2356] USER32.dll!SetWindowsHookExA                                                                                    7E3B1211 6 Bytes  JMP 5F8B0F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] USER32.dll!AttachThreadInput                                                                                    7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] USER32.dll!AttachThreadInput + 4                                                                                7E3B1E56 2 Bytes  [9B, 5F] {WAIT ; POP EDI}
.text           c:\windows\system\hpsysdrv.exe[2356] ADVAPI32.dll!CloseServiceHandle                                                                                 77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ADVAPI32.dll!OpenServiceW                                                                                       77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ADVAPI32.dll!StartServiceA                                                                                      77DBFB58 6 Bytes  JMP 5F250F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ADVAPI32.dll!StartServiceW                                                                                      77DC3E94 6 Bytes  JMP 5F280F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ADVAPI32.dll!ControlService                                                                                     77DC4A09 6 Bytes  JMP 5F130F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ADVAPI32.dll!OpenServiceA                                                                                       77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ADVAPI32.dll!LsaAddAccountRights                                                                                77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ADVAPI32.dll!LsaRemoveAccountRights                                                                             77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ADVAPI32.dll!ChangeServiceConfigA                                                                               77E06E69 6 Bytes  JMP 5F040F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ADVAPI32.dll!ChangeServiceConfigW                                                                               77E07001 6 Bytes  JMP 5F070F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ADVAPI32.dll!ChangeServiceConfig2A                                                                              77E07101 6 Bytes  JMP 5F0A0F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ADVAPI32.dll!ChangeServiceConfig2W                                                                              77E07189 3 Bytes  [FF, 25, 1E]
.text           c:\windows\system\hpsysdrv.exe[2356] ADVAPI32.dll!ChangeServiceConfig2W + 4                                                                          77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           c:\windows\system\hpsysdrv.exe[2356] ADVAPI32.dll!CreateServiceA                                                                                     77E07211 6 Bytes  JMP 5F160F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ADVAPI32.dll!CreateServiceW                                                                                     77E073A9 6 Bytes  JMP 5F190F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ADVAPI32.dll!DeleteService                                                                                      77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ole32.dll!CoCreateInstanceEx                                                                                    774D0526 6 Bytes  JMP 5F880F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ole32.dll!CoGetClassObject                                                                                      774E56C5 6 Bytes  JMP 5F850F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ole32.dll!CLSIDFromProgID                                                                                       774E87F2 6 Bytes  JMP 5F820F5A 
.text           c:\windows\system\hpsysdrv.exe[2356] ole32.dll!CLSIDFromProgIDEx                                                                                     7752620D 6 Bytes  JMP 5F7F0F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtClose                                            7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtClose + 4                                        7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtCreateFile                                       7C91D0AE 1 Byte  [FF]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtCreateFile                                       7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtCreateFile + 4                                   7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtCreateKey                                        7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtCreateKey + 4                                    7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtDeleteFile                                       7C91D23E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtDeleteFile + 4                                   7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtDeleteKey                                        7C91D24E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtDeleteKey + 4                                    7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtDeleteValueKey                                   7C91D26E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtDeleteValueKey + 4                               7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtDuplicateObject                                  7C91D29E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtDuplicateObject + 4                              7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtEnumerateKey                                     7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtEnumerateKey + 4                                 7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtEnumerateValueKey                                7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtEnumerateValueKey + 4                            7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtOpenFile                                         7C91D59E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtOpenFile + 4                                     7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtQueryMultipleValueKey                            7C91D86E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtQueryMultipleValueKey + 4                        7C91D872 2 Bytes  [62, 5F]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtQueryValueKey                                    7C91D96E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtQueryValueKey + 4                                7C91D972 2 Bytes  [65, 5F]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtReadFile                                         7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtReadFile + 4                                     7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtSetInformationFile                               7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtSetInformationFile + 4                           7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtSetValueKey                                      7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtSetValueKey + 4                                  7C91DDD2 2 Bytes  [68, 5F]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtUnloadKey                                        7C91DECE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtUnloadKey + 4                                    7C91DED2 2 Bytes  [6B, 5F]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtWriteFile                                        7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!NtWriteFile + 4                                    7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!LdrLoadDll                                         7C9263C3 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ntdll.dll!LdrLoadDll + 4                                     7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] kernel32.dll!TerminateProcess                                7C801E1A 6 Bytes  JMP 5F310F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] kernel32.dll!WriteProcessMemory                              7C802213 6 Bytes  JMP 5F370F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] kernel32.dll!CreateFileMappingW                              7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] kernel32.dll!MapViewOfFileEx                                 7C80B936 6 Bytes  JMP 5F340F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] kernel32.dll!CreateRemoteThread                              7C8104CC 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] kernel32.dll!CreateRemoteThread + 4                          7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] kernel32.dll!CreateProcessInternalW                          7C8197B0 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] kernel32.dll!CreateProcessInternalW + 4                      7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] kernel32.dll!MoveFileWithProgressW                           7C81F72E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] kernel32.dll!MoveFileWithProgressW + 4                       7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] kernel32.dll!CopyFileExW                                     7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] USER32.dll!DispatchMessageW                                  7E398A01 6 Bytes  JMP 5FA90F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] USER32.dll!TranslateMessage                                  7E398BF6 6 Bytes  JMP 5F940F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] USER32.dll!DispatchMessageA                                  7E3996B8 6 Bytes  JMP 5F910F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] USER32.dll!CreateAcceleratorTableW                           7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] USER32.dll!CreateAcceleratorTableW + 4                       7E39D9BF 2 Bytes  [A4, 5F] {MOVSB ; POP EDI}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] USER32.dll!SetWindowsHookExW                                 7E3A820F 6 Bytes  JMP 5FA60F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] USER32.dll!GetKeyState                                       7E3A9ED9 6 Bytes  JMP 5FA00F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] USER32.dll!GetAsyncKeyState                                  7E3AA78F 6 Bytes  JMP 5F970F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] USER32.dll!BeginDeferWindowPos                               7E3AAFB9 6 Bytes  JMP 5F8E0F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] USER32.dll!GetKeyboardState                                  7E3AD226 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] USER32.dll!GetKeyboardState + 4                              7E3AD22A 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] USER32.dll!SetWindowsHookExA                                 7E3B1211 6 Bytes  JMP 5F8B0F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] USER32.dll!AttachThreadInput                                 7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] USER32.dll!AttachThreadInput + 4                             7E3B1E56 2 Bytes  [9B, 5F] {WAIT ; POP EDI}

Edited by Espirales, 23 September 2010 - 01:38 AM.

  • 0

#3
Espirales

Espirales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Continues GMER Log:


.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ADVAPI32.dll!CloseServiceHandle                              77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ADVAPI32.dll!OpenServiceW                                    77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ADVAPI32.dll!StartServiceA                                   77DBFB58 6 Bytes  JMP 5F250F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ADVAPI32.dll!StartServiceW                                   77DC3E94 6 Bytes  JMP 5F280F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ADVAPI32.dll!ControlService                                  77DC4A09 6 Bytes  JMP 5F130F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ADVAPI32.dll!OpenServiceA                                    77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ADVAPI32.dll!LsaAddAccountRights                             77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ADVAPI32.dll!LsaRemoveAccountRights                          77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ADVAPI32.dll!ChangeServiceConfigA                            77E06E69 6 Bytes  JMP 5F040F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ADVAPI32.dll!ChangeServiceConfigW                            77E07001 6 Bytes  JMP 5F070F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ADVAPI32.dll!ChangeServiceConfig2A                           77E07101 6 Bytes  JMP 5F0A0F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ADVAPI32.dll!ChangeServiceConfig2W                           77E07189 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ADVAPI32.dll!ChangeServiceConfig2W + 4                       77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ADVAPI32.dll!CreateServiceA                                  77E07211 6 Bytes  JMP 5F160F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ADVAPI32.dll!CreateServiceW                                  77E073A9 6 Bytes  JMP 5F190F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ADVAPI32.dll!DeleteService                                   77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ole32.dll!CoCreateInstanceEx                                 774D0526 6 Bytes  JMP 5F880F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ole32.dll!CoGetClassObject                                   774E56C5 6 Bytes  JMP 5F850F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ole32.dll!CLSIDFromProgID                                    774E87F2 6 Bytes  JMP 5F820F5A 
.text           C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe[2548] ole32.dll!CLSIDFromProgIDEx                                  7752620D 6 Bytes  JMP 5F7F0F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtClose                        7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtClose + 4                    7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtCreateFile                   7C91D0AE 1 Byte  [FF]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtCreateFile                   7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtCreateFile + 4               7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtCreateKey                    7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtCreateKey + 4                7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtDeleteFile                   7C91D23E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtDeleteFile + 4               7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtDeleteKey                    7C91D24E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtDeleteKey + 4                7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtDeleteValueKey               7C91D26E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtDeleteValueKey + 4           7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtDuplicateObject              7C91D29E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtDuplicateObject + 4          7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtEnumerateKey                 7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtEnumerateKey + 4             7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtEnumerateValueKey            7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtEnumerateValueKey + 4        7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtOpenFile                     7C91D59E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtOpenFile + 4                 7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtQueryMultipleValueKey        7C91D86E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtQueryMultipleValueKey + 4    7C91D872 2 Bytes  [62, 5F]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtQueryValueKey                7C91D96E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtQueryValueKey + 4            7C91D972 2 Bytes  [65, 5F]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtReadFile                     7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtReadFile + 4                 7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtSetInformationFile           7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtSetInformationFile + 4       7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtSetValueKey                  7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtSetValueKey + 4              7C91DDD2 2 Bytes  [68, 5F]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtUnloadKey                    7C91DECE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtUnloadKey + 4                7C91DED2 2 Bytes  [6B, 5F]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtWriteFile                    7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!NtWriteFile + 4                7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!LdrLoadDll                     7C9263C3 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ntdll.dll!LdrLoadDll + 4                 7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] kernel32.dll!TerminateProcess            7C801E1A 6 Bytes  JMP 5F310F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] kernel32.dll!WriteProcessMemory          7C802213 6 Bytes  JMP 5F370F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] kernel32.dll!CreateFileMappingW          7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] kernel32.dll!MapViewOfFileEx             7C80B936 6 Bytes  JMP 5F340F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] kernel32.dll!CreateRemoteThread          7C8104CC 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] kernel32.dll!CreateRemoteThread + 4      7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] kernel32.dll!CreateProcessInternalW      7C8197B0 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] kernel32.dll!CreateProcessInternalW + 4  7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] kernel32.dll!MoveFileWithProgressW       7C81F72E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] kernel32.dll!MoveFileWithProgressW + 4   7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] kernel32.dll!CopyFileExW                 7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ADVAPI32.dll!CloseServiceHandle          77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ADVAPI32.dll!OpenServiceW                77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ADVAPI32.dll!StartServiceA               77DBFB58 6 Bytes  JMP 5F250F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ADVAPI32.dll!StartServiceW               77DC3E94 6 Bytes  JMP 5F280F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ADVAPI32.dll!ControlService              77DC4A09 6 Bytes  JMP 5F130F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ADVAPI32.dll!OpenServiceA                77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ADVAPI32.dll!LsaAddAccountRights         77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ADVAPI32.dll!LsaRemoveAccountRights      77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ADVAPI32.dll!ChangeServiceConfigA        77E06E69 6 Bytes  JMP 5F040F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ADVAPI32.dll!ChangeServiceConfigW        77E07001 6 Bytes  JMP 5F070F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ADVAPI32.dll!ChangeServiceConfig2A       77E07101 6 Bytes  JMP 5F0A0F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ADVAPI32.dll!ChangeServiceConfig2W       77E07189 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ADVAPI32.dll!ChangeServiceConfig2W + 4   77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ADVAPI32.dll!CreateServiceA              77E07211 6 Bytes  JMP 5F160F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ADVAPI32.dll!CreateServiceW              77E073A9 6 Bytes  JMP 5F190F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ADVAPI32.dll!DeleteService               77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] USER32.dll!DispatchMessageW              7E398A01 6 Bytes  JMP 5FA90F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] USER32.dll!TranslateMessage              7E398BF6 6 Bytes  JMP 5F940F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] USER32.dll!DispatchMessageA              7E3996B8 6 Bytes  JMP 5F910F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] USER32.dll!CreateAcceleratorTableW       7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] USER32.dll!CreateAcceleratorTableW + 4   7E39D9BF 2 Bytes  [A4, 5F] {MOVSB ; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] USER32.dll!SetWindowsHookExW             7E3A820F 6 Bytes  JMP 5FA60F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] USER32.dll!GetKeyState                   7E3A9ED9 6 Bytes  JMP 5FA00F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] USER32.dll!GetAsyncKeyState              7E3AA78F 6 Bytes  JMP 5F970F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] USER32.dll!BeginDeferWindowPos           7E3AAFB9 6 Bytes  JMP 5F8E0F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] USER32.dll!GetKeyboardState              7E3AD226 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] USER32.dll!GetKeyboardState + 4          7E3AD22A 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] USER32.dll!SetWindowsHookExA             7E3B1211 6 Bytes  JMP 5F8B0F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] USER32.dll!AttachThreadInput             7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] USER32.dll!AttachThreadInput + 4         7E3B1E56 2 Bytes  [9B, 5F] {WAIT ; POP EDI}
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ole32.dll!CoCreateInstanceEx             774D0526 6 Bytes  JMP 5F880F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ole32.dll!CoGetClassObject               774E56C5 6 Bytes  JMP 5F850F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ole32.dll!CLSIDFromProgID                774E87F2 6 Bytes  JMP 5F820F5A 
.text           C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2688] ole32.dll!CLSIDFromProgIDEx              7752620D 6 Bytes  JMP 5F7F0F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtClose                                                        7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtClose + 4                                                    7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtCreateFile                                                   7C91D0AE 1 Byte  [FF]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtCreateFile                                                   7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtCreateFile + 4                                               7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtCreateKey                                                    7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtCreateKey + 4                                                7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtDeleteFile                                                   7C91D23E 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtDeleteFile + 4                                               7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtDeleteKey                                                    7C91D24E 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtDeleteKey + 4                                                7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtDeleteValueKey                                               7C91D26E 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtDeleteValueKey + 4                                           7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtDuplicateObject                                              7C91D29E 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtDuplicateObject + 4                                          7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtEnumerateKey                                                 7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtEnumerateKey + 4                                             7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtEnumerateValueKey                                            7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtEnumerateValueKey + 4                                        7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtOpenFile                                                     7C91D59E 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtOpenFile + 4                                                 7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtQueryMultipleValueKey                                        7C91D86E 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtQueryMultipleValueKey + 4                                    7C91D872 2 Bytes  [62, 5F]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtQueryValueKey                                                7C91D96E 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtQueryValueKey + 4                                            7C91D972 2 Bytes  [65, 5F]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtReadFile                                                     7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtReadFile + 4                                                 7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtSetInformationFile                                           7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtSetInformationFile + 4                                       7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtSetValueKey                                                  7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtSetValueKey + 4                                              7C91DDD2 2 Bytes  [68, 5F]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtUnloadKey                                                    7C91DECE 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtUnloadKey + 4                                                7C91DED2 2 Bytes  [6B, 5F]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtWriteFile                                                    7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!NtWriteFile + 4                                                7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!LdrLoadDll                                                     7C9263C3 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ntdll.dll!LdrLoadDll + 4                                                 7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] kernel32.dll!TerminateProcess                                            7C801E1A 6 Bytes  JMP 5F310F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] kernel32.dll!WriteProcessMemory                                          7C802213 6 Bytes  JMP 5F370F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] kernel32.dll!CreateFileMappingW                                          7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] kernel32.dll!MapViewOfFileEx                                             7C80B936 6 Bytes  JMP 5F340F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] kernel32.dll!CreateRemoteThread                                          7C8104CC 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] kernel32.dll!CreateRemoteThread + 4                                      7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] kernel32.dll!CreateProcessInternalW                                      7C8197B0 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] kernel32.dll!CreateProcessInternalW + 4                                  7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] kernel32.dll!MoveFileWithProgressW                                       7C81F72E 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] kernel32.dll!MoveFileWithProgressW + 4                                   7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] kernel32.dll!CopyFileExW                                                 7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] USER32.dll!DispatchMessageW                                              7E398A01 6 Bytes  JMP 5FA90F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] USER32.dll!TranslateMessage                                              7E398BF6 6 Bytes  JMP 5F940F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] USER32.dll!DispatchMessageA                                              7E3996B8 6 Bytes  JMP 5F910F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] USER32.dll!CreateAcceleratorTableW                                       7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] USER32.dll!CreateAcceleratorTableW + 4                                   7E39D9BF 2 Bytes  [A4, 5F] {MOVSB ; POP EDI}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] USER32.dll!SetWindowsHookExW                                             7E3A820F 6 Bytes  JMP 5FA60F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] USER32.dll!GetKeyState                                                   7E3A9ED9 6 Bytes  JMP 5FA00F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] USER32.dll!GetAsyncKeyState                                              7E3AA78F 6 Bytes  JMP 5F970F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] USER32.dll!BeginDeferWindowPos                                           7E3AAFB9 6 Bytes  JMP 5F8E0F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] USER32.dll!GetKeyboardState                                              7E3AD226 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] USER32.dll!GetKeyboardState + 4                                          7E3AD22A 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] USER32.dll!SetWindowsHookExA                                             7E3B1211 6 Bytes  JMP 5F8B0F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] USER32.dll!AttachThreadInput                                             7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] USER32.dll!AttachThreadInput + 4                                         7E3B1E56 2 Bytes  [9B, 5F] {WAIT ; POP EDI}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ADVAPI32.dll!CloseServiceHandle                                          77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ADVAPI32.dll!OpenServiceW                                                77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ADVAPI32.dll!StartServiceA                                               77DBFB58 6 Bytes  JMP 5F250F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ADVAPI32.dll!StartServiceW                                               77DC3E94 6 Bytes  JMP 5F280F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ADVAPI32.dll!ControlService                                              77DC4A09 6 Bytes  JMP 5F130F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ADVAPI32.dll!OpenServiceA                                                77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ADVAPI32.dll!LsaAddAccountRights                                         77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ADVAPI32.dll!LsaRemoveAccountRights                                      77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 6 Bytes  JMP 5F040F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 6 Bytes  JMP 5F070F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 6 Bytes  JMP 5F0A0F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 3 Bytes  [FF, 25, 1E]
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ADVAPI32.dll!ChangeServiceConfig2W + 4                                   77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ADVAPI32.dll!CreateServiceA                                              77E07211 6 Bytes  JMP 5F160F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ADVAPI32.dll!CreateServiceW                                              77E073A9 6 Bytes  JMP 5F190F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ADVAPI32.dll!DeleteService                                               77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ole32.dll!CoCreateInstanceEx                                             774D0526 6 Bytes  JMP 5F880F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ole32.dll!CoGetClassObject                                               774E56C5 6 Bytes  JMP 5F850F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ole32.dll!CLSIDFromProgID                                                774E87F2 6 Bytes  JMP 5F820F5A 
.text           C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer\gmer.exe[2712] ole32.dll!CLSIDFromProgIDEx                                              7752620D 6 Bytes  JMP 5F7F0F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtClose                                                                            7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtClose + 4                                                                        7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtCreateFile                                                                       7C91D0AE 1 Byte  [FF]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtCreateFile                                                                       7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtCreateFile + 4                                                                   7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtCreateKey                                                                        7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtCreateKey + 4                                                                    7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtDeleteFile                                                                       7C91D23E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtDeleteFile + 4                                                                   7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtDeleteKey                                                                        7C91D24E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtDeleteKey + 4                                                                    7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtDeleteValueKey                                                                   7C91D26E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtDeleteValueKey + 4                                                               7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtDuplicateObject                                                                  7C91D29E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtDuplicateObject + 4                                                              7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtEnumerateKey                                                                     7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtEnumerateKey + 4                                                                 7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtEnumerateValueKey                                                                7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtEnumerateValueKey + 4                                                            7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtOpenFile                                                                         7C91D59E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtOpenFile + 4                                                                     7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtQueryMultipleValueKey                                                            7C91D86E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtQueryMultipleValueKey + 4                                                        7C91D872 2 Bytes  [62, 5F]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtQueryValueKey                                                                    7C91D96E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtQueryValueKey + 4                                                                7C91D972 2 Bytes  [65, 5F]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtReadFile                                                                         7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtReadFile + 4                                                                     7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtSetInformationFile                                                               7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtSetInformationFile + 4                                                           7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtSetValueKey                                                                      7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtSetValueKey + 4                                                                  7C91DDD2 2 Bytes  [68, 5F]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtUnloadKey                                                                        7C91DECE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtUnloadKey + 4                                                                    7C91DED2 2 Bytes  [6B, 5F]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtWriteFile                                                                        7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!NtWriteFile + 4                                                                    7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!LdrLoadDll                                                                         7C9263C3 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ntdll.dll!LdrLoadDll + 4                                                                     7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] kernel32.dll!TerminateProcess                                                                7C801E1A 6 Bytes  JMP 5F310F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] kernel32.dll!WriteProcessMemory                                                              7C802213 6 Bytes  JMP 5F370F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] kernel32.dll!CreateFileMappingW                                                              7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] kernel32.dll!MapViewOfFileEx                                                                 7C80B936 6 Bytes  JMP 5F340F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] kernel32.dll!CreateRemoteThread                                                              7C8104CC 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] kernel32.dll!CreateRemoteThread + 4                                                          7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] kernel32.dll!CreateProcessInternalW                                                          7C8197B0 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] kernel32.dll!CreateProcessInternalW + 4                                                      7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] kernel32.dll!MoveFileWithProgressW                                                           7C81F72E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] kernel32.dll!MoveFileWithProgressW + 4                                                       7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] kernel32.dll!CopyFileExW                                                                     7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ADVAPI32.dll!CloseServiceHandle                                                              77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ADVAPI32.dll!OpenServiceW                                                                    77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ADVAPI32.dll!StartServiceA                                                                   77DBFB58 6 Bytes  JMP 5F250F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ADVAPI32.dll!StartServiceW                                                                   77DC3E94 6 Bytes  JMP 5F280F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ADVAPI32.dll!ControlService                                                                  77DC4A09 6 Bytes  JMP 5F130F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ADVAPI32.dll!OpenServiceA                                                                    77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ADVAPI32.dll!LsaAddAccountRights                                                             77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ADVAPI32.dll!LsaRemoveAccountRights                                                          77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ADVAPI32.dll!ChangeServiceConfigA                                                            77E06E69 6 Bytes  JMP 5F040F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ADVAPI32.dll!ChangeServiceConfigW                                                            77E07001 6 Bytes  JMP 5F070F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ADVAPI32.dll!ChangeServiceConfig2A                                                           77E07101 6 Bytes  JMP 5F0A0F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ADVAPI32.dll!ChangeServiceConfig2W                                                           77E07189 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ADVAPI32.dll!ChangeServiceConfig2W + 4                                                       77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ADVAPI32.dll!CreateServiceA                                                                  77E07211 6 Bytes  JMP 5F160F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ADVAPI32.dll!CreateServiceW                                                                  77E073A9 6 Bytes  JMP 5F190F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ADVAPI32.dll!DeleteService                                                                   77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] USER32.dll!DispatchMessageW                                                                  7E398A01 6 Bytes  JMP 5FA90F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] USER32.dll!TranslateMessage                                                                  7E398BF6 6 Bytes  JMP 5F940F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] USER32.dll!DispatchMessageA                                                                  7E3996B8 6 Bytes  JMP 5F910F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] USER32.dll!CreateAcceleratorTableW                                                           7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] USER32.dll!CreateAcceleratorTableW + 4                                                       7E39D9BF 2 Bytes  [A4, 5F] {MOVSB ; POP EDI}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] USER32.dll!SetWindowsHookExW                                                                 7E3A820F 6 Bytes  JMP 5FA60F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] USER32.dll!GetKeyState                                                                       7E3A9ED9 6 Bytes  JMP 5FA00F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] USER32.dll!GetAsyncKeyState                                                                  7E3AA78F 6 Bytes  JMP 5F970F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] USER32.dll!BeginDeferWindowPos                                                               7E3AAFB9 6 Bytes  JMP 5F8E0F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] USER32.dll!GetKeyboardState                                                                  7E3AD226 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] USER32.dll!GetKeyboardState + 4                                                              7E3AD22A 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] USER32.dll!SetWindowsHookExA                                                                 7E3B1211 6 Bytes  JMP 5F8B0F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] USER32.dll!AttachThreadInput                                                                 7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] USER32.dll!AttachThreadInput + 4                                                             7E3B1E56 2 Bytes  [9B, 5F] {WAIT ; POP EDI}
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ole32.dll!CoCreateInstanceEx                                                                 774D0526 6 Bytes  JMP 5F880F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ole32.dll!CoGetClassObject                                                                   774E56C5 6 Bytes  JMP 5F850F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ole32.dll!CLSIDFromProgID                                                                    774E87F2 6 Bytes  JMP 5F820F5A 
.text           C:\Archivos de programa\Bonjour\mDNSResponder.exe[3208] ole32.dll!CLSIDFromProgIDEx                                                                  7752620D 6 Bytes  JMP 5F7F0F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtClose                                                                7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtClose + 4                                                            7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtCreateFile                                                           7C91D0AE 1 Byte  [FF]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtCreateFile                                                           7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtCreateFile + 4                                                       7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtCreateKey                                                            7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtCreateKey + 4                                                        7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtDeleteFile                                                           7C91D23E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtDeleteFile + 4                                                       7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtDeleteKey                                                            7C91D24E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtDeleteKey + 4                                                        7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtDeleteValueKey                                                       7C91D26E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtDeleteValueKey + 4                                                   7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtDuplicateObject                                                      7C91D29E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtDuplicateObject + 4                                                  7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtEnumerateKey                                                         7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtEnumerateKey + 4                                                     7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtEnumerateValueKey                                                    7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtEnumerateValueKey + 4                                                7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtOpenFile                                                             7C91D59E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtOpenFile + 4                                                         7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtQueryMultipleValueKey                                                7C91D86E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtQueryMultipleValueKey + 4                                            7C91D872 2 Bytes  [62, 5F]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtQueryValueKey                                                        7C91D96E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtQueryValueKey + 4                                                    7C91D972 2 Bytes  [65, 5F]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtReadFile                                                             7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtReadFile + 4                                                         7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtSetInformationFile                                                   7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtSetInformationFile + 4                                               7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtSetValueKey                                                          7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtSetValueKey + 4                                                      7C91DDD2 2 Bytes  [68, 5F]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtUnloadKey                                                            7C91DECE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtUnloadKey + 4                                                        7C91DED2 2 Bytes  [6B, 5F]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtWriteFile                                                            7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!NtWriteFile + 4                                                        7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!LdrLoadDll                                                             7C9263C3 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ntdll.dll!LdrLoadDll + 4                                                         7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] kernel32.dll!TerminateProcess                                                    7C801E1A 6 Bytes  JMP 5F310F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] kernel32.dll!WriteProcessMemory                                                  7C802213 6 Bytes  JMP 5F370F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] kernel32.dll!CreateFileMappingW                                                  7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] kernel32.dll!MapViewOfFileEx                                                     7C80B936 6 Bytes  JMP 5F340F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] kernel32.dll!CreateRemoteThread                                                  7C8104CC 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] kernel32.dll!CreateRemoteThread + 4                                              7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] kernel32.dll!CreateProcessInternalW                                              7C8197B0 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] kernel32.dll!CreateProcessInternalW + 4                                          7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] kernel32.dll!MoveFileWithProgressW                                               7C81F72E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] kernel32.dll!MoveFileWithProgressW + 4                                           7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] kernel32.dll!CopyFileExW                                                         7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] USER32.dll!DispatchMessageW                                                      7E398A01 6 Bytes  JMP 5FA90F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] USER32.dll!TranslateMessage                                                      7E398BF6 6 Bytes  JMP 5F940F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] USER32.dll!DispatchMessageA                                                      7E3996B8 6 Bytes  JMP 5F910F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] USER32.dll!CreateAcceleratorTableW                                               7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] USER32.dll!CreateAcceleratorTableW + 4                                           7E39D9BF 2 Bytes  [A4, 5F] {MOVSB ; POP EDI}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] USER32.dll!SetWindowsHookExW                                                     7E3A820F 6 Bytes  JMP 5FA60F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] USER32.dll!GetKeyState                                                           7E3A9ED9 6 Bytes  JMP 5FA00F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] USER32.dll!GetAsyncKeyState                                                      7E3AA78F 6 Bytes  JMP 5F970F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] USER32.dll!BeginDeferWindowPos                                                   7E3AAFB9 6 Bytes  JMP 5F8E0F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] USER32.dll!GetKeyboardState                                                      7E3AD226 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] USER32.dll!GetKeyboardState + 4                                                  7E3AD22A 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] USER32.dll!SetWindowsHookExA                                                     7E3B1211 6 Bytes  JMP 5F8B0F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] USER32.dll!AttachThreadInput                                                     7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] USER32.dll!AttachThreadInput + 4                                                 7E3B1E56 2 Bytes  [9B, 5F] {WAIT ; POP EDI}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ADVAPI32.dll!CloseServiceHandle                                                  77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ADVAPI32.dll!OpenServiceW                                                        77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ADVAPI32.dll!StartServiceA                                                       77DBFB58 6 Bytes  JMP 5F250F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ADVAPI32.dll!StartServiceW                                                       77DC3E94 6 Bytes  JMP 5F280F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ADVAPI32.dll!ControlService                                                      77DC4A09 6 Bytes  JMP 5F130F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ADVAPI32.dll!OpenServiceA                                                        77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ADVAPI32.dll!LsaAddAccountRights                                                 77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ADVAPI32.dll!LsaRemoveAccountRights                                              77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ADVAPI32.dll!ChangeServiceConfigA                                                77E06E69 6 Bytes  JMP 5F040F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ADVAPI32.dll!ChangeServiceConfigW                                                77E07001 6 Bytes  JMP 5F070F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ADVAPI32.dll!ChangeServiceConfig2A                                               77E07101 6 Bytes  JMP 5F0A0F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ADVAPI32.dll!ChangeServiceConfig2W                                               77E07189 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ADVAPI32.dll!ChangeServiceConfig2W + 4                                           77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ADVAPI32.dll!CreateServiceA                                                      77E07211 6 Bytes  JMP 5F160F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ADVAPI32.dll!CreateServiceW                                                      77E073A9 6 Bytes  JMP 5F190F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ADVAPI32.dll!DeleteService                                                       77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ole32.dll!CoCreateInstanceEx                                                     774D0526 6 Bytes  JMP 5F880F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ole32.dll!CoGetClassObject                                                       774E56C5 6 Bytes  JMP 5F850F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ole32.dll!CLSIDFromProgID                                                        774E87F2 6 Bytes  JMP 5F820F5A 
.text           C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe[3428] ole32.dll!CLSIDFromProgIDEx                                                      7752620D 6 Bytes  JMP 5F7F0F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtClose                                                                          7C91CFEE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtClose + 4                                                                      7C91CFF2 2 Bytes  [4D, 5F] {DEC EBP; POP EDI}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtCreateFile                                                                     7C91D0AE 1 Byte  [FF]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtCreateFile                                                                     7C91D0AE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtCreateFile + 4                                                                 7C91D0B2 2 Bytes  [6E, 5F] {OUTSB ; POP EDI}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtCreateKey                                                                      7C91D0EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtCreateKey + 4                                                                  7C91D0F2 2 Bytes  [50, 5F] {PUSH EAX; POP EDI}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtDeleteFile                                                                     7C91D23E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtDeleteFile + 4                                                                 7C91D242 2 Bytes  [71, 5F] {JNO 0x61}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtDeleteKey                                                                      7C91D24E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtDeleteKey + 4                                                                  7C91D252 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtDeleteValueKey                                                                 7C91D26E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtDeleteValueKey + 4                                                             7C91D272 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtDuplicateObject                                                                7C91D29E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtDuplicateObject + 4                                                            7C91D2A2 2 Bytes  [59, 5F] {POP ECX; POP EDI}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtEnumerateKey                                                                   7C91D2CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtEnumerateKey + 4                                                               7C91D2D2 2 Bytes  [5C, 5F] {POP ESP; POP EDI}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtEnumerateValueKey                                                              7C91D2EE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtEnumerateValueKey + 4                                                          7C91D2F2 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtOpenFile                                                                       7C91D59E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtOpenFile + 4                                                                   7C91D5A2 2 Bytes  [74, 5F] {JZ 0x61}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtQueryMultipleValueKey                                                          7C91D86E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtQueryMultipleValueKey + 4                                                      7C91D872 2 Bytes  [62, 5F]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtQueryValueKey                                                                  7C91D96E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtQueryValueKey + 4                                                              7C91D972 2 Bytes  [65, 5F]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtReadFile                                                                       7C91D9CE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtReadFile + 4                                                                   7C91D9D2 2 Bytes  [77, 5F] {JA 0x61}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtSetInformationFile                                                             7C91DC5E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtSetInformationFile + 4                                                         7C91DC62 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtSetValueKey                                                                    7C91DDCE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtSetValueKey + 4                                                                7C91DDD2 2 Bytes  [68, 5F]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtUnloadKey                                                                      7C91DECE 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtUnloadKey + 4                                                                  7C91DED2 2 Bytes  [6B, 5F]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtWriteFile                                                                      7C91DF7E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!NtWriteFile + 4                                                                  7C91DF82 2 Bytes  [7D, 5F] {JGE 0x61}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!LdrLoadDll                                                                       7C9263C3 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ntdll.dll!LdrLoadDll + 4                                                                   7C9263C7 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] kernel32.dll!TerminateProcess                                                              7C801E1A 6 Bytes  JMP 5F310F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] kernel32.dll!WriteProcessMemory                                                            7C802213 6 Bytes  JMP 5F370F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] kernel32.dll!CreateFileMappingW                                                            7C80943C 6 Bytes  JMP 5F3D0F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] kernel32.dll!MapViewOfFileEx                                                               7C80B936 6 Bytes  JMP 5F340F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] kernel32.dll!CreateRemoteThread                                                            7C8104CC 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] kernel32.dll!CreateRemoteThread + 4                                                        7C8104D0 2 Bytes  [41, 5F] {INC ECX; POP EDI}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] kernel32.dll!CreateProcessInternalW                                                        7C8197B0 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] kernel32.dll!CreateProcessInternalW + 4                                                    7C8197B4 2 Bytes  [47, 5F] {INC EDI; POP EDI}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] kernel32.dll!MoveFileWithProgressW                                                         7C81F72E 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] kernel32.dll!MoveFileWithProgressW + 4                                                     7C81F732 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] kernel32.dll!CopyFileExW                                                                   7C827B32 6 Bytes  JMP 5F3A0F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ADVAPI32.dll!CloseServiceHandle                                                            77DB6CE5 6 Bytes  JMP 5F100F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ADVAPI32.dll!OpenServiceW                                                                  77DB6FFD 6 Bytes  JMP 5F220F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ADVAPI32.dll!StartServiceA                                                                 77DBFB58 6 Bytes  JMP 5F250F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ADVAPI32.dll!StartServiceW                                                                 77DC3E94 6 Bytes  JMP 5F280F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ADVAPI32.dll!ControlService                                                                77DC4A09 6 Bytes  JMP 5F130F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ADVAPI32.dll!OpenServiceA                                                                  77DC4C66 6 Bytes  JMP 5F1F0F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ADVAPI32.dll!LsaAddAccountRights                                                           77DEABF1 6 Bytes  JMP 5F2B0F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ADVAPI32.dll!LsaRemoveAccountRights                                                        77DEAC91 6 Bytes  JMP 5F2E0F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ADVAPI32.dll!ChangeServiceConfigA                                                          77E06E69 6 Bytes  JMP 5F040F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ADVAPI32.dll!ChangeServiceConfigW                                                          77E07001 6 Bytes  JMP 5F070F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ADVAPI32.dll!ChangeServiceConfig2A                                                         77E07101 6 Bytes  JMP 5F0A0F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ADVAPI32.dll!ChangeServiceConfig2W                                                         77E07189 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ADVAPI32.dll!ChangeServiceConfig2W + 4                                                     77E0718D 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ADVAPI32.dll!CreateServiceA                                                                77E07211 6 Bytes  JMP 5F160F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ADVAPI32.dll!CreateServiceW                                                                77E073A9 6 Bytes  JMP 5F190F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ADVAPI32.dll!DeleteService                                                                 77E074B1 6 Bytes  JMP 5F1C0F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] USER32.dll!DispatchMessageW                                                                7E398A01 6 Bytes  JMP 5FA30F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] USER32.dll!TranslateMessage                                                                7E398BF6 6 Bytes  JMP 5F8E0F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] USER32.dll!DispatchMessageA                                                                7E3996B8 6 Bytes  JMP 5F8B0F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] USER32.dll!CreateAcceleratorTableW                                                         7E39D9BB 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] USER32.dll!CreateAcceleratorTableW + 4                                                     7E39D9BF 2 Bytes  [9E, 5F] {SAHF ; POP EDI}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] USER32.dll!SetWindowsHookExW                                                               7E3A820F 6 Bytes  JMP 5FA00F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] USER32.dll!GetKeyState                                                                     7E3A9ED9 6 Bytes  JMP 5F9A0F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] USER32.dll!GetAsyncKeyState                                                                7E3AA78F 6 Bytes  JMP 5F910F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] USER32.dll!BeginDeferWindowPos                                                             7E3AAFB9 6 Bytes  JMP 5F880F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] USER32.dll!GetKeyboardState                                                                7E3AD226 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] USER32.dll!GetKeyboardState + 4                                                            7E3AD22A 2 Bytes  [98, 5F] {CWDE ; POP EDI}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] USER32.dll!SetWindowsHookExA                                                               7E3B1211 6 Bytes  JMP 5F850F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] USER32.dll!AttachThreadInput                                                               7E3B1E52 3 Bytes  [FF, 25, 1E]
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] USER32.dll!AttachThreadInput + 4                                                           7E3B1E56 2 Bytes  [95, 5F] {XCHG EBP, EAX; POP EDI}
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ole32.dll!CLSIDFromProgID                                                                  774E87F2 6 Bytes  JMP 5F820F5A 
.text           C:\Archivos de programa\Mozilla Firefox\firefox.exe[3800] ole32.dll!CLSIDFromProgIDEx                                                                7752620D 6 Bytes  JMP 5F7F0F5A 

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                               ShlDrv51.sys (Panda File and Registry Protection driver/Panda Software International)
Device          \FileSystem\Ntfs \Ntfs                                                                                                                               863D71F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                               pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Software International)
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                               av5flt.sys

Device          \FileSystem\Fastfat \FatCdrom                                                                                                                        85CBD500

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                             NETFLTDI.SYS (Panda TDI Filter/Panda Software)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{E2CC720D-F80E-4B20-939D-FD65C31C2F88}                                                                             859221F8
Device          \Driver\usbohci \Device\USBPDO-0                                                                                                                     861C6500
Device          \Driver\usbohci \Device\USBPDO-1                                                                                                                     861C6500
Device          \Driver\usbehci \Device\USBPDO-2                                                                                                                     861CB500
Device          \Driver\PCI_PNP8910 \Device\00000054                                                                                                                 spbo.sys

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                            NETFLTDI.SYS (Panda TDI Filter/Panda Software)

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                               863661F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                                               863661F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                                                         861C7500
Device          \Driver\Cdrom \Device\CdRom1                                                                                                                         861C7500
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                   [F73F5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                   [F73F5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                                   [F73F5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7                                                                                                          [F73F5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                                   [F73F5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort4                                                                                                                   [F73F5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort5                                                                                                                   [F73F5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-16                                                                                                         [F73F5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\USBSTOR \Device\00000080                                                                                                                     8615C1F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                              859221F8
Device          \Driver\USBSTOR \Device\00000084                                                                                                                     8615C1F8
Device          \Driver\sptd \Device\673512660                                                                                                                       spbo.sys
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                                                     859221F8
Device          \Driver\USBSTOR \Device\00000085                                                                                                                     8615C1F8
Device          \Driver\Modem \Device\00000079                                                                                                                       COMFiltr.sys
Device          \Driver\USBSTOR \Device\00000086                                                                                                                     8615C1F8
Device          \Driver\USBSTOR \Device\00000087                                                                                                                     8615C1F8

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                            NETFLTDI.SYS (Panda TDI Filter/Panda Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                          NETFLTDI.SYS (Panda TDI Filter/Panda Software)

Device          \Driver\usbohci \Device\USBFDO-0                                                                                                                     861C6500
Device          \Driver\usbohci \Device\USBFDO-1                                                                                                                     861C6500
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                                    856961F8
Device          \Driver\usbehci \Device\USBFDO-2                                                                                                                     861CB500
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                                          856961F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                                                     863661F8
Device          \Driver\a3vxplbv \Device\Scsi\a3vxplbv1Port6Path0Target0Lun0                                                                                         861021F8
Device          \Driver\a3vxplbv \Device\Scsi\a3vxplbv1                                                                                                              861021F8
Device          \FileSystem\Fastfat \Fat                                                                                                                             85CBD500

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                             pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Software International)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                             av5flt.sys

Device          \FileSystem\Cdfs \Cdfs                                                                                                                               85F5A428

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]                                                                                                   771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]                                                                                                   285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]                                                                                                   1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                                                                  C:\Archivos de programa\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                                                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                                                               0x24 0xC9 0x37 0x42 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected]                                                         0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected]                                                      0xB6 0x2D 0x85 0x49 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected]                                                0x97 0x65 0x7C 0xAB ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                                 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF[email protected]                                                                      C:\Archivos de programa\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]                                                                      0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]                                                                   0x24 0xC9 0x37 0x42 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                                        
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected]                                                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected]                                                          0xB6 0x2D 0x85 0x49 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                                  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected]                                                    0x97 0x65 0x7C 0xAB ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected]                                                                      C:\Archivos de programa\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected]                                                                      0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected]                                                                   0xA3 0x4A 0xF6 0x5B ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                                        
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected]                                                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected]                                                          0xB6 0x2D 0x85 0x49 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                                  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected]                                                    0x97 0x65 0x7C 0xAB ...

---- EOF - GMER 1.0.15 ----

  • 0

#4
Espirales

Espirales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL Log (OTL.txt):


OTL logfile created on: 2010-09-23 00:51:40 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Documents and Settings\Compaq_Propietario\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000080A | Country: México | Language: ESM | Date Format: yyyy-MM-dd
 
959.00 Mb Total Physical Memory | 424.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 179.22 Gb Total Space | 16.68 Gb Free Space | 9.30% Space Free | Partition Type: NTFS
Drive D: | 7.07 Gb Total Space | 0.77 Gb Free Space | 10.89% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NOMBRE-CDC5BBBF
Current User Name: Compaq_Propietario
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010-09-22 23:32:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\OTL.exe
PRC - [2010-05-20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2010-05-20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft LifeCam\MSCamS32.exe
PRC - [2010-05-14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
PRC - [2010-05-14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010-02-09 15:00:43 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Archivos de programa\DNA\btdna.exe
PRC - [2008-04-13 21:18:57 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-02-18 11:16:30 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007-04-29 05:20:32 | 000,607,280 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\Upgrader.exe
PRC - [2007-04-27 21:44:26 | 000,628,272 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\apvxdwin.exe
PRC - [2007-04-20 15:33:54 | 000,108,080 | ---- | M] (Panda Software International, S.L.) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavBckPT.exe
PRC - [2007-04-16 18:04:32 | 000,405,040 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe
PRC - [2007-04-04 12:45:08 | 000,226,864 | ---- | M] (Panda Software International) -- c:\Archivos de programa\Panda Software\Panda Internet Security 2007\FIREWALL\PSHost.exe
PRC - [2007-04-04 12:45:08 | 000,165,424 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsCtrlS.exe
PRC - [2007-04-04 12:44:58 | 000,173,616 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PAVFNSVR.EXE
PRC - [2007-03-28 18:15:56 | 000,083,504 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\WebProxy.exe
PRC - [2007-03-15 17:51:46 | 000,096,816 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
PRC - [2007-02-19 07:21:52 | 000,041,520 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\PavPrSrv.exe
PRC - [2007-02-15 21:00:56 | 000,136,752 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PAVSRV51.EXE
PRC - [2007-02-06 19:44:12 | 000,108,080 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe
PRC - [2007-02-06 19:44:02 | 000,065,584 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\avciman.exe
PRC - [2007-02-05 11:00:22 | 000,079,408 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\SrvLoad.exe
PRC - [2007-01-15 15:42:16 | 000,067,120 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
PRC - [2007-01-04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe
PRC - [2006-05-19 06:32:16 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010-09-22 23:32:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\OTL.exe
MOD - [2008-04-13 21:17:10 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007-04-20 15:33:58 | 000,087,600 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavoepl.dll
MOD - [2007-04-16 18:04:26 | 000,292,400 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\PavSHook.dll
MOD - [2007-03-13 19:01:46 | 000,161,328 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\TpUtil.dll
MOD - [2007-02-28 19:04:44 | 000,063,024 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\pavipc.dll
MOD - [2007-02-08 12:53:40 | 000,107,568 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\SYSTOOLS.DLL
MOD - [2006-05-19 06:32:13 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Compaq_Propietario\Configuración local\temp\IadHide5.dll
MOD - [2003-03-19 03:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2003-02-21 11:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010-05-20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010-05-14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009-09-03 11:51:46 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Archivos de programa\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009-08-05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008-11-04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-04-12 13:34:31 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008-02-18 11:16:30 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007-04-16 18:04:32 | 000,405,040 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe -- (TPSrv)
SRV - [2007-04-04 12:45:08 | 000,226,864 | ---- | M] (Panda Software International) [Auto | Running] -- c:\archivos de programa\panda software\panda internet security 2007\firewall\PSHOST.EXE -- (PSHost)
SRV - [2007-04-04 12:45:08 | 000,165,424 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsCtrls.exe -- (Panda Software Controller)
SRV - [2007-04-04 12:44:58 | 000,173,616 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2007-02-19 07:21:52 | 000,041,520 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2007-02-15 21:00:56 | 000,136,752 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe -- (PAVSRV)
SRV - [2007-02-06 19:44:12 | 000,108,080 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe -- (PSIMSVC)
SRV - [2007-01-15 16:01:56 | 000,266,240 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007-01-15 15:42:16 | 000,067,120 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe -- (pmshellsrv)
SRV - [2007-01-04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006-10-26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\PavTPK.sys -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\PavSRK.sys -- (PavSRK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\COMFiltr.sys -- (ComFiltr)
DRV - File not found [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\av5flt.sys -- (AvFlt)
DRV - [2010-05-20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2009-08-05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008-09-08 19:55:30 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-04-13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Controlador de audio USB (WDM)
DRV - [2008-04-13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-04-24 16:43:56 | 000,142,128 | ---- | M] (Panda Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\netimflt.sys -- (NETIMFLT)
DRV - [2007-04-17 18:42:44 | 000,121,392 | ---- | M] (Panda Software) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2007-04-02 20:43:32 | 000,029,360 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2007-04-02 20:43:28 | 000,036,016 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smsflt.sys -- (SMSFLT)
DRV - [2007-04-02 20:43:20 | 000,190,640 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2007-04-02 20:43:18 | 000,049,968 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2007-04-02 20:43:14 | 000,058,800 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2007-03-12 18:45:48 | 000,015,792 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2007-03-12 10:27:50 | 000,031,104 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2007-02-19 07:21:50 | 000,170,800 | ---- | M] (Panda Software International) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2007-01-23 11:49:02 | 000,071,680 | ---- | M] (Panda Software International) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV)
DRV - [2006-11-02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Archivos de programa\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006-10-27 14:27:00 | 000,017,792 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpoint.sys -- (cpoint)
DRV - [2006-09-05 11:03:16 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2006-03-08 15:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-02-07 23:55:34 | 001,480,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006-01-25 18:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006-01-18 20:41:58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005-12-12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2004-08-19 08:29:40 | 000,607,292 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004-08-03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2004-08-03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Controlador de Windows NT del adaptador Fast Ethernet PCI basado en Realtek  RTL8139(A/B/C)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Archivos de programa\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google (Language: EN)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2010-08-22 22:30:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2010-09-22 23:13:47 | 000,000,000 | ---D | M]
 
[2009-09-18 21:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Mozilla\Extensions
[2009-09-18 21:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Mozilla\Extensions\[email protected]
[2010-09-22 23:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Mozilla\Firefox\Profiles\gr01hu5u.default\extensions
[2009-09-04 22:45:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Mozilla\Firefox\Profiles\gr01hu5u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-11-23 12:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Mozilla\Firefox\Profiles\gr01hu5u.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009-08-30 01:14:51 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Mozilla\Firefox\Profiles\gr01hu5u.default\searchplugins\google-language-en.xml
[2010-04-12 14:01:50 | 000,005,495 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Mozilla\Firefox\Profiles\gr01hu5u.default\searchplugins\SearchquWebSearch.xml
[2010-09-22 23:04:11 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2010-05-16 09:14:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-09-22 22:58:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-07-17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
[2008-02-04 18:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Mozilla Firefox\plugins\npOGAPlugin.dll
[2007-04-16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\plugins\npViewpoint.dll
[2009-06-24 07:11:11 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2009-06-24 07:11:11 | 000,000,751 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2010-04-12 14:01:50 | 000,005,495 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2009-06-24 07:11:11 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2009-06-24 07:11:11 | 000,000,798 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml
 
O1 HOSTS File: ([2008-10-14 17:29:22 | 000,000,698 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Archivos de programa\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Archivos de programa\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Archivos de programa\SGPSA\BHO.dll (MTWB)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Archivos de programa\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Archivos de programa\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Archivos de programa\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Archivos de programa\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Archivos de programa\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APVXDWIN] C:\Archivos de programa\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE (Panda Software International)
O4 - HKLM..\Run: [HPBootOp] C:\Archivos de programa\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Archivos de programa\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SCANINICIO] C:\Archivos de programa\Panda Software\Panda Internet Security 2007\Inicio.exe (Panda Software International)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Archivos de programa\DNA\btdna.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Conexiones Compaq.lnk = C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Compaq_Propietario\Menú Inicio\Programas\Inicio\Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Compaq_Propietario\Datos de programa\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavlsp.dll (Panda Software International)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.3.1.217 10.3.1.221 10.3.1.100
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\navnet {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Archivos de programa\NavNetApp\ComUtilities.dll (MH)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\archiv~1\wi9130~1\datamngr\datamngr.dll) - c:\archiv~1\wi9130~1\datamngr\datamngr.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Software International)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Propietario\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Propietario\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-05-19 06:29:59 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001-07-27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{b2579b16-5aeb-11de-a414-0016ecb61f18}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\{b2579b17-5aeb-11de-a414-0016ecb61f18}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (73197104696131584)
 
[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]
 
[2010-09-23 00:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer
[2010-09-22 23:57:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-09-22 23:57:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-09-22 23:57:32 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010-09-22 23:32:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\OTL.exe
[2010-09-22 23:26:47 | 006,153,384 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\mbam-setup.exe
[2010-09-22 23:22:46 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\TFC.exe
[2010-09-07 15:57:25 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft LifeCam
[2010-09-07 15:55:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2010-07-31 00:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Propietario\Escritorio\ProvWiki
[2010-07-17 22:05:50 | 012,455,136 | ---- | C] (DVDVideoSoft Limited.                                       ) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\FreeAudioToFlashConverter.exe
[2010-07-13 02:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Propietario\Configuración local\Datos de programa\Navnet_Solutions
[2010-07-13 01:20:11 | 000,000,000 | ---D | C] -- C:\Archivos de programa\NavNetApp
[2010-07-13 01:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\NavNet Solutions
[2010-07-13 01:18:56 | 003,550,047 | ---- | C] (NavNet Solutions                                            ) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\NavNetSetupB443.exe
[2010-07-07 13:27:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010-07-06 23:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Propietario\Mis documentos\dvd
[2010-07-06 23:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\DVD Flick
[2010-07-06 23:30:01 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2010-07-06 23:30:01 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2010-07-06 23:30:00 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2010-07-06 23:29:58 | 000,000,000 | ---D | C] -- C:\Archivos de programa\DVD Flick
[2010-07-06 19:39:07 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Ask.com
[99 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[91 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]
 
[2010-09-23 00:55:03 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-09-23 00:55:02 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-09-23 00:49:43 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010-09-23 00:49:18 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010-09-23 00:46:55 | 000,260,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2010-09-23 00:46:55 | 000,260,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2010-09-23 00:46:55 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2010-09-23 00:46:55 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2010-09-23 00:46:48 | 000,001,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2010-09-23 00:46:48 | 000,001,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2010-09-23 00:46:48 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2010-09-23 00:46:48 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2010-09-23 00:46:48 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2010-09-23 00:46:48 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2010-09-23 00:46:48 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2010-09-23 00:46:48 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2010-09-23 00:46:48 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SmsFlt.cfg.bck
[2010-09-23 00:46:48 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SmsFlt.cfg
[2010-09-23 00:46:47 | 000,338,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2010-09-23 00:46:47 | 000,338,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2010-09-23 00:46:04 | 000,000,076 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
[2010-09-23 00:46:04 | 000,000,076 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt
[2010-09-23 00:46:01 | 000,000,956 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAV.alt.bck
[2010-09-23 00:46:01 | 000,000,956 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAV.alt
[2010-09-23 00:43:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-09-23 00:43:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-09-23 00:43:10 | 1006,030,848 | -HS- | M] () -- C:\hiberfil.sys
[2010-09-23 00:31:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-09-23 00:20:54 | 010,223,616 | -H-- | M] () -- C:\Documents and Settings\Compaq_Propietario\NTUSER.DAT
[2010-09-23 00:20:54 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\Compaq_Propietario\ntuser.ini
[2010-09-22 23:57:37 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2010-09-22 23:32:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\OTL.exe
[2010-09-22 23:28:43 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer.zip
[2010-09-22 23:28:08 | 006,153,384 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\mbam-setup.exe
[2010-09-22 23:22:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\TFC.exe
[2010-09-22 20:42:01 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Mis documentos\spider.sav
[2010-09-22 15:07:11 | 000,002,165 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\iTunes.lnk
[2010-09-22 07:37:15 | 000,001,901 | ---- | M] () -- C:\WINDOWS\panose.bin
[2010-09-21 17:28:04 | 183,490,560 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Star.Wars.The.Clone.Wars.S01E11.Dooku.Captured.avi
[2010-09-21 01:06:25 | 022,854,309 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Morning_Glories_02__2010___Minutemen-DTs_.cbz
[2010-09-21 01:00:03 | 038,879,949 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Morning_Glories_01__2010___c2c___Minutemen-DTs_.cbz
[2010-09-21 00:49:55 | 033,413,685 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Secret_Avengers_04__2010___3_covers___Minutemen-TwizToons_.cbr
[2010-09-20 23:50:51 | 000,122,368 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-18 13:21:44 | 000,488,960 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Acuse_de_Recibo.pps
[2010-09-18 04:25:00 | 056,456,400 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\The Unwritten 17.cbr
[2010-09-16 09:42:19 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Guillermo_Flores_(Pasante_Abogado).doc
[2010-09-15 19:38:58 | 000,163,840 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Cleaver-Guillermo_Flores.xls
[2010-09-15 03:16:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-09-12 10:34:10 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\default.pls
[2010-09-12 10:34:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-09-09 09:09:08 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-09-07 15:57:50 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Microsoft LifeCam.lnk
[2010-09-02 11:24:29 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2010-08-13 01:09:47 | 015,339,981 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\The Unwritten 16.cbr
[2010-08-12 03:47:11 | 000,593,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-08-12 03:25:01 | 000,623,980 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2010-08-12 03:25:01 | 000,545,142 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-08-12 03:25:01 | 000,149,578 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2010-08-12 03:25:01 | 000,114,336 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-08-12 03:25:01 | 000,005,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-07-30 15:39:04 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010-07-23 12:49:51 | 000,660,470 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\MBC Directors 21-07-10.pdf
[2010-07-17 22:09:17 | 012,455,136 | ---- | M] (DVDVideoSoft Limited.                                       ) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\FreeAudioToFlashConverter.exe
[2010-07-15 16:22:46 | 021,844,288 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\The Unwritten 15.cbr
[2010-07-13 01:19:41 | 003,550,047 | ---- | M] (NavNet Solutions                                            ) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\NavNetSetupB443.exe
[2010-07-03 23:11:32 | 002,113,968 | -H-- | M] () -- C:\Documents and Settings\Compaq_Propietario\Configuración local\Datos de programa\IconCache.db
[99 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[91 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010-09-22 23:57:37 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2010-09-22 23:28:41 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer.zip
[2010-09-21 16:40:45 | 183,490,560 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Star.Wars.The.Clone.Wars.S01E11.Dooku.Captured.avi
[2010-09-21 01:00:20 | 022,854,309 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Morning_Glories_02__2010___Minutemen-DTs_.cbz
[2010-09-21 00:50:16 | 038,879,949 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Morning_Glories_01__2010___c2c___Minutemen-DTs_.cbz
[2010-09-21 00:40:52 | 033,413,685 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Secret_Avengers_04__2010___3_covers___Minutemen-TwizToons_.cbr
[2010-09-18 13:21:42 | 000,488,960 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Acuse_de_Recibo.pps
[2010-09-18 04:08:59 | 056,456,400 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\The Unwritten 17.cbr
[2010-09-15 19:38:55 | 000,163,840 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Cleaver-Guillermo_Flores.xls
[2010-09-15 18:13:45 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Guillermo_Flores_(Pasante_Abogado).doc
[2010-09-07 16:25:35 | 000,383,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
[2010-09-07 15:57:50 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Microsoft LifeCam.lnk
[2010-09-07 15:57:48 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2010-09-07 15:57:48 | 000,013,023 | ---- | C] () -- C:\WINDOWS\VX1000.src
[2010-08-13 01:01:37 | 015,339,981 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\The Unwritten 16.cbr
[2010-07-30 15:39:04 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010-07-30 15:39:04 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010-07-23 12:49:47 | 000,660,470 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\MBC Directors 21-07-10.pdf
[2010-07-15 16:16:34 | 021,844,288 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\The Unwritten 15.cbr
[2010-05-10 10:12:05 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010-03-27 18:27:42 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010-03-27 18:27:42 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010-03-27 18:27:41 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010-03-27 18:27:41 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009-09-24 11:57:02 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009-09-24 11:56:59 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009-08-03 20:14:13 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2009-08-03 20:14:12 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-08-03 20:14:12 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-08-03 20:14:10 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009-03-13 17:27:25 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\SgiCripto.dll
[2008-12-31 18:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008-09-08 19:55:29 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-07-13 11:04:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CSDLGE1LIB.dll
[2008-04-24 12:05:45 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008-04-23 20:35:58 | 000,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2008-04-17 01:00:15 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008-04-13 11:55:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-04-13 11:55:24 | 000,122,368 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-04-12 13:45:16 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2008-04-12 13:44:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008-04-10 20:58:31 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Configuración local\Datos de programa\fusioncache.dat
[2006-05-19 06:52:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-05-19 06:35:30 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006-05-19 06:31:43 | 000,013,814 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006-05-19 06:31:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006-05-19 06:19:21 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006-05-19 06:13:14 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\hpzinstall.log
[2006-05-19 06:12:06 | 000,003,656 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006-05-19 05:55:22 | 000,000,843 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006-05-19 05:52:09 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006-05-19 05:52:09 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006-05-19 05:51:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006-03-17 19:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002-09-20 11:11:38 | 000,000,606 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[1997-06-14 03:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009-03-04 13:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\acccore
[2009-11-13 01:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\AIM
[2008-04-12 14:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Backup
[2009-08-05 14:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\muvee Technologies
[2009-09-24 12:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\pdf995
[2009-09-07 13:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TEMP
[2009-03-04 13:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Viewpoint
[2009-03-04 13:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\acccore
[2009-09-07 13:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Any DVD Converter Professional
[2010-07-07 22:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\BitTorrent
[2009-08-05 15:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\BSplayer PRO
[2008-09-08 19:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\DAEMON Tools
[2010-09-23 00:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\DNA
[2010-05-11 14:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\DVDVideoSoftIEHelpers
[2008-09-08 23:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Enterbrain
[2009-02-18 19:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Kingston
[2008-05-30 23:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Leadertech
[2008-07-13 11:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\LGSync
[2008-06-16 16:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\MSNInstaller
[2009-08-05 14:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\muvee Technologies
[2010-07-13 01:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\NavNet Solutions
[2009-02-28 19:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Opera
[2010-05-10 10:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\pdf995
[2010-09-22 23:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\PriceGong
[2008-05-23 19:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\zweitgeist
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2006-05-19 06:29:59 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-03-27 18:30:51 | 000,008,088 | ---- | M] () -- C:\avi_log.txt
[2008-04-10 20:57:20 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2008-04-12 10:54:29 | 000,000,296 | RHS- | M] () -- C:\boot.ini
[2004-08-19 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004-08-19 14:00:00 | 000,261,904 | RHS- | M] () -- C:\cmldr
[2004-11-29 11:02:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008-09-10 14:36:15 | 000,000,758 | ---- | M] () -- C:\deltaStartup.log
[2010-09-23 00:43:10 | 1006,030,848 | -HS- | M] () -- C:\hiberfil.sys
[2004-11-29 11:02:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-11-13 01:16:16 | 000,000,736 | -H-- | M] () -- C:\IPH.PH
[2004-11-29 11:02:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-19 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-10-13 21:56:05 | 000,251,168 | RHS- | M] () -- C:\ntldr
[2010-09-23 00:43:08 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2009-08-02 13:41:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009-08-02 13:42:33 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009-08-02 13:42:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009-08-17 09:58:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009-08-17 14:02:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009-08-31 14:46:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009-09-01 21:20:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009-09-02 12:06:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009-03-24 10:13:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009-04-07 16:46:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009-05-06 09:10:42 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009-05-06 09:15:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009-05-06 11:32:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009-05-06 20:29:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009-06-19 10:00:03 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009-06-19 10:09:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009-06-19 12:33:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009-08-02 10:24:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009-08-02 13:38:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009-08-02 13:41:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009-08-02 13:41:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009-08-02 13:42:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009-08-02 13:42:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009-08-17 09:58:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009-08-17 14:02:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009-08-31 14:46:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009-09-01 21:20:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009-09-02 12:06:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009-03-24 10:13:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009-04-07 16:46:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009-05-06 09:10:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009-05-06 09:15:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009-05-06 11:32:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009-05-06 20:29:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009-06-19 10:00:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009-06-19 10:09:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009-06-19 12:33:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009-08-02 10:24:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009-08-02 13:38:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009-08-02 13:41:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2004-11-29 04:52:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004-11-29 04:52:34 | 000,643,072 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-15 08:16:19
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:FB1B13D8
< End of report >



OTL Log (Extras.Txt):



OTL Extras logfile created on: 2010-09-23 00:51:40 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Documents and Settings\Compaq_Propietario\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000080A | Country: México | Language: ESM | Date Format: yyyy-MM-dd
 
959.00 Mb Total Physical Memory | 424.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 179.22 Gb Total Space | 16.68 Gb Free Space | 9.30% Space Free | Partition Type: NTFS
Drive D: | 7.07 Gb Total Space | 0.77 Gb Free Space | 10.89% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NOMBRE-CDC5BBBF
Current User Name: Compaq_Propietario
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = jsfile] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PAVSCRIP.EXE (Panda Software International)
.jse [@ = JSEFile] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PAVSCRIP.EXE (Panda Software International)
.vbe [@ = VBEFile] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PAVSCRIP.EXE (Panda Software International)
.vbs [@ = VBSFile] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PAVSCRIP.EXE (Panda Software International)
.wsf [@ = WSFFile] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PAVSCRIP.EXE (Panda Software International)
.wsh [@ = WSHFile] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PAVSCRIP.EXE (Panda Software International)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Archivos de programa\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Archivos de programa\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [open] -- C:\ARCHIV~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
jsefile [open] -- C:\ARCHIV~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\ARCHIV~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
vbsfile [open] -- C:\ARCHIV~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
wsffile [open] -- C:\ARCHIV~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
wshfile [open] -- C:\ARCHIV~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\ARCHIV~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Archivos de programa\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Archivos de programa\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Archivos de programa\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1774:TCP" = 1774:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe" = C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe" = C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Archivos de programa\Microsoft Office\Office12\GROOVE.EXE" = C:\Archivos de programa\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Archivos de programa\Microsoft Office\Office12\ONENOTE.EXE" = C:\Archivos de programa\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Archivos de programa\iTunes\iTunes.exe" = C:\Archivos de programa\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Archivos de programa\BitTorrent\bittorrent.exe" = C:\Archivos de programa\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Archivos de programa\LimeWire\LimeWire.exe" = C:\Archivos de programa\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Archivos de programa\Archivos comunes\AOL\Loader\aolload.exe" = C:\Archivos de programa\Archivos comunes\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Archivos de programa\AIM6\aim6.exe" = C:\Archivos de programa\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe" = C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe" = C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Archivos de programa\AIM\aim.exe" = C:\Archivos de programa\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Archivos de programa\DNA\btdna.exe" = C:\Archivos de programa\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Archivos de programa\Microsoft LifeCam\LifeCam.exe" = C:\Archivos de programa\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Archivos de programa\Microsoft LifeCam\LifeEnC2.exe" = C:\Archivos de programa\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Archivos de programa\Microsoft LifeCam\LifeExp.exe" = C:\Archivos de programa\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Archivos de programa\Microsoft LifeCam\LifeTray.exe" = C:\Archivos de programa\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01802DCC-4DE0-440B-A63B-FCB0C521DBC3}" = Extensión de Windows Live Toolbar (Windows Live Toolbar)
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{06140048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta 2006 Enciclopedia
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{095A5DB5-0917-4A63-B68D-9D0B6070B31B}" = Windows Live Asistente para el inicio de sesión
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}" = LG_Mobile Sync
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Panel de Control de ATI
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{1479D5E1-7F8D-49CB-AD0A-6DD8ED37662E}" = Menús inteligentes (Windows Live Toolbar)
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22B915C5-FFB7-4401-93B5-C7EC61C81CBE}" = Windows Live Protección Infantil
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{25F6A201-C40C-4669-936D-473877CFEB4C}" = Galería fotográfica de Windows Live
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}" = muvee autoProducer 5.0
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{38A0481D-544D-4C01-BB32-39332391D012}" = Windows Live Call
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F6FF1E6-4364-402C-B915-FA1A40016DFA}" = Windows Live Toolbar
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42D1FEA1-F4A6-4376-BF3A-F5175AAD5726}" = Microsoft Works
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites para Windows Live Toolbar
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{83169D43-4660-4347-BC95-E9D6E6BE65CE}" = Microsoft .NET Framework 1.1 Spanish Language Pack
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}" = Windows Live Essentials
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-0C0A-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Spanish) 12
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{953D4586-9A16-495E-BA1F-EE5AA66604DB}" = Windows Live Sync
"{9A3D392C-B0BB-400A-A761-4B1497911034}" = Nero 7 Ultra Edition
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2172ACA-FFA8-4808-BD20-08565C7390F9}" = OGA Notifier 1.7.0105.35.0
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1034-7B44-A70500000002}" = Adobe Reader 7.0.5 - Español
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B8583CB3-8ABE-407E-8BC6-F9A83EAC9133}" = Windows Live Writer
"{B9E848B3-A64D-4005-8DA1-DC3981C902A8}_is1" = NavNet
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E8B5B4D8-C7EA-4A81-B1DD-A7F4B779B324}" = Visor de resaltado (Windows Live Toolbar)
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EEBA9416-3207-47E0-9022-116440599DBC}" = Panda Internet Security 2007
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2FFEEAA-0B48-4342-9B67-12ABB0B58F24}" = Windows Live Messenger
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AIM_7" = AIM 7
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"BSPlayerp" = BS.Player PRO
"CDisplay_is1" = CDisplay 1.8
"CorelDRAW 10" = CorelDRAW 10
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Easy GIF Animator_is1" = Easy GIF Animator 3.5
"El Vino del Dia" = El Vino del Dia
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.2
"Free YouTube Download_is1" = Free YouTube Download 2.4
"HP Game Console" = HP Game Console
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HPOOVClient-5577497 Uninstaller" = Conexiones Compaq (Sólo quitar)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.54 Full
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"RPGƒcƒN[ƒ‹VX RTP_is1" = RPGƒcƒN[ƒ‹VX RTP
"RPGƒcƒN[ƒ‹VX_is1" = RPGƒcƒN[ƒ‹VX
"Signature995" = Signature995
"ST5UNST #1" = The Holy Bible KJV Ver.8
"ST6UNST #1" = DeclaraSAT versión 2009
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Tattoons)
"Tweak UI 2.10" = Tweak UI
"Uninstall_is1" = Uninstall 1.0.0.1
"Videora iPod Converter" = Videora iPod Converter 0.91
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"VMidi" = vanBasco's Karaoke Player
"WildTangent CDA" = WildTangent Web Driver
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"WT004615" = Tornado Jockey
"WT005325" = Tradewinds
"WT005327" = Ricochet Lost Worlds
"WT005332" = Super Granny
"WT005336" = Polar Golfer
"WT005338" = Blackhawk Striker 2
"WT005340" = Blasterball 2 Remix
"WT005649" = Snowy The Bears Adventure
"WT005650" = Diner Dash
"WT005651" = Family Feud
"WT005652" = Flip Words
"WT005653" = Bejeweled 2 Deluxe
"WT005654" = Insaniquarium Deluxe
"WT005655" = Jewel Quest
"WT005656" = Alien Outbreak 2
"WT005657" = Mah Jong Quest
"WT005658" = Mystery Case Files
"WT005659" = Poker Superstars
"WT005660" = SCRABBLE
"WT005661" = Slingo Deluxe
"WT005662" = Tennis Titans
"WT005663" = Big Kahuna Reef
"WT005665" = Bookworm Deluxe
"WT005666" = Fairies
"WT005667" = Chuzzle Deluxe
"WT005763" = Bounce Symphony
"WT005764" = Polar Bowler
"WT005765" = Blasterball 2 Revolution
"WT006064" = FATE
"WT006073" = Ancient Sudoku
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2010-09-22 16:04:44 | Computer Name = NOMBRE-CDC5BBBF | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: avciman.exe, versión 2.7.53.0, módulo 
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.
 
[ OSession Events ]
Error - 2009-09-15 19:15:37 | Computer Name = NOMBRE-CDC5BBBF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 2009-11-23 23:51:07 | Computer Name = NOMBRE-CDC5BBBF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 2010-07-24 16:52:25 | Computer Name = NOMBRE-CDC5BBBF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 2010-09-23 00:49:30 | Computer Name = NOMBRE-CDC5BBBF | Source = Service Control Manager | ID = 7034
Description = El servicio Panda Antispam Engine se terminó de manera inesperada.
 Esto ha sucedido 1 veces.
 
Error - 2010-09-23 00:49:30 | Computer Name = NOMBRE-CDC5BBBF | Source = Service Control Manager | ID = 7034
Description = El servicio Viewpoint Manager Service se terminó de manera inesperada.
 Esto ha sucedido 1 veces.
 
Error - 2010-09-23 00:49:31 | Computer Name = NOMBRE-CDC5BBBF | Source = Service Control Manager | ID = 7034
Description = El servicio SeaPort se terminó de manera inesperada. Esto ha sucedido
 1 veces.
 
Error - 2010-09-23 00:49:31 | Computer Name = NOMBRE-CDC5BBBF | Source = Service Control Manager | ID = 7034
Description = El servicio Panda Software Controller se terminó de manera inesperada.
 Esto ha sucedido 1 veces.
 
Error - 2010-09-23 00:49:31 | Computer Name = NOMBRE-CDC5BBBF | Source = Service Control Manager | ID = 7034
Description = El servicio Panda Host Service se terminó de manera inesperada. Esto
 ha sucedido 1 veces.
 
Error - 2010-09-23 00:49:31 | Computer Name = NOMBRE-CDC5BBBF | Source = Service Control Manager | ID = 7034
Description = El servicio Cyberlink RichVideo Service(CRVS) se terminó de manera
 inesperada. Esto ha sucedido 1 veces.
 
Error - 2010-09-23 00:54:39 | Computer Name = NOMBRE-CDC5BBBF | Source = Service Control Manager | ID = 7022
Description = El servicio MSCamSvc permanece en inicio.
 
Error - 2010-09-23 01:25:22 | Computer Name = NOMBRE-CDC5BBBF | Source = Service Control Manager | ID = 7022
Description = El servicio MSCamSvc permanece en inicio.
 
Error - 2010-09-23 01:25:22 | Computer Name = NOMBRE-CDC5BBBF | Source = Service Control Manager | ID = 7026
Description = El controlador de inicialización siguiente no se cargó correctamente:
   IntelIde  ViaIde
 
Error - 2010-09-23 01:45:42 | Computer Name = NOMBRE-CDC5BBBF | Source = Service Control Manager | ID = 7022
Description = El servicio MSCamSvc permanece en inicio.
 
 
< End of report >

  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
Hello Espirales,

Please just post normally. Don't use quotes or code boxes, it makes it hard to analyse. :D

Now

Firstly, please go to Start > Control Panel >Add or Remove Programs (Programs and Features if you are a Vista user) and uninstall the following if they exist:

Viewpoint, Viewpoint Manager, Viewpoint Media Player.:

Viewpoint Manager is considered to be foistware. You can go to the link below to read about it.

http://www.clickz.com/news/article.php/3561546

Next

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/"
    [2010-04-12 14:01:50 | 000,005,495 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Mozilla\Firefox\Profiles\gr01hu5u.default\searchplugins\SearchquWebSearch.xml
    [2010-04-12 14:01:50 | 000,005,495 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Archivos de programa\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
    O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Archivos de programa\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
    O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Archivos de programa\SGPSA\BHO.dll (MTWB)
    O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Archivos de programa\Fast Browser Search\IE\FBStoolbar.dll File not found
    O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Archivos de programa\Fast Browser Search\IE\FBStoolbar.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Archivos de programa\Fast Browser Search\IE\FBStoolbar.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Archivos de programa\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
    O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O20 - AppInit_DLLs: (c:\archiv~1\wi9130~1\datamngr\datamngr.dll) - c:\archiv~1\wi9130~1\datamngr\datamngr.dll File not found
    O33 - MountPoints2\{b2579b16-5aeb-11de-a414-0016ecb61f18}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
    O33 - MountPoints2\{b2579b17-5aeb-11de-a414-0016ecb61f18}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
    O33 - MountPoints2\L\Shell - "" = AutoRun
    O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
    [99 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [91 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:FB1B13D8
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Finally in this post

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
So when you return please post
  • OTL fix log
  • OTL scan log

  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
Multiple posting bug.
  • 0

#7
Espirales

Espirales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Great, thanks for answering! ;)

Also, sorry for the code thing hehe, I thought it would be easier that way for some reason XD.


First. Yes, there was a Viewpoint Media Player that I just took it away. Now gone.


Now, unto the OTL runs. The first one, when it finished, the comp show me a warning about WINDOWS/TEMP being damaged and that I should check on the CHKDSK. Then it restarted (here I should mention that last night I noticed now my comp doesn't restart unless I press any key while it's about to).


Then the OTL Log:


All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Fast Browser Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://www.fastbrows...?s=DEF&v=19&q=" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "http://www.searchqu.com/" removed from browser.startup.homepage
C:\Documents and Settings\Compaq_Propietario\Datos de programa\Mozilla\Firefox\Profiles\gr01hu5u.default\searchplugins\SearchquWebSearch.xml moved successfully.
C:\Archivos de programa\Mozilla Firefox\searchplugins\SearchquWebSearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}\ deleted successfully.
C:\Archivos de programa\SGPSA\SearchAssistant.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
C:\Archivos de programa\DVDVideoSoft\tbDVD0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ deleted successfully.
C:\Archivos de programa\SGPSA\BHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
File C:\Archivos de programa\DVDVideoSoft\tbDVD0.dll not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\archiv~1\wi9130~1\datamngr\datamngr.dll deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2579b16-5aeb-11de-a414-0016ecb61f18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2579b16-5aeb-11de-a414-0016ecb61f18}\ not found.
File C:\Recycled\ctfmon.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2579b17-5aeb-11de-a414-0016ecb61f18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2579b17-5aeb-11de-a414-0016ecb61f18}\ not found.
File C:\Recycled\ctfmon.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
File L:\LaunchU3.exe not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET100.tmp deleted successfully.
C:\WINDOWS\System32\SET101.tmp deleted successfully.
C:\WINDOWS\System32\SET103.tmp deleted successfully.
C:\WINDOWS\System32\SET104.tmp deleted successfully.
C:\WINDOWS\System32\SET105.tmp deleted successfully.
C:\WINDOWS\System32\SET106.tmp deleted successfully.
C:\WINDOWS\System32\SET107.tmp deleted successfully.
C:\WINDOWS\System32\SET108.tmp deleted successfully.
C:\WINDOWS\System32\SET109.tmp deleted successfully.
C:\WINDOWS\System32\SET10A.tmp deleted successfully.
C:\WINDOWS\System32\SET10B.tmp deleted successfully.
C:\WINDOWS\System32\SET10C.tmp deleted successfully.
C:\WINDOWS\System32\SETA3.tmp deleted successfully.
C:\WINDOWS\System32\SETA4.tmp deleted successfully.
C:\WINDOWS\System32\SETA5.tmp deleted successfully.
C:\WINDOWS\System32\SETA6.tmp deleted successfully.
C:\WINDOWS\System32\SETA7.tmp deleted successfully.
C:\WINDOWS\System32\SETA8.tmp deleted successfully.
C:\WINDOWS\System32\SETA9.tmp deleted successfully.
C:\WINDOWS\System32\SETAA.tmp deleted successfully.
C:\WINDOWS\System32\SETAB.tmp deleted successfully.
C:\WINDOWS\System32\SETAE.tmp deleted successfully.
C:\WINDOWS\System32\SETAF.tmp deleted successfully.
C:\WINDOWS\System32\SETB0.tmp deleted successfully.
C:\WINDOWS\System32\SETB1.tmp deleted successfully.
C:\WINDOWS\System32\SETB2.tmp deleted successfully.
C:\WINDOWS\System32\SETB3.tmp deleted successfully.
C:\WINDOWS\System32\SETB5.tmp deleted successfully.
C:\WINDOWS\System32\SETB6.tmp deleted successfully.
C:\WINDOWS\System32\SETB7.tmp deleted successfully.
C:\WINDOWS\System32\SETB8.tmp deleted successfully.
C:\WINDOWS\System32\SETB9.tmp deleted successfully.
C:\WINDOWS\System32\SETBA.tmp deleted successfully.
C:\WINDOWS\System32\SETBB.tmp deleted successfully.
C:\WINDOWS\System32\SETBC.tmp deleted successfully.
C:\WINDOWS\System32\SETBD.tmp deleted successfully.
C:\WINDOWS\System32\SETBE.tmp deleted successfully.
C:\WINDOWS\System32\SETBF.tmp deleted successfully.
C:\WINDOWS\System32\SETC0.tmp deleted successfully.
C:\WINDOWS\System32\SETC1.tmp deleted successfully.
C:\WINDOWS\System32\SETC2.tmp deleted successfully.
C:\WINDOWS\System32\SETC3.tmp deleted successfully.
C:\WINDOWS\System32\SETC4.tmp deleted successfully.
C:\WINDOWS\System32\SETC5.tmp deleted successfully.
C:\WINDOWS\System32\SETC6.tmp deleted successfully.
C:\WINDOWS\System32\SETC7.tmp deleted successfully.
C:\WINDOWS\System32\SETC8.tmp deleted successfully.
C:\WINDOWS\System32\SETC9.tmp deleted successfully.
C:\WINDOWS\System32\SETCA.tmp deleted successfully.
C:\WINDOWS\System32\SETCB.tmp deleted successfully.
C:\WINDOWS\System32\SETCC.tmp deleted successfully.
C:\WINDOWS\System32\SETCD.tmp deleted successfully.
C:\WINDOWS\System32\SETCE.tmp deleted successfully.
C:\WINDOWS\System32\SETCF.tmp deleted successfully.
C:\WINDOWS\System32\SETD0.tmp deleted successfully.
C:\WINDOWS\System32\SETD1.tmp deleted successfully.
C:\WINDOWS\System32\SETD2.tmp deleted successfully.
C:\WINDOWS\System32\SETD3.tmp deleted successfully.
C:\WINDOWS\System32\SETD4.tmp deleted successfully.
C:\WINDOWS\System32\SETD5.tmp deleted successfully.
C:\WINDOWS\System32\SETD6.tmp deleted successfully.
C:\WINDOWS\System32\SETD7.tmp deleted successfully.
C:\WINDOWS\System32\SETD8.tmp deleted successfully.
C:\WINDOWS\System32\SETD9.tmp deleted successfully.
C:\WINDOWS\System32\SETDA.tmp deleted successfully.
C:\WINDOWS\System32\SETDB.tmp deleted successfully.
C:\WINDOWS\System32\SETDC.tmp deleted successfully.
C:\WINDOWS\System32\SETDD.tmp deleted successfully.
C:\WINDOWS\System32\SETDE.tmp deleted successfully.
C:\WINDOWS\System32\SETDF.tmp deleted successfully.
C:\WINDOWS\System32\SETE2.tmp deleted successfully.
C:\WINDOWS\System32\SETE3.tmp deleted successfully.
C:\WINDOWS\System32\SETE4.tmp deleted successfully.
C:\WINDOWS\System32\SETE5.tmp deleted successfully.
C:\WINDOWS\System32\SETE6.tmp deleted successfully.
C:\WINDOWS\System32\SETE7.tmp deleted successfully.
C:\WINDOWS\System32\SETE9.tmp deleted successfully.
C:\WINDOWS\System32\SETEA.tmp deleted successfully.
C:\WINDOWS\System32\SETEB.tmp deleted successfully.
C:\WINDOWS\System32\SETEC.tmp deleted successfully.
C:\WINDOWS\System32\SETED.tmp deleted successfully.
C:\WINDOWS\System32\SETEE.tmp deleted successfully.
C:\WINDOWS\System32\SETEF.tmp deleted successfully.
C:\WINDOWS\System32\SETF0.tmp deleted successfully.
C:\WINDOWS\System32\SETF1.tmp deleted successfully.
C:\WINDOWS\System32\SETF2.tmp deleted successfully.
C:\WINDOWS\System32\SETF3.tmp deleted successfully.
C:\WINDOWS\System32\SETF4.tmp deleted successfully.
C:\WINDOWS\System32\SETF5.tmp deleted successfully.
C:\WINDOWS\System32\SETF6.tmp deleted successfully.
C:\WINDOWS\System32\SETF7.tmp deleted successfully.
C:\WINDOWS\System32\SETF8.tmp deleted successfully.
C:\WINDOWS\System32\SETF9.tmp deleted successfully.
C:\WINDOWS\System32\SETFA.tmp deleted successfully.
C:\WINDOWS\System32\SETFC.tmp deleted successfully.
C:\WINDOWS\System32\SETFD.tmp deleted successfully.
C:\WINDOWS\System32\SETFE.tmp deleted successfully.
C:\WINDOWS\System32\SETFF.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET3B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET3C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET3D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET3E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET3F.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET40.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET41.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET42.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET43.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET44.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET46.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET47.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET48.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET49.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET4A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET4B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET4C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET4D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET4E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET4F.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET50.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET51.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET52.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET53.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET54.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET55.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET56.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET57.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET58.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET59.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET5A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET5B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET5C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET5D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET5E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET5F.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET60.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET61.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET62.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET63.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET64.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET65.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET66.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET67.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET68.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET69.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6F.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET70.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET71.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET72.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET73.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET74.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET75.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET76.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET77.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET78.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET79.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET7A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET7B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET7C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET7D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET7E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET7F.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET80.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET81.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET82.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET83.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET84.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET85.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET86.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET87.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET88.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET89.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET8A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET8B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET8D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET8E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET8F.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET90.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET94.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET95.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET96.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET97.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET98.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET99.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET9A.tmp deleted successfully.
C:\WINDOWS\002724_.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Datos de programa\TEMP:FB1B13D8 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Compaq_Propietario
->Temp folder emptied: 4366125424 bytes
->Temporary Internet Files folder emptied: 440880504 bytes
->Java cache emptied: 58028001 bytes
->FireFox cache emptied: 59982651 bytes
->Flash cache emptied: 2266810 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3820123 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105881675 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,804.00 mb


[EMPTYFLASH]

User: All Users

User: Compaq_Propietario
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.1 log created on 09232010_105928

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Now, the scan OTL Log:


OTL logfile created on: 2010-09-23 11:33:45 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Compaq_Propietario\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000080A | Country: México | Language: ESM | Date Format: yyyy-MM-dd

959.00 Mb Total Physical Memory | 342.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 179.22 Gb Total Space | 21.44 Gb Free Space | 11.96% Space Free | Partition Type: NTFS
Drive D: | 7.07 Gb Total Space | 0.77 Gb Free Space | 10.89% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOMBRE-CDC5BBBF
Current User Name: Compaq_Propietario
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-09-22 23:32:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\OTL.exe
PRC - [2010-05-20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2010-05-20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft LifeCam\MSCamS32.exe
PRC - [2010-05-14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
PRC - [2010-05-14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010-02-09 15:00:43 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Archivos de programa\DNA\btdna.exe
PRC - [2008-04-13 21:18:57 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-02-18 11:16:30 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007-04-27 20:44:26 | 000,628,272 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\apvxdwin.exe
PRC - [2007-04-20 14:33:54 | 000,108,080 | ---- | M] (Panda Software International, S.L.) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavBckPT.exe
PRC - [2007-04-16 17:04:32 | 000,405,040 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe
PRC - [2007-04-04 11:45:08 | 000,226,864 | ---- | M] (Panda Software International) -- c:\Archivos de programa\Panda Software\Panda Internet Security 2007\FIREWALL\PSHost.exe
PRC - [2007-04-04 11:45:08 | 000,165,424 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsCtrlS.exe
PRC - [2007-04-04 11:44:58 | 000,173,616 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PAVFNSVR.EXE
PRC - [2007-03-28 17:15:56 | 000,083,504 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\WebProxy.exe
PRC - [2007-03-15 16:51:46 | 000,096,816 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
PRC - [2007-02-19 07:21:52 | 000,041,520 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\PavPrSrv.exe
PRC - [2007-02-15 20:00:56 | 000,136,752 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PAVSRV51.EXE
PRC - [2007-02-06 18:44:12 | 000,108,080 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe
PRC - [2007-02-05 10:00:22 | 000,079,408 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\SrvLoad.exe
PRC - [2007-01-15 14:42:16 | 000,067,120 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
PRC - [2006-05-19 06:32:16 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe
PRC - [2006-02-15 22:34:58 | 000,249,856 | ---- | M] (Hewlett-Packard Company) -- C:\Archivos de programa\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe


========== Modules (SafeList) ==========

MOD - [2010-09-22 23:32:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\OTL.exe
MOD - [2008-04-13 21:17:10 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007-04-20 14:33:58 | 000,087,600 | ---- | M] (Panda Software International) -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavoepl.dll
MOD - [2007-04-16 17:04:26 | 000,292,400 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\PavSHook.dll
MOD - [2007-03-13 18:01:46 | 000,161,328 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\TpUtil.dll
MOD - [2007-02-28 18:04:44 | 000,063,024 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\pavipc.dll
MOD - [2007-02-08 11:53:40 | 000,107,568 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\SYSTOOLS.DLL
MOD - [2006-05-19 06:32:13 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Compaq_Propietario\Configuración local\temp\IadHide5.dll
MOD - [2003-03-19 03:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2003-02-21 11:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010-05-20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010-05-14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009-09-03 11:51:46 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Archivos de programa\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009-08-05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008-11-04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-04-12 13:34:31 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008-02-18 11:16:30 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007-04-16 17:04:32 | 000,405,040 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\TPSrv.exe -- (TPSrv)
SRV - [2007-04-04 11:45:08 | 000,226,864 | ---- | M] (Panda Software International) [Auto | Running] -- c:\archivos de programa\panda software\panda internet security 2007\firewall\PSHOST.EXE -- (PSHost)
SRV - [2007-04-04 11:45:08 | 000,165,424 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsCtrls.exe -- (Panda Software Controller)
SRV - [2007-04-04 11:44:58 | 000,173,616 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2007-02-19 07:21:52 | 000,041,520 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2007-02-15 20:00:56 | 000,136,752 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavsrv51.exe -- (PAVSRV)
SRV - [2007-02-06 18:44:12 | 000,108,080 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\PsImSvc.exe -- (PSIMSVC)
SRV - [2007-01-15 16:01:56 | 000,266,240 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007-01-15 14:42:16 | 000,067,120 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Archivos de programa\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe -- (pmshellsrv)
SRV - [2006-10-26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\PavTPK.sys -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\PavSRK.sys -- (PavSRK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\COMFiltr.sys -- (ComFiltr)
DRV - File not found [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\av5flt.sys -- (AvFlt)
DRV - [2010-05-20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2009-08-05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008-09-08 19:55:30 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-04-13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Controlador de audio USB (WDM)
DRV - [2008-04-13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-04-24 15:43:56 | 000,142,128 | ---- | M] (Panda Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\netimflt.sys -- (NETIMFLT)
DRV - [2007-04-17 17:42:44 | 000,121,392 | ---- | M] (Panda Software) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2007-04-02 19:43:32 | 000,029,360 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2007-04-02 19:43:28 | 000,036,016 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smsflt.sys -- (SMSFLT)
DRV - [2007-04-02 19:43:20 | 000,190,640 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2007-04-02 19:43:18 | 000,049,968 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2007-04-02 19:43:14 | 000,058,800 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2007-03-12 17:45:48 | 000,015,792 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2007-03-12 10:27:50 | 000,031,104 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2007-02-19 07:21:50 | 000,170,800 | ---- | M] (Panda Software International) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2007-01-23 11:49:02 | 000,071,680 | ---- | M] (Panda Software International) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV)
DRV - [2006-11-02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Archivos de programa\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006-10-27 13:27:00 | 000,017,792 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpoint.sys -- (cpoint)
DRV - [2006-09-05 11:03:16 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2006-03-08 15:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-02-07 23:55:34 | 001,480,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006-01-25 18:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006-01-18 20:41:58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005-12-12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2004-08-19 08:29:40 | 000,607,292 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004-08-03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2004-08-03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Controlador de Windows NT del adaptador Fast Ethernet PCI basado en Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google (Language: EN)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2010-08-22 22:30:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2010-09-23 10:55:26 | 000,000,000 | ---D | M]

[2009-09-18 21:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Mozilla\Extensions
[2009-09-18 21:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Mozilla\Extensions\[email protected]
[2010-09-22 23:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Mozilla\Firefox\Profiles\gr01hu5u.default\extensions
[2009-09-04 22:45:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Mozilla\Firefox\Profiles\gr01hu5u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-11-23 12:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Mozilla\Firefox\Profiles\gr01hu5u.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009-08-30 01:14:51 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Datos de programa\Mozilla\Firefox\Profiles\gr01hu5u.default\searchplugins\google-language-en.xml
[2010-09-22 23:04:11 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2010-05-16 09:14:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-09-22 22:58:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-07-17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
[2008-02-04 18:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009-06-24 07:11:11 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2009-06-24 07:11:11 | 000,000,751 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2009-06-24 07:11:11 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2009-06-24 07:11:11 | 000,000,798 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2010-09-23 11:11:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APVXDWIN] C:\Archivos de programa\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE (Panda Software International)
O4 - HKLM..\Run: [HPBootOp] C:\Archivos de programa\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LanguageShortcut] C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Archivos de programa\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SCANINICIO] C:\Archivos de programa\Panda Software\Panda Internet Security 2007\Inicio.exe (Panda Software International)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Archivos de programa\DNA\btdna.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Conexiones Compaq.lnk = C:\Archivos de programa\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Compaq_Propietario\Menú Inicio\Programas\Inicio\Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Compaq_Propietario\Datos de programa\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Archivos de programa\Panda Software\Panda Internet Security 2007\pavlsp.dll (Panda Software International)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.3.1.217 10.3.1.221 10.3.1.100
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\navnet {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Archivos de programa\NavNetApp\ComUtilities.dll (MH)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Software International)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Propietario\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Propietario\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-09-23 02:53:26 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001-07-27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-09-23 10:59:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-09-23 03:00:22 | 000,071,680 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\drivers\pavdrv51.sys
[2010-09-23 03:00:03 | 000,190,640 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\drivers\idsflt.sys
[2010-09-23 03:00:03 | 000,049,968 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\drivers\dsaflt.sys
[2010-09-23 03:00:03 | 000,036,016 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\drivers\smsflt.sys
[2010-09-23 03:00:03 | 000,029,360 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\drivers\wnmflt.sys
[2010-09-23 02:59:49 | 000,121,392 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\drivers\NETFLTDI.SYS
[2010-09-23 02:59:49 | 000,058,800 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\drivers\APPFLT.SYS
[2010-09-23 02:59:49 | 000,015,792 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\drivers\fnetmon.sys
[2010-09-23 02:59:34 | 000,054,832 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\pavcpl.cpl
[2010-09-23 02:59:24 | 000,292,400 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\PavSHook.dll
[2010-09-23 02:59:24 | 000,161,328 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\TpUtil.dll
[2010-09-23 02:59:24 | 000,107,568 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.DLL
[2010-09-23 02:59:24 | 000,063,024 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\pavipc.dll
[2010-09-23 02:59:24 | 000,017,792 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\drivers\cpoint.sys
[2010-09-23 02:59:20 | 000,142,128 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\drivers\netimflt.sys
[2010-09-23 02:59:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PAV
[2010-09-23 02:56:39 | 000,170,800 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\drivers\PavProc.sys
[2010-09-23 02:56:39 | 000,031,104 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\drivers\ShlDrv51.sys
[2010-09-23 00:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer
[2010-09-22 23:57:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-09-22 23:57:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-09-22 23:57:32 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010-09-22 23:32:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\OTL.exe
[2010-09-22 23:26:47 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\mbam-setup.exe
[2010-09-22 23:22:46 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\TFC.exe
[2010-09-22 22:58:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-09-22 22:58:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-09-22 22:58:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-09-15 03:06:16 | 000,018,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010-09-07 16:00:37 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010-09-07 16:00:26 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010-09-07 16:00:20 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010-09-07 16:00:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010-09-07 16:00:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010-09-07 16:00:15 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010-09-07 16:00:11 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010-09-07 16:00:08 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010-09-07 16:00:03 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010-09-07 15:59:53 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010-09-07 15:59:53 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010-09-07 15:59:35 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010-09-07 15:59:35 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010-09-07 15:59:35 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010-09-07 15:59:35 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010-09-07 15:59:35 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010-09-07 15:59:35 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010-09-07 15:59:34 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010-09-07 15:59:34 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010-09-07 15:59:29 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010-09-07 15:57:48 | 001,961,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\VX1000.sys
[2010-09-07 15:57:48 | 000,762,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
[2010-09-07 15:57:48 | 000,677,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LCCoin32.dll
[2010-09-07 15:57:48 | 000,503,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LcProxy.ax
[2010-09-07 15:57:48 | 000,227,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.dll
[2010-09-07 15:57:48 | 000,175,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cVX1000.dll
[2010-09-07 15:57:48 | 000,102,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\VX1000.dll
[2010-09-07 15:57:25 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft LifeCam
[2010-09-07 15:57:19 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010-09-07 15:57:18 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010-09-07 15:55:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf

========== Files - Modified Within 30 Days ==========

[2010-09-23 11:40:36 | 000,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2010-09-23 11:31:18 | 000,272,836 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2010-09-23 11:31:18 | 000,272,836 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2010-09-23 11:31:17 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2010-09-23 11:31:17 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2010-09-23 11:31:16 | 000,237,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2010-09-23 11:31:16 | 000,237,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2010-09-23 11:31:16 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2010-09-23 11:31:16 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2010-09-23 11:31:14 | 000,001,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2010-09-23 11:31:14 | 000,001,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2010-09-23 11:31:14 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2010-09-23 11:31:14 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2010-09-23 11:31:14 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2010-09-23 11:31:14 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2010-09-23 11:31:14 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SmsFlt.cfg.bck
[2010-09-23 11:31:14 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SmsFlt.cfg
[2010-09-23 11:30:26 | 000,000,076 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
[2010-09-23 11:30:26 | 000,000,076 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt
[2010-09-23 11:30:24 | 000,000,956 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAV.alt.bck
[2010-09-23 11:30:24 | 000,000,956 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAV.alt
[2010-09-23 11:28:28 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-09-23 11:28:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-09-23 11:27:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-09-23 11:27:58 | 1006,030,848 | -HS- | M] () -- C:\hiberfil.sys
[2010-09-23 11:11:28 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010-09-23 10:55:00 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-09-23 10:54:47 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010-09-23 10:52:31 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010-09-23 10:12:20 | 010,223,616 | -H-- | M] () -- C:\Documents and Settings\Compaq_Propietario\NTUSER.DAT
[2010-09-23 10:12:20 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\Compaq_Propietario\ntuser.ini
[2010-09-23 09:09:02 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-09-23 08:31:09 | 000,002,165 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\iTunes.lnk
[2010-09-23 03:16:04 | 000,008,627 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\PAV_FOG.OPC
[2010-09-23 03:00:22 | 000,000,275 | ---- | M] () -- C:\WINDOWS\System32\PavCPL.dat
[2010-09-23 02:59:26 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Online registration.lnk
[2010-09-23 02:53:26 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-09-23 00:31:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-09-22 23:57:37 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2010-09-22 23:32:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\OTL.exe
[2010-09-22 23:28:43 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer.zip
[2010-09-22 23:28:08 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\mbam-setup.exe
[2010-09-22 23:22:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Propietario\Escritorio\TFC.exe
[2010-09-22 20:42:01 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Mis documentos\spider.sav
[2010-09-22 07:37:15 | 000,001,901 | ---- | M] () -- C:\WINDOWS\panose.bin
[2010-09-21 17:28:04 | 183,490,560 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Star.Wars.The.Clone.Wars.S01E11.Dooku.Captured.avi
[2010-09-21 01:06:25 | 022,854,309 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Morning_Glories_02__2010___Minutemen-DTs_.cbz
[2010-09-21 01:00:03 | 038,879,949 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Morning_Glories_01__2010___c2c___Minutemen-DTs_.cbz
[2010-09-21 00:49:55 | 033,413,685 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Secret_Avengers_04__2010___3_covers___Minutemen-TwizToons_.cbr
[2010-09-20 23:50:51 | 000,122,368 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-18 13:21:44 | 000,488,960 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Acuse_de_Recibo.pps
[2010-09-18 04:25:00 | 056,456,400 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\The Unwritten 17.cbr
[2010-09-16 09:42:19 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Guillermo_Flores_(Pasante_Abogado).doc
[2010-09-15 19:38:58 | 000,163,840 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Cleaver-Guillermo_Flores.xls
[2010-09-15 03:16:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-09-12 10:34:10 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Compaq_Propietario\default.pls
[2010-09-12 10:34:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-09-07 15:57:50 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Microsoft LifeCam.lnk
[2010-09-02 11:24:29 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv

========== Files Created - No Company Name ==========

[2010-09-23 03:05:48 | 000,237,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2010-09-23 03:05:46 | 000,001,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2010-09-23 03:00:22 | 000,000,275 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat
[2010-09-23 03:00:12 | 000,237,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2010-09-23 03:00:12 | 000,001,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2010-09-22 23:57:37 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2010-09-22 23:28:41 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\gmer.zip
[2010-09-21 16:40:45 | 183,490,560 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Star.Wars.The.Clone.Wars.S01E11.Dooku.Captured.avi
[2010-09-21 01:00:20 | 022,854,309 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Morning_Glories_02__2010___Minutemen-DTs_.cbz
[2010-09-21 00:50:16 | 038,879,949 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Morning_Glories_01__2010___c2c___Minutemen-DTs_.cbz
[2010-09-21 00:40:52 | 033,413,685 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Secret_Avengers_04__2010___3_covers___Minutemen-TwizToons_.cbr
[2010-09-18 13:21:42 | 000,488,960 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Acuse_de_Recibo.pps
[2010-09-18 04:08:59 | 056,456,400 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\The Unwritten 17.cbr
[2010-09-15 19:38:55 | 000,163,840 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Cleaver-Guillermo_Flores.xls
[2010-09-15 18:13:45 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Escritorio\Guillermo_Flores_(Pasante_Abogado).doc
[2010-09-07 16:25:35 | 000,383,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
[2010-09-07 15:57:50 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Microsoft LifeCam.lnk
[2010-09-07 15:57:48 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2010-09-07 15:57:48 | 000,013,023 | ---- | C] () -- C:\WINDOWS\VX1000.src
[2010-05-10 10:12:05 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010-03-27 18:27:42 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010-03-27 18:27:42 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010-03-27 18:27:41 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010-03-27 18:27:41 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009-09-24 11:57:02 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009-09-24 11:56:59 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009-08-03 20:14:13 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2009-08-03 20:14:12 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-08-03 20:14:12 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-08-03 20:14:10 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009-03-13 17:27:25 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\SgiCripto.dll
[2008-12-31 18:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008-09-08 19:55:29 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-07-13 11:04:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CSDLGE1LIB.dll
[2008-04-24 12:05:45 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008-04-23 20:35:58 | 000,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2008-04-17 01:00:15 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008-04-13 11:55:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-04-13 11:55:24 | 000,122,368 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-04-12 13:45:16 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2008-04-12 13:44:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008-04-10 20:58:31 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Compaq_Propietario\Configuración local\Datos de programa\fusioncache.dat
[2006-05-19 06:52:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-05-19 06:35:30 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006-05-19 06:31:43 | 000,013,814 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006-05-19 06:31:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006-05-19 06:19:21 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006-05-19 06:13:14 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\hpzinstall.log
[2006-05-19 06:12:06 | 000,003,656 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006-05-19 05:55:22 | 000,000,843 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006-05-19 05:52:09 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006-05-19 05:52:09 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006-05-19 05:51:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006-03-17 19:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002-09-20 11:11:38 | 000,000,606 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[1997-06-14 03:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
< End of report >


--------------------------------------------------------------------





So far, my browsers starts now faster and I no longer have some annoying seach features anymore. Still all the other StartMenu/Windows/Icons/Desktop problems remain the same :D
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
Hello Espirales,

I have just found that I have not answered you here. I don't know what happened... must have missed the automatic notification.

My apologies. Please PM me if this happens again.

Now

Check that your Java is up to date. Older versions are vunerable to attack.

Please follow these steps:

  • Download from here Java Runtime Environment (JRE) Update
  • Scroll to where it says "Windows 7/Vista/2000/2003/2008 online" and download and follow the instructions.

    Reboot your computer.
    You also need to uininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Next

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP