Solved Tidserv Activity 2 trojan virus elimination help

[Guiri1988]

I cannot for the life of my delete this virus off my computer. Norton Anti-Virus informed me that I must delete it manually... any help or information would be GREATLY appreciated. Thank you

 

[Guiri1988]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versión de la Base de Datos: 8176

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/17/2011 12:30:46 AM
mbam-log-2011-11-17 (00-30-46).txt

Tipos de Análisis: Análisis Rápido
Objetos examinados: 187031
Tiempo transcurrido: 5 minuto(s), 42 segundo(s)

Procesos en Memoria Infectados: 0
Módulos de Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Archivos Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos de Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Archivos Infectados:
(No se han detectado elementos maliciosos)

 

[Guiri1988]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-17 01:32:30
Windows 6.1.7601 Service Pack 1
Running: fvbwv8gi.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000c436444e2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000c436444e2 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows Live\Companion\paulmstein@hotmail.com@6cd8c8555cccac699f4130f27fe9a8f1\r\n 0x31 0x80 0x7A 0x1F ...

---- EOF - GMER 1.0.15 ----

 

[Guiri1988]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Run by Paul at 1:36:40 on 2011-11-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.3835.1907 [GMT -2:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Users\Paul\Desktop\fvbwv8gi.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [conhost] C:\Users\Paul\AppData\Roaming\Microsoft\conhost.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: &Enviar a OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{277475FC-646D-410E-B773-8A03B4C83F6A} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{8dcb7100-df86-4384-8842-8fa844297b3f}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\hh5iqkrk.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.slaago.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=WIc6A0ZQ&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60788
FF - prefs.js: network.proxy.type - 2
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_1_3\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: keyword.URL - hxxp://www.slaago.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=WIc6A0ZQ&q=
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20111114.002_612\BHDrvx64.sys [2011-11-14 1156216]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20111116.030\IDSviA64.sys [2011-11-17 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-9-8 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2010-7-20 514232]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-7-2 27192]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-5-9 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-17 315392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 138360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Servicio Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-4 136176]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Servicio de Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-4 136176]
S3 netr28x;Controlador inalámbrico para Windows Vista Ralink 802.11n;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-8 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-16 17:25:39 -------- d-----w- C:\Windows\System32\SPReview
2011-11-16 17:24:39 -------- d-----w- C:\Users\Paul\AppData\Roaming\Malwarebytes
2011-11-16 17:24:10 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-16 17:24:04 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-16 17:24:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-16 17:21:35 -------- d-----w- C:\Windows\System32\EventProviders
2011-11-16 17:02:37 -------- d-----w- C:\Program Files\Bonjour
2011-11-16 17:02:37 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-14 12:47:52 -------- d-----w- C:\Users\Paul\AppData\Local\{2CCC7C4F-E2AE-446B-86DC-215C48CE4B22}
2011-11-14 12:47:40 -------- d-----w- C:\Users\Paul\AppData\Local\{25D6CA44-BABA-44F6-A22F-EBAF90ACC5DD}
2011-11-12 06:40:04 -------- d-----w- C:\Users\Paul\AppData\Local\{199F086E-C25D-412A-ACF1-709C7EDF88DD}
2011-11-10 17:36:11 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-10 17:36:11 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-10 17:36:08 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-10 17:36:04 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-07 18:13:53 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-11-07 18:13:53 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-11-06 02:10:35 -------- d-----w- C:\Users\Paul\AppData\Local\{C5E59E00-975A-44B7-BA17-AC027ABFDBD1}
2011-11-04 03:54:12 -------- d-----w- C:\Users\Paul\AppData\Local\{E20FD84F-EA3B-47E9-A302-422461F2ACFB}
2011-11-04 03:54:01 -------- d-----w- C:\Users\Paul\AppData\Local\{5FD8D606-6050-489B-AA22-5539D648979D}
2011-11-03 15:41:28 -------- d-----w- C:\Users\Paul\AppData\Local\{D88F662F-2371-4696-BAD2-DB8235B10A4F}
2011-11-03 15:41:15 -------- d-----w- C:\Users\Paul\AppData\Local\{1E52B025-3B74-45FC-AC0D-673CE8D27EE8}
2011-11-03 15:12:47 -------- d-----w- C:\Users\Paul\AppData\Roaming\Tific
2011-11-03 15:10:20 -------- d-----w- C:\Users\Paul\AppData\Local\Symantec
2011-10-27 16:39:16 -------- d-----w- C:\Users\Paul\AppData\Local\{9B986B81-E134-4C30-B9C3-322F6FB64E7B}
2011-10-27 16:39:03 -------- d-----w- C:\Users\Paul\AppData\Local\{9D5DDDA6-890C-44D7-814C-0FF6B0522F5C}
2011-10-22 14:52:19 -------- d-----w- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
.
==================== Find3M ====================
.
2011-11-16 18:16:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-11-16 18:16:30 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 01:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 01:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 01:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-31 01:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-31 01:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 01:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-31 01:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 01:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 1:37:58,13 ===============

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

I still need Attach.txt part of DDS, so provide that.

Then....

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Guiri1988]

TDSS Report

01:57:23.0482 5016 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
01:57:24.0029 5016 ============================================================
01:57:24.0029 5016 Current date / time: 2011/11/17 01:57:24.0029
01:57:24.0029 5016 SystemInfo:
01:57:24.0029 5016
01:57:24.0029 5016 OS Version: 6.1.7601 ServicePack: 1.0
01:57:24.0029 5016 Product type: Workstation
01:57:24.0029 5016 ComputerName: SDF-1
01:57:24.0030 5016 UserName: Paul
01:57:24.0030 5016 Windows directory: C:\Windows
01:57:24.0030 5016 System windows directory: C:\Windows
01:57:24.0030 5016 Running under WOW64
01:57:24.0030 5016 Processor architecture: Intel x64
01:57:24.0030 5016 Number of processors: 2
01:57:24.0030 5016 Page size: 0x1000
01:57:24.0030 5016 Boot type: Normal boot
01:57:24.0030 5016 ============================================================
01:57:26.0746 5016 Initialize success
01:59:01.0737 4676 ============================================================
01:59:01.0737 4676 Scan started
01:59:01.0737 4676 Mode: Manual;
01:59:01.0737 4676 ============================================================
01:59:02.0928 4676 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:59:02.0960 4676 1394ohci - ok
01:59:03.0150 4676 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:59:03.0158 4676 ACPI - ok
01:59:03.0186 4676 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:59:03.0188 4676 AcpiPmi - ok
01:59:03.0247 4676 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:59:03.0261 4676 adp94xx - ok
01:59:03.0319 4676 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:59:03.0327 4676 adpahci - ok
01:59:03.0362 4676 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:59:03.0367 4676 adpu320 - ok
01:59:03.0472 4676 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
01:59:03.0481 4676 AFD - ok
01:59:03.0536 4676 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:59:03.0538 4676 agp440 - ok
01:59:03.0582 4676 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:59:03.0584 4676 aliide - ok
01:59:03.0643 4676 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:59:03.0644 4676 amdide - ok
01:59:03.0687 4676 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:59:03.0689 4676 AmdK8 - ok
01:59:03.0899 4676 amdkmdag (c313eecf87919c97d7aa3f442319c95e) C:\Windows\system32\DRIVERS\atikmdag.sys
01:59:04.0066 4676 amdkmdag - ok
01:59:04.0213 4676 amdkmdap (aa7a30072f3e9bce4c5f4e03d9fc9684) C:\Windows\system32\DRIVERS\atikmpag.sys
01:59:04.0218 4676 amdkmdap - ok
01:59:04.0303 4676 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:59:04.0305 4676 AmdPPM - ok
01:59:04.0338 4676 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
01:59:04.0340 4676 amdsata - ok
01:59:04.0414 4676 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:59:04.0419 4676 amdsbs - ok
01:59:04.0444 4676 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
01:59:04.0446 4676 amdxata - ok
01:59:04.0520 4676 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:59:04.0523 4676 AppID - ok
01:59:04.0599 4676 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:59:04.0602 4676 arc - ok
01:59:04.0628 4676 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:59:04.0632 4676 arcsas - ok
01:59:04.0687 4676 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:59:04.0689 4676 AsyncMac - ok
01:59:04.0793 4676 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:59:04.0794 4676 atapi - ok
01:59:04.0877 4676 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
01:59:04.0881 4676 AtiHdmiService - ok
01:59:04.0928 4676 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
01:59:04.0930 4676 AtiPcie - ok
01:59:05.0053 4676 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:59:05.0063 4676 b06bdrv - ok
01:59:05.0153 4676 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:59:05.0159 4676 b57nd60a - ok
01:59:05.0226 4676 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:59:05.0228 4676 Beep - ok
01:59:05.0694 4676 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20111114.002_612\BHDrvx64.sys
01:59:05.0717 4676 BHDrvx64 - ok
01:59:05.0856 4676 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:59:05.0859 4676 blbdrive - ok
01:59:05.0950 4676 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:59:05.0953 4676 bowser - ok
01:59:06.0026 4676 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:59:06.0028 4676 BrFiltLo - ok
01:59:06.0229 4676 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:59:06.0233 4676 BrFiltUp - ok
01:59:06.0296 4676 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:59:06.0303 4676 Brserid - ok
01:59:06.0336 4676 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:59:06.0338 4676 BrSerWdm - ok
01:59:06.0384 4676 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:59:06.0386 4676 BrUsbMdm - ok
01:59:06.0404 4676 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:59:06.0405 4676 BrUsbSer - ok
01:59:06.0459 4676 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
01:59:06.0461 4676 BthEnum - ok
01:59:06.0522 4676 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:59:06.0524 4676 BTHMODEM - ok
01:59:06.0558 4676 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
01:59:06.0561 4676 BthPan - ok
01:59:06.0606 4676 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
01:59:06.0615 4676 BTHPORT - ok
01:59:06.0635 4676 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
01:59:06.0638 4676 BTHUSB - ok
01:59:06.0682 4676 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:59:06.0686 4676 cdfs - ok
01:59:06.0732 4676 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
01:59:06.0736 4676 cdrom - ok
01:59:06.0788 4676 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:59:06.0790 4676 circlass - ok
01:59:06.0832 4676 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:59:06.0840 4676 CLFS - ok
01:59:06.0948 4676 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:59:06.0949 4676 CmBatt - ok
01:59:06.0995 4676 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:59:06.0997 4676 cmdide - ok
01:59:07.0062 4676 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
01:59:07.0072 4676 CNG - ok
01:59:07.0135 4676 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:59:07.0137 4676 Compbatt - ok
01:59:07.0205 4676 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:59:07.0207 4676 CompositeBus - ok
01:59:07.0257 4676 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:59:07.0259 4676 crcdisk - ok
01:59:07.0396 4676 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:59:07.0399 4676 DfsC - ok
01:59:07.0453 4676 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:59:07.0455 4676 discache - ok
01:59:07.0526 4676 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:59:07.0529 4676 Disk - ok
01:59:07.0571 4676 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:59:07.0575 4676 drmkaud - ok
01:59:07.0660 4676 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:59:07.0681 4676 DXGKrnl - ok
01:59:07.0858 4676 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:59:07.0952 4676 ebdrv - ok
01:59:08.0082 4676 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
01:59:08.0091 4676 eeCtrl - ok
01:59:08.0274 4676 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:59:08.0286 4676 elxstor - ok
01:59:08.0420 4676 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
01:59:08.0423 4676 EraserUtilRebootDrv - ok
01:59:08.0581 4676 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:59:08.0583 4676 ErrDev - ok
01:59:08.0644 4676 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:59:08.0650 4676 exfat - ok
01:59:08.0699 4676 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:59:08.0704 4676 fastfat - ok
01:59:08.0756 4676 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:59:08.0758 4676 fdc - ok
01:59:08.0806 4676 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:59:08.0808 4676 FileInfo - ok
01:59:08.0820 4676 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:59:08.0821 4676 Filetrace - ok
01:59:08.0856 4676 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:59:08.0857 4676 flpydisk - ok
01:59:08.0930 4676 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:59:08.0937 4676 FltMgr - ok
01:59:08.0979 4676 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:59:08.0981 4676 FsDepends - ok
01:59:09.0053 4676 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
01:59:09.0055 4676 fssfltr - ok
01:59:09.0087 4676 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
01:59:09.0089 4676 Fs_Rec - ok
01:59:09.0154 4676 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:59:09.0159 4676 fvevol - ok
01:59:09.0195 4676 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:59:09.0198 4676 gagp30kx - ok
01:59:09.0280 4676 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:59:09.0282 4676 GEARAspiWDM - ok
01:59:09.0350 4676 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:59:09.0352 4676 hcw85cir - ok
01:59:09.0443 4676 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:59:09.0452 4676 HdAudAddService - ok
01:59:09.0507 4676 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:59:09.0511 4676 HDAudBus - ok
01:59:09.0543 4676 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:59:09.0545 4676 HidBatt - ok
01:59:09.0586 4676 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:59:09.0590 4676 HidBth - ok
01:59:09.0665 4676 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:59:09.0668 4676 HidIr - ok
01:59:09.0760 4676 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
01:59:09.0762 4676 HidUsb - ok
01:59:09.0939 4676 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:59:09.0942 4676 HpSAMD - ok
01:59:10.0044 4676 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:59:10.0059 4676 HTTP - ok
01:59:10.0098 4676 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:59:10.0100 4676 hwpolicy - ok
01:59:10.0146 4676 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:59:10.0149 4676 i8042prt - ok
01:59:10.0205 4676 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:59:10.0211 4676 iaStorV - ok
01:59:10.0450 4676 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20111116.030\IDSvia64.sys
01:59:10.0460 4676 IDSVia64 - ok
01:59:10.0784 4676 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
01:59:10.0935 4676 igfx - ok
01:59:11.0049 4676 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:59:11.0052 4676 iirsp - ok
01:59:11.0154 4676 IntcAzAudAddService (e76fdfff07f8a2fa81ff250dda0f6bba) C:\Windows\system32\drivers\RTKVHD64.sys
01:59:11.0198 4676 IntcAzAudAddService - ok
01:59:11.0336 4676 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:59:11.0338 4676 intelide - ok
01:59:11.0383 4676 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:59:11.0386 4676 intelppm - ok
01:59:11.0432 4676 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:59:11.0435 4676 IpFilterDriver - ok
01:59:11.0496 4676 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:59:11.0499 4676 IPMIDRV - ok
01:59:11.0537 4676 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:59:11.0541 4676 IPNAT - ok
01:59:11.0611 4676 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:59:11.0613 4676 IRENUM - ok
01:59:11.0675 4676 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:59:11.0676 4676 isapnp - ok
01:59:11.0709 4676 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:59:11.0716 4676 iScsiPrt - ok
01:59:11.0758 4676 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
01:59:11.0761 4676 kbdclass - ok
01:59:11.0813 4676 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
01:59:11.0815 4676 kbdhid - ok
01:59:11.0862 4676 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
01:59:11.0866 4676 KSecDD - ok
01:59:11.0924 4676 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
01:59:11.0928 4676 KSecPkg - ok
01:59:11.0961 4676 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:59:11.0963 4676 ksthunk - ok
01:59:12.0038 4676 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:59:12.0041 4676 lltdio - ok
01:59:12.0120 4676 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:59:12.0124 4676 LSI_FC - ok
01:59:12.0161 4676 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:59:12.0165 4676 LSI_SAS - ok
01:59:12.0199 4676 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:59:12.0202 4676 LSI_SAS2 - ok
01:59:12.0243 4676 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:59:12.0247 4676 LSI_SCSI - ok
01:59:12.0309 4676 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:59:12.0312 4676 luafv - ok
01:59:12.0370 4676 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:59:12.0373 4676 megasas - ok
01:59:12.0418 4676 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:59:12.0425 4676 MegaSR - ok
01:59:12.0457 4676 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:59:12.0460 4676 Modem - ok
01:59:12.0495 4676 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:59:12.0498 4676 monitor - ok
01:59:12.0551 4676 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
01:59:12.0554 4676 mouclass - ok
01:59:12.0608 4676 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:59:12.0611 4676 mouhid - ok
01:59:12.0652 4676 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:59:12.0655 4676 mountmgr - ok
01:59:12.0695 4676 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:59:12.0700 4676 mpio - ok
01:59:12.0752 4676 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:59:12.0755 4676 mpsdrv - ok
01:59:12.0810 4676 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:59:12.0814 4676 MRxDAV - ok
01:59:12.0855 4676 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:59:12.0859 4676 mrxsmb - ok
01:59:12.0909 4676 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:59:12.0914 4676 mrxsmb10 - ok
01:59:12.0946 4676 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:59:12.0949 4676 mrxsmb20 - ok
01:59:12.0994 4676 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:59:12.0996 4676 msahci - ok
01:59:13.0044 4676 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:59:13.0048 4676 msdsm - ok
01:59:13.0102 4676 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:59:13.0105 4676 Msfs - ok
01:59:13.0152 4676 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:59:13.0154 4676 mshidkmdf - ok
01:59:13.0180 4676 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:59:13.0182 4676 msisadrv - ok
01:59:13.0228 4676 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:59:13.0230 4676 MSKSSRV - ok
01:59:13.0254 4676 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:59:13.0256 4676 MSPCLOCK - ok
01:59:13.0272 4676 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:59:13.0273 4676 MSPQM - ok
01:59:13.0320 4676 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:59:13.0328 4676 MsRPC - ok
01:59:13.0348 4676 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:59:13.0350 4676 mssmbios - ok
01:59:13.0385 4676 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:59:13.0387 4676 MSTEE - ok
01:59:13.0432 4676 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:59:13.0434 4676 MTConfig - ok
01:59:13.0479 4676 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:59:13.0482 4676 Mup - ok
01:59:13.0547 4676 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:59:13.0555 4676 NativeWifiP - ok
01:59:13.0697 4676 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20111116.020\ENG64.SYS
01:59:13.0700 4676 NAVENG - ok
01:59:13.0802 4676 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20111116.020\EX64.SYS
01:59:13.0844 4676 NAVEX15 - ok
01:59:13.0991 4676 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:59:14.0011 4676 NDIS - ok
01:59:14.0148 4676 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:59:14.0150 4676 NdisCap - ok
01:59:14.0198 4676 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:59:14.0200 4676 NdisTapi - ok
01:59:14.0254 4676 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:59:14.0257 4676 Ndisuio - ok
01:59:14.0294 4676 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:59:14.0299 4676 NdisWan - ok
01:59:14.0333 4676 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:59:14.0336 4676 NDProxy - ok
01:59:14.0376 4676 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:59:14.0378 4676 NetBIOS - ok
01:59:14.0423 4676 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:59:14.0429 4676 NetBT - ok
01:59:14.0556 4676 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
01:59:14.0572 4676 netr28x - ok
01:59:14.0787 4676 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
01:59:14.0927 4676 netw5v64 - ok
01:59:15.0056 4676 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:59:15.0059 4676 nfrd960 - ok
01:59:15.0163 4676 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:59:15.0166 4676 Npfs - ok
01:59:15.0193 4676 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:59:15.0194 4676 nsiproxy - ok
01:59:15.0285 4676 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:59:15.0318 4676 Ntfs - ok
01:59:15.0356 4676 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:59:15.0357 4676 Null - ok
01:59:15.0403 4676 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:59:15.0406 4676 nvraid - ok
01:59:15.0434 4676 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:59:15.0438 4676 nvstor - ok
01:59:15.0477 4676 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:59:15.0481 4676 nv_agp - ok
01:59:15.0528 4676 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:59:15.0531 4676 ohci1394 - ok
01:59:15.0627 4676 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:59:15.0629 4676 Parport - ok
01:59:15.0659 4676 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
01:59:15.0661 4676 partmgr - ok
01:59:15.0706 4676 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:59:15.0709 4676 pci - ok
01:59:15.0763 4676 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:59:15.0765 4676 pciide - ok
01:59:15.0822 4676 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:59:15.0828 4676 pcmcia - ok
01:59:15.0860 4676 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:59:15.0863 4676 pcw - ok
01:59:15.0930 4676 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:59:15.0944 4676 PEAUTH - ok
01:59:16.0076 4676 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:59:16.0079 4676 PptpMiniport - ok
01:59:16.0118 4676 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:59:16.0121 4676 Processor - ok
01:59:16.0196 4676 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:59:16.0199 4676 Psched - ok
01:59:16.0332 4676 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:59:16.0382 4676 ql2300 - ok
01:59:16.0513 4676 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:59:16.0517 4676 ql40xx - ok
01:59:16.0565 4676 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:59:16.0567 4676 QWAVEdrv - ok
01:59:16.0595 4676 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:59:16.0596 4676 RasAcd - ok
01:59:16.0655 4676 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:59:16.0658 4676 RasAgileVpn - ok
01:59:16.0723 4676 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:59:16.0727 4676 Rasl2tp - ok
01:59:16.0753 4676 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:59:16.0757 4676 RasPppoe - ok
01:59:16.0795 4676 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:59:16.0799 4676 RasSstp - ok
01:59:16.0854 4676 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:59:16.0861 4676 rdbss - ok
01:59:16.0893 4676 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:59:16.0895 4676 rdpbus - ok
01:59:16.0943 4676 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:59:16.0944 4676 RDPCDD - ok
01:59:16.0971 4676 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:59:16.0972 4676 RDPENCDD - ok
01:59:17.0001 4676 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:59:17.0002 4676 RDPREFMP - ok
01:59:17.0028 4676 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
01:59:17.0034 4676 RDPWD - ok
01:59:17.0083 4676 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:59:17.0089 4676 rdyboost - ok
01:59:17.0154 4676 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
01:59:17.0158 4676 RFCOMM - ok
01:59:17.0231 4676 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:59:17.0234 4676 rspndr - ok
01:59:17.0278 4676 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
01:59:17.0284 4676 RSUSBSTOR - ok
01:59:17.0352 4676 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
01:59:17.0359 4676 RTL8167 - ok
01:59:17.0464 4676 rtl8192se (cd8f32bb993b98e6705f11504a7f7250) C:\Windows\system32\DRIVERS\rtl8192se.sys
01:59:17.0487 4676 rtl8192se - ok
01:59:17.0544 4676 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:59:17.0548 4676 sbp2port - ok
01:59:17.0581 4676 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:59:17.0583 4676 scfilter - ok
01:59:17.0656 4676 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
01:59:17.0659 4676 sdbus - ok
01:59:17.0723 4676 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:59:17.0725 4676 secdrv - ok
01:59:17.0801 4676 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:59:17.0803 4676 Serenum - ok
01:59:17.0827 4676 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:59:17.0830 4676 Serial - ok
01:59:17.0895 4676 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:59:17.0897 4676 sermouse - ok
01:59:17.0964 4676 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:59:17.0965 4676 sffdisk - ok
01:59:17.0978 4676 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:59:17.0980 4676 sffp_mmc - ok
01:59:18.0008 4676 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:59:18.0010 4676 sffp_sd - ok
01:59:18.0033 4676 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:59:18.0035 4676 sfloppy - ok
01:59:18.0097 4676 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
01:59:18.0113 4676 Sftfs - ok
01:59:18.0165 4676 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
01:59:18.0171 4676 Sftplay - ok
01:59:18.0199 4676 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
01:59:18.0201 4676 Sftredir - ok
01:59:18.0221 4676 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
01:59:18.0224 4676 Sftvol - ok
01:59:18.0276 4676 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:59:18.0278 4676 SiSRaid2 - ok
01:59:18.0316 4676 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:59:18.0320 4676 SiSRaid4 - ok
01:59:18.0373 4676 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:59:18.0376 4676 Smb - ok
01:59:18.0430 4676 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:59:18.0432 4676 spldr - ok
01:59:18.0529 4676 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
01:59:18.0544 4676 SRTSP - ok
01:59:18.0566 4676 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
01:59:18.0568 4676 SRTSPX - ok
01:59:18.0623 4676 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:59:18.0630 4676 srv - ok
01:59:18.0676 4676 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:59:18.0684 4676 srv2 - ok
01:59:18.0733 4676 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
01:59:18.0741 4676 SrvHsfHDA - ok
01:59:18.0806 4676 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
01:59:18.0837 4676 SrvHsfV92 - ok
01:59:18.0888 4676 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
01:59:18.0902 4676 SrvHsfWinac - ok
01:59:18.0943 4676 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:59:18.0947 4676 srvnet - ok
01:59:19.0003 4676 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:59:19.0006 4676 stexstor - ok
01:59:19.0058 4676 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:59:19.0060 4676 swenum - ok
01:59:19.0194 4676 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
01:59:19.0204 4676 SymDS - ok
01:59:19.0252 4676 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
01:59:19.0270 4676 SymEFA - ok
01:59:19.0333 4676 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
01:59:19.0337 4676 SymEvent - ok
01:59:19.0377 4676 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
01:59:19.0382 4676 SymIRON - ok
01:59:19.0433 4676 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
01:59:19.0442 4676 SymNetS - ok
01:59:19.0505 4676 SynTP (4998ae89119c7106c92f0a64e4840ff6) C:\Windows\system32\DRIVERS\SynTP.sys
01:59:19.0512 4676 SynTP - ok
01:59:19.0663 4676 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
01:59:19.0702 4676 Tcpip - ok
01:59:19.0869 4676 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
01:59:19.0898 4676 TCPIP6 - ok
01:59:19.0942 4676 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:59:19.0945 4676 tcpipreg - ok
01:59:19.0991 4676 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:59:19.0993 4676 TDPIPE - ok
01:59:20.0019 4676 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
01:59:20.0021 4676 TDTCP - ok
01:59:20.0067 4676 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:59:20.0071 4676 tdx - ok
01:59:20.0112 4676 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:59:20.0115 4676 TermDD - ok
01:59:20.0190 4676 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:59:20.0192 4676 tssecsrv - ok
01:59:20.0243 4676 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:59:20.0246 4676 TsUsbFlt - ok
01:59:20.0304 4676 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:59:20.0308 4676 tunnel - ok
01:59:20.0345 4676 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:59:20.0348 4676 uagp35 - ok
01:59:20.0386 4676 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:59:20.0393 4676 udfs - ok
01:59:20.0457 4676 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:59:20.0460 4676 uliagpkx - ok
01:59:20.0520 4676 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
01:59:20.0522 4676 umbus - ok
01:59:20.0561 4676 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:59:20.0563 4676 UmPass - ok
01:59:20.0626 4676 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
01:59:20.0629 4676 USBAAPL64 - ok
01:59:20.0652 4676 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
01:59:20.0655 4676 usbccgp - ok
01:59:20.0700 4676 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:59:20.0703 4676 usbcir - ok
01:59:20.0738 4676 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
01:59:20.0740 4676 usbehci - ok
01:59:20.0781 4676 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
01:59:20.0784 4676 usbfilter - ok
01:59:20.0816 4676 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:59:20.0822 4676 usbhub - ok
01:59:20.0836 4676 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
01:59:20.0838 4676 usbohci - ok
01:59:20.0880 4676 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:59:20.0882 4676 usbprint - ok
01:59:20.0912 4676 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:59:20.0915 4676 usbscan - ok
01:59:20.0943 4676 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
01:59:20.0945 4676 USBSTOR - ok
01:59:20.0970 4676 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
01:59:20.0972 4676 usbuhci - ok
01:59:21.0044 4676 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
01:59:21.0049 4676 usbvideo - ok
01:59:21.0116 4676 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:59:21.0119 4676 vdrvroot - ok
01:59:21.0191 4676 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:59:21.0193 4676 vga - ok
01:59:21.0213 4676 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:59:21.0215 4676 VgaSave - ok
01:59:21.0245 4676 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:59:21.0250 4676 vhdmp - ok
01:59:21.0286 4676 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:59:21.0288 4676 viaide - ok
01:59:21.0312 4676 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:59:21.0315 4676 volmgr - ok
01:59:21.0407 4676 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:59:21.0415 4676 volmgrx - ok
01:59:21.0454 4676 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:59:21.0461 4676 volsnap - ok
01:59:21.0537 4676 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:59:21.0542 4676 vsmraid - ok
01:59:21.0582 4676 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
01:59:21.0584 4676 vwifibus - ok
01:59:21.0643 4676 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
01:59:21.0646 4676 vwififlt - ok
01:59:21.0696 4676 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:59:21.0698 4676 WacomPen - ok
01:59:21.0759 4676 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:59:21.0762 4676 WANARP - ok
01:59:21.0781 4676 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:59:21.0784 4676 Wanarpv6 - ok
01:59:21.0859 4676 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:59:21.0861 4676 Wd - ok
01:59:21.0910 4676 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:59:21.0925 4676 Wdf01000 - ok
01:59:21.0997 4676 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:59:21.0999 4676 WfpLwf - ok
01:59:22.0026 4676 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:59:22.0028 4676 WIMMount - ok
01:59:22.0138 4676 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
01:59:22.0141 4676 WinUsb - ok
01:59:22.0208 4676 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:59:22.0211 4676 WmiAcpi - ok
01:59:22.0297 4676 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:59:22.0299 4676 ws2ifsl - ok
01:59:22.0365 4676 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:59:22.0369 4676 WudfPf - ok
01:59:22.0420 4676 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:59:22.0425 4676 WUDFRd - ok
01:59:22.0493 4676 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
01:59:22.0503 4676 yukonw7 - ok
01:59:22.0544 4676 MBR (0x1B8) (cd48aaef396a07b77c7c8125bdefbb29) \Device\Harddisk0\DR0
01:59:22.0555 4676 \Device\Harddisk0\DR0 - ok
01:59:22.0569 4676 Boot (0x1200) (fad7af85dc8dbc4f7c48efaf8d311385) \Device\Harddisk0\DR0\Partition0
01:59:22.0571 4676 \Device\Harddisk0\DR0\Partition0 - ok
01:59:22.0589 4676 Boot (0x1200) (ea8576252744f9995f7f2d4537a4e015) \Device\Harddisk0\DR0\Partition1
01:59:22.0591 4676 \Device\Harddisk0\DR0\Partition1 - ok
01:59:22.0624 4676 Boot (0x1200) (4ebf158ffdefae9f6a5f6db15a98ec7f) \Device\Harddisk0\DR0\Partition2
01:59:22.0626 4676 \Device\Harddisk0\DR0\Partition2 - ok
01:59:22.0645 4676 Boot (0x1200) (4362a8695d5e0f37fcc7c2ee720ab0ce) \Device\Harddisk0\DR0\Partition3
01:59:22.0646 4676 \Device\Harddisk0\DR0\Partition3 - ok
01:59:22.0649 4676

 

[Guiri1988]

============================================================
01:59:22.0649 4676 Scan finished
01:59:22.0649 4676 ============================================================
01:59:22.0680 6584 Detected object count: 0
01:59:22.0680 6584 Actual detected object count: 0
02:02:13.0651 5940 ============================================================
02:02:13.0651 5940 Scan started
02:02:13.0651 5940 Mode: Manual;
02:02:13.0651 5940 ============================================================
02:02:14.0327 5940 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
02:02:14.0332 5940 1394ohci - ok
02:02:14.0550 5940 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:02:14.0555 5940 ACPI - ok
02:02:14.0586 5940 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:02:14.0587 5940 AcpiPmi - ok
02:02:14.0647 5940 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:02:14.0655 5940 adp94xx - ok
02:02:14.0697 5940 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:02:14.0702 5940 adpahci - ok
02:02:14.0795 5940 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:02:14.0799 5940 adpu320 - ok
02:02:14.0861 5940 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
02:02:14.0869 5940 AFD - ok
02:02:14.0958 5940 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:02:14.0959 5940 agp440 - ok
02:02:14.0982 5940 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:02:14.0983 5940 aliide - ok
02:02:15.0000 5940 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:02:15.0001 5940 amdide - ok
02:02:15.0064 5940 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:02:15.0066 5940 AmdK8 - ok
02:02:15.0267 5940 amdkmdag (c313eecf87919c97d7aa3f442319c95e) C:\Windows\system32\DRIVERS\atikmdag.sys
02:02:15.0314 5940 amdkmdag - ok
02:02:15.0424 5940 amdkmdap (aa7a30072f3e9bce4c5f4e03d9fc9684) C:\Windows\system32\DRIVERS\atikmpag.sys
02:02:15.0428 5940 amdkmdap - ok
02:02:15.0470 5940 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:02:15.0472 5940 AmdPPM - ok
02:02:15.0506 5940 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
02:02:15.0508 5940 amdsata - ok
02:02:15.0548 5940 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:02:15.0552 5940 amdsbs - ok
02:02:15.0579 5940 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
02:02:15.0580 5940 amdxata - ok
02:02:15.0699 5940 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:02:15.0701 5940 AppID - ok
02:02:15.0766 5940 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:02:15.0769 5940 arc - ok
02:02:15.0939 5940 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:02:15.0942 5940 arcsas - ok
02:02:16.0065 5940 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:02:16.0066 5940 AsyncMac - ok
02:02:16.0126 5940 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:02:16.0127 5940 atapi - ok
02:02:16.0210 5940 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
02:02:16.0211 5940 AtiHdmiService - ok
02:02:16.0239 5940 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
02:02:16.0240 5940 AtiPcie - ok
02:02:16.0294 5940 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:02:16.0297 5940 b06bdrv - ok
02:02:16.0387 5940 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:02:16.0392 5940 b57nd60a - ok
02:02:16.0482 5940 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:02:16.0483 5940 Beep - ok
02:02:16.0983 5940 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20111114.002_612\BHDrvx64.sys
02:02:17.0001 5940 BHDrvx64 - ok
02:02:17.0101 5940 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:02:17.0103 5940 blbdrive - ok
02:02:17.0173 5940 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:02:17.0175 5940 bowser - ok
02:02:17.0205 5940 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:02:17.0206 5940 BrFiltLo - ok
02:02:17.0253 5940 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:02:17.0254 5940 BrFiltUp - ok
02:02:17.0309 5940 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:02:17.0314 5940 Brserid - ok
02:02:17.0338 5940 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:02:17.0339 5940 BrSerWdm - ok
02:02:17.0398 5940 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:02:17.0399 5940 BrUsbMdm - ok
02:02:17.0428 5940 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:02:17.0429 5940 BrUsbSer - ok
02:02:17.0472 5940 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
02:02:17.0474 5940 BthEnum - ok
02:02:17.0546 5940 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:02:17.0548 5940 BTHMODEM - ok
02:02:17.0582 5940 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
02:02:17.0585 5940 BthPan - ok
02:02:17.0630 5940 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
02:02:17.0640 5940 BTHPORT - ok
02:02:17.0658 5940 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
02:02:17.0660 5940 BTHUSB - ok
02:02:17.0694 5940 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:02:17.0696 5940 cdfs - ok
02:02:17.0733 5940 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
02:02:17.0735 5940 cdrom - ok
02:02:17.0768 5940 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:02:17.0769 5940 circlass - ok
02:02:17.0810 5940 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:02:17.0814 5940 CLFS - ok
02:02:17.0872 5940 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:02:17.0873 5940 CmBatt - ok
02:02:17.0931 5940 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:02:17.0932 5940 cmdide - ok
02:02:17.0987 5940 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
02:02:17.0995 5940 CNG - ok
02:02:18.0026 5940 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:02:18.0028 5940 Compbatt - ok
02:02:18.0063 5940 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
02:02:18.0065 5940 CompositeBus - ok
02:02:18.0105 5940 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:02:18.0106 5940 crcdisk - ok
02:02:18.0176 5940 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:02:18.0178 5940 DfsC - ok
02:02:18.0234 5940 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:02:18.0236 5940 discache - ok
02:02:18.0274 5940 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:02:18.0276 5940 Disk - ok
02:02:18.0319 5940 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:02:18.0321 5940 drmkaud - ok
02:02:18.0386 5940 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:02:18.0402 5940 DXGKrnl - ok
02:02:18.0565 5940 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:02:18.0594 5940 ebdrv - ok
02:02:18.0708 5940 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
02:02:18.0716 5940 eeCtrl - ok
02:02:18.0923 5940 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:02:18.0933 5940 elxstor - ok
02:02:19.0002 5940 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:02:19.0005 5940 EraserUtilRebootDrv - ok
02:02:19.0041 5940 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:02:19.0042 5940 ErrDev - ok
02:02:19.0104 5940 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:02:19.0108 5940 exfat - ok
02:02:19.0225 5940 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:02:19.0229 5940 fastfat - ok
02:02:19.0271 5940 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:02:19.0273 5940 fdc - ok
02:02:19.0310 5940 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:02:19.0313 5940 FileInfo - ok
02:02:19.0336 5940 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:02:19.0337 5940 Filetrace - ok
02:02:19.0371 5940 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:02:19.0373 5940 flpydisk - ok
02:02:19.0423 5940 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:02:19.0428 5940 FltMgr - ok
02:02:19.0471 5940 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:02:19.0472 5940 FsDepends - ok
02:02:19.0634 5940 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
02:02:19.0636 5940 fssfltr - ok
02:02:19.0702 5940 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
02:02:19.0703 5940 Fs_Rec - ok
02:02:19.0746 5940 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:02:19.0750 5940 fvevol - ok
02:02:19.0787 5940 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:02:19.0789 5940 gagp30kx - ok
02:02:19.0840 5940 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:02:19.0841 5940 GEARAspiWDM - ok
02:02:19.0888 5940 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:02:19.0889 5940 hcw85cir - ok
02:02:19.0947 5940 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
02:02:19.0954 5940 HdAudAddService - ok
02:02:19.0989 5940 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
02:02:19.0992 5940 HDAudBus - ok
02:02:20.0026 5940 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:02:20.0027 5940 HidBatt - ok
02:02:20.0057 5940 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:02:20.0060 5940 HidBth - ok
02:02:20.0103 5940 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:02:20.0105 5940 HidIr - ok
02:02:20.0123 5940 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
02:02:20.0124 5940 HidUsb - ok
02:02:20.0212 5940 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:02:20.0214 5940 HpSAMD - ok
02:02:20.0283 5940 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:02:20.0295 5940 HTTP - ok
02:02:20.0326 5940 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:02:20.0327 5940 hwpolicy - ok
02:02:20.0374 5940 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
02:02:20.0376 5940 i8042prt - ok
02:02:20.0422 5940 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:02:20.0429 5940 iaStorV - ok
02:02:20.0568 5940 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20111116.030\IDSvia64.sys
02:02:20.0578 5940 IDSVia64 - ok
02:02:20.0778 5940 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
02:02:20.0810 5940 igfx - ok
02:02:20.0925 5940 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:02:20.0927 5940 iirsp - ok
02:02:21.0051 5940 IntcAzAudAddService (e76fdfff07f8a2fa81ff250dda0f6bba) C:\Windows\system32\drivers\RTKVHD64.sys
02:02:21.0066 5940 IntcAzAudAddService - ok
02:02:21.0178 5940 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:02:21.0179 5940 intelide - ok
02:02:21.0225 5940 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:02:21.0226 5940 intelppm - ok
02:02:21.0263 5940 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:02:21.0264 5940 IpFilterDriver - ok
02:02:21.0305 5940 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:02:21.0305 5940 IPMIDRV - ok
02:02:21.0346 5940 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:02:21.0347 5940 IPNAT - ok
02:02:21.0365 5940 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:02:21.0365 5940 IRENUM - ok
02:02:21.0406 5940 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:02:21.0407 5940 isapnp - ok
02:02:21.0428 5940 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:02:21.0430 5940 iScsiPrt - ok
02:02:21.0445 5940 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
02:02:21.0446 5940 kbdclass - ok
02:02:21.0490 5940 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
02:02:21.0490 5940 kbdhid - ok
02:02:21.0527 5940 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
02:02:21.0528 5940 KSecDD - ok
02:02:21.0579 5940 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
02:02:21.0582 5940 KSecPkg - ok
02:02:21.0626 5940 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:02:21.0628 5940 ksthunk - ok
02:02:21.0682 5940 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:02:21.0683 5940 lltdio - ok
02:02:21.0719 5940 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:02:21.0721 5940 LSI_FC - ok
02:02:21.0749 5940 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:02:21.0750 5940 LSI_SAS - ok
02:02:21.0776 5940 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:02:21.0777 5940 LSI_SAS2 - ok
02:02:21.0808 5940 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:02:21.0810 5940 LSI_SCSI - ok
02:02:21.0852 5940 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:02:21.0853 5940 luafv - ok
02:02:21.0892 5940 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:02:21.0893 5940 megasas - ok
02:02:21.0927 5940 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:02:21.0929 5940 MegaSR - ok
02:02:21.0957 5940 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:02:21.0958 5940 Modem - ok
02:02:21.0985 5940 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:02:21.0986 5940 monitor - ok
02:02:22.0029 5940 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
02:02:22.0029 5940 mouclass - ok
02:02:22.0064 5940 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:02:22.0065 5940 mouhid - ok
02:02:22.0096 5940 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:02:22.0097 5940 mountmgr - ok
02:02:22.0128 5940 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:02:22.0129 5940 mpio - ok
02:02:22.0153 5940 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:02:22.0154 5940 mpsdrv - ok
02:02:22.0234 5940 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:02:22.0237 5940 MRxDAV - ok
02:02:22.0310 5940 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:02:22.0313 5940 mrxsmb - ok
02:02:22.0454 5940 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:02:22.0459 5940 mrxsmb10 - ok
02:02:22.0634 5940 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:02:22.0637 5940 mrxsmb20 - ok
02:02:22.0891 5940 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:02:22.0893 5940 msahci - ok
02:02:23.0023 5940 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:02:23.0027 5940 msdsm - ok
02:02:23.0331 5940 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:02:23.0333 5940 Msfs - ok
02:02:23.0392 5940 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:02:23.0393 5940 mshidkmdf - ok
02:02:23.0509 5940 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:02:23.0510 5940 msisadrv - ok
02:02:23.0590 5940 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:02:23.0591 5940 MSKSSRV - ok
02:02:23.0616 5940 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:02:23.0617 5940 MSPCLOCK - ok
02:02:23.0655 5940 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:02:23.0656 5940 MSPQM - ok
02:02:23.0758 5940 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:02:23.0764 5940 MsRPC - ok
02:02:23.0822 5940 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
02:02:23.0822 5940 mssmbios - ok
02:02:23.0857 5940 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:02:23.0858 5940 MSTEE - ok
02:02:23.0904 5940 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:02:23.0904 5940 MTConfig - ok
02:02:23.0940 5940 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:02:23.0940 5940 Mup - ok
02:02:23.0984 5940 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:02:23.0986 5940 NativeWifiP - ok
02:02:24.0136 5940 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20111116.020\ENG64.SYS
02:02:24.0139 5940 NAVENG - ok
02:02:24.0252 5940 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20111116.020\EX64.SYS
02:02:24.0271 5940 NAVEX15 - ok
02:02:24.0408 5940 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
02:02:24.0423 5940 NDIS - ok
02:02:24.0543 5940 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:02:24.0544 5940 NdisCap - ok
02:02:24.0582 5940 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:02:24.0583 5940 NdisTapi - ok
02:02:24.0626 5940 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:02:24.0627 5940 Ndisuio - ok
02:02:24.0666 5940 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:02:24.0668 5940 NdisWan - ok
02:02:24.0706 5940 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:02:24.0707 5940 NDProxy - ok
02:02:24.0726 5940 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:02:24.0727 5940 NetBIOS - ok
02:02:24.0760 5940 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:02:24.0762 5940 NetBT - ok
02:02:24.0851 5940 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
02:02:24.0862 5940 netr28x - ok
02:02:25.0022 5940 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
02:02:25.0053 5940 netw5v64 - ok
02:02:25.0186 5940 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:02:25.0188 5940 nfrd960 - ok
02:02:25.0237 5940 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:02:25.0238 5940 Npfs - ok
02:02:25.0256 5940 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:02:25.0257 5940 nsiproxy - ok
02:02:25.0340 5940 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:02:25.0355 5940 Ntfs - ok
02:02:25.0386 5940 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:02:25.0386 5940 Null - ok
02:02:25.0421 5940 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:02:25.0422 5940 nvraid - ok
02:02:25.0441 5940 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:02:25.0442 5940 nvstor - ok
02:02:25.0462 5940 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:02:25.0463 5940 nv_agp - ok
02:02:25.0492 5940 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:02:25.0493 5940 ohci1394 - ok
02:02:25.0535 5940 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:02:25.0536 5940 Parport - ok
02:02:25.0570 5940 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
02:02:25.0572 5940 partmgr - ok
02:02:25.0603 5940 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:02:25.0605 5940 pci - ok
02:02:25.0628 5940 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:02:25.0629 5940 pciide - ok
02:02:25.0674 5940 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:02:25.0677 5940 pcmcia - ok
02:02:25.0757 5940 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:02:25.0758 5940 pcw - ok
02:02:25.0991 5940 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:02:25.0998 5940 PEAUTH - ok
02:02:26.0083 5940 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:02:26.0084 5940 PptpMiniport - ok
02:02:26.0103 5940 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:02:26.0104 5940 Processor - ok
02:02:26.0147 5940 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:02:26.0148 5940 Psched - ok
02:02:26.0219 5940 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:02:26.0243 5940 ql2300 - ok
02:02:26.0267 5940 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:02:26.0268 5940 ql40xx - ok
02:02:26.0307 5940 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:02:26.0308 5940 QWAVEdrv - ok
02:02:26.0326 5940 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:02:26.0327 5940 RasAcd - ok
02:02:26.0365 5940 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:02:26.0367 5940 RasAgileVpn - ok
02:02:26.0433 5940 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:02:26.0436 5940 Rasl2tp - ok
02:02:26.0474 5940 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:02:26.0476 5940 RasPppoe - ok
02:02:26.0494 5940 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:02:26.0494 5940 RasSstp - ok
02:02:26.0528 5940 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:02:26.0530 5940 rdbss - ok
02:02:26.0559 5940 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:02:26.0560 5940 rdpbus - ok
02:02:26.0587 5940 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:02:26.0587 5940 RDPCDD - ok
02:02:26.0603 5940 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:02:26.0604 5940 RDPENCDD - ok
02:02:26.0622 5940 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:02:26.0623 5940 RDPREFMP - ok
02:02:26.0659 5940 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
02:02:26.0661 5940 RDPWD - ok
02:02:26.0692 5940 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:02:26.0695 5940 rdyboost - ok
02:02:26.0752 5940 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
02:02:26.0754 5940 RFCOMM - ok
02:02:26.0797 5940 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:02:26.0798 5940 rspndr - ok
02:02:26.0832 5940 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
02:02:26.0834 5940 RSUSBSTOR - ok
02:02:26.0883 5940 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
02:02:26.0886 5940 RTL8167 - ok
02:02:26.0953 5940 rtl8192se (cd8f32bb993b98e6705f11504a7f7250) C:\Windows\system32\DRIVERS\rtl8192se.sys
02:02:26.0970 5940 rtl8192se - ok
02:02:27.0021 5940 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:02:27.0023 5940 sbp2port - ok
02:02:27.0058 5940 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:02:27.0059 5940 scfilter - ok
02:02:27.0089 5940 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
02:02:27.0090 5940 sdbus - ok
02:02:27.0145 5940 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:02:27.0147 5940 secdrv - ok
02:02:27.0201 5940 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:02:27.0202 5940 Serenum - ok
02:02:27.0227 5940 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:02:27.0230 5940 Serial - ok
02:02:27.0274 5940 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:02:27.0275 5940 sermouse - ok
02:02:27.0331 5940 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:02:27.0332 5940 sffdisk - ok
02:02:27.0341 5940 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:02:27.0342 5940 sffp_mmc - ok
02:02:27.0364 5940 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:02:27.0365 5940 sffp_sd - ok
02:02:27.0390 5940 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:02:27.0391 5940 sfloppy - ok
02:02:27.0437 5940 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
02:02:27.0444 5940 Sftfs - ok
02:02:27.0487 5940 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
02:02:27.0490 5940 Sftplay - ok
02:02:27.0511 5940 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
02:02:27.0512 5940 Sftredir - ok
02:02:27.0534 5940 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
02:02:27.0535 5940 Sftvol - ok
02:02:27.0588 5940 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:02:27.0589 5940 SiSRaid2 - ok
02:02:27.0639 5940 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:02:27.0640 5940 SiSRaid4 - ok
02:02:27.0740 5940 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:02:27.0743 5940 Smb - ok
02:02:28.0020 5940 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:02:28.0022 5940 spldr - ok
02:02:28.0449 5940 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
02:02:28.0461 5940 SRTSP - ok
02:02:28.0915 5940 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
02:02:28.0916 5940 SRTSPX - ok
02:02:29.0172 5940 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:02:29.0180 5940 srv - ok
02:02:29.0579 5940 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:02:29.0601 5940 srv2 - ok
02:02:30.0033 5940 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
02:02:30.0039 5940 SrvHsfHDA - ok
02:02:30.0714 5940 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
02:02:30.0738 5940 SrvHsfV92 - ok
02:02:31.0296 5940 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
02:02:31.0308 5940 SrvHsfWinac - ok
02:02:31.0513 5940 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:02:31.0517 5940 srvnet - ok
02:02:31.0596 5940 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:02:31.0597 5940 stexstor - ok
02:02:31.0640 5940 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
02:02:31.0640 5940 swenum - ok
02:02:31.0808 5940 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
02:02:31.0816 5940 SymDS - ok
02:02:32.0131 5940 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
02:02:32.0146 5940 SymEFA - ok
02:02:32.0587 5940 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
02:02:32.0591 5940 SymEvent - ok
02:02:33.0052 5940 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
02:02:33.0055 5940 SymIRON - ok
02:02:33.0538 5940 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
02:02:33.0545 5940 SymNetS - ok
02:02:33.0919 5940 SynTP (4998ae89119c7106c92f0a64e4840ff6) C:\Windows\system32\DRIVERS\SynTP.sys
02:02:33.0925 5940 SynTP - ok
02:02:34.0519 5940 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
02:02:34.0533 5940 Tcpip - ok
02:02:35.0190 5940 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
02:02:35.0208 5940 TCPIP6 - ok
02:02:35.0593 5940 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:02:35.0595 5940 tcpipreg - ok
02:02:35.0632 5940 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:02:35.0633 5940 TDPIPE - ok
02:02:35.0736 5940 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
02:02:35.0738 5940 TDTCP - ok
02:02:35.0862 5940 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:02:35.0865 5940 tdx - ok
02:02:35.0994 5940 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
02:02:35.0997 5940 TermDD - ok
02:02:36.0161 5940 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:02:36.0163 5940 tssecsrv - ok
02:02:36.0270 5940 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:02:36.0272 5940 TsUsbFlt - ok
02:02:36.0397 5940 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:02:36.0400 5940 tunnel - ok
02:02:36.0648 5940 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:02:36.0650 5940 uagp35 - ok
02:02:36.0799 5940 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:02:36.0805 5940 udfs - ok
02:02:36.0904 5940 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:02:36.0906 5940 uliagpkx - ok
02:02:36.0999 5940 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
02:02:37.0001 5940 umbus - ok
02:02:37.0118 5940 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:02:37.0119 5940 UmPass - ok
02:02:37.0194 5940 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
02:02:37.0196 5940 USBAAPL64 - ok
02:02:37.0275 5940 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
02:02:37.0278 5940 usbccgp - ok
02:02:37.0356 5940 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:02:37.0358 5940 usbcir - ok
02:02:37.0449 5940 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
02:02:37.0451 5940 usbehci - ok
02:02:37.0559 5940 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
02:02:37.0561 5940 usbfilter - ok
02:02:37.0589 5940 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
02:02:37.0593 5940 usbhub - ok
02:02:37.0603 5940 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
02:02:37.0604 5940 usbohci - ok
02:02:37.0691 5940 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:02:37.0692 5940 usbprint - ok
02:02:37.0734 5940 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
02:02:37.0736 5940 usbscan - ok
02:02:37.0831 5940 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
02:02:37.0833 5940 USBSTOR - ok
02:02:37.0913 5940 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
02:02:37.0915 5940 usbuhci - ok
02:02:38.0042 5940 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
02:02:38.0046 5940 usbvideo - ok
02:02:38.0159 5940 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:02:38.0161 5940 vdrvroot - ok
02:02:38.0312 5940 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:02:38.0313 5940 vga - ok
02:02:38.0433 5940 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:02:38.0435 5940 VgaSave - ok
02:02:38.0553 5940 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
02:02:38.0558 5940 vhdmp - ok
02:02:38.0639 5940 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:02:38.0641 5940 viaide - ok
02:02:38.0720 5940 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:02:38.0722 5940 volmgr - ok
02:02:38.0871 5940 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:02:38.0877 5940 volmgrx - ok
02:02:39.0281 5940 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:02:39.0287 5940 volsnap - ok
02:02:39.0608 5940 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:02:39.0611 5940 vsmraid - ok
02:02:39.0873 5940 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
02:02:39.0874 5940 vwifibus - ok
02:02:40.0189 5940 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
02:02:40.0191 5940 vwififlt - ok
02:02:40.0451 5940 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:02:40.0453 5940 WacomPen - ok
02:02:40.0581 5940 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:02:40.0583 5940 WANARP - ok
02:02:40.0625 5940 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:02:40.0627 5940 Wanarpv6 - ok
02:02:40.0835 5940 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:02:40.0836 5940 Wd - ok
02:02:41.0030 5940 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:02:41.0042 5940 Wdf01000 - ok
02:02:41.0326 5940 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:02:41.0327 5940 WfpLwf - ok
02:02:41.0366 5940 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:02:41.0367 5940 WIMMount - ok
02:02:41.0457 5940 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
02:02:41.0457 5940 WinUsb - ok
02:02:41.0493 5940 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
02:02:41.0494 5940 WmiAcpi - ok
02:02:41.0527 5940 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:02:41.0527 5940 ws2ifsl - ok
02:02:41.0816 5940 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:02:41.0819 5940 WudfPf - ok
02:02:42.0070 5940 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:02:42.0074 5940 WUDFRd - ok
02:02:42.0153 5940 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
02:02:42.0157 5940 yukonw7 - ok
02:02:42.0183 5940 MBR (0x1B8) (cd48aaef396a07b77c7c8125bdefbb29) \Device\Harddisk0\DR0
02:02:42.0193 5940 \Device\Harddisk0\DR0 - ok
02:02:42.0248 5940 Boot (0x1200) (fad7af85dc8dbc4f7c48efaf8d311385) \Device\Harddisk0\DR0\Partition0
02:02:42.0267 5940 \Device\Harddisk0\DR0\Partition0 - ok
02:02:42.0283 5940 Boot (0x1200) (ea8576252744f9995f7f2d4537a4e015) \Device\Harddisk0\DR0\Partition1
02:02:42.0285 5940 \Device\Harddisk0\DR0\Partition1 - ok
02:02:42.0318 5940 Boot (0x1200) (4ebf158ffdefae9f6a5f6db15a98ec7f) \Device\Harddisk0\DR0\Partition2
02:02:42.0320 5940 \Device\Harddisk0\DR0\Partition2 - ok
02:02:42.0339 5940 Boot (0x1200) (4362a8695d5e0f37fcc7c2ee720ab0ce) \Device\Harddisk0\DR0\Partition3
02:02:42.0340 5940 \Device\Harddisk0\DR0\Partition3 - ok
02:02:42.0340 5940 ============================================================
02:02:42.0340 5940 Scan finished
02:02:42.0340 5940 ============================================================
02:02:42.0356 5360 Detected object count: 0
02:02:42.0356 5360 Actual detected object count: 0

 

[Guiri1988]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 02/04/2011 12:33:21 PM
System Uptime: 11/16/2011 10:16:43 PM (3 hours ago)
.
Motherboard: Hewlett-Packard | | 143C
Processor: AMD Phenom(tm) II N620 Dual-Core Processor | Socket S1G4 | 784/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 580 GiB total, 470,328 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 2,261 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Controlador de autorización de Firewall de Windows
Device ID: ROOT\LEGACY_MPSDRV\0000
Manufacturer:
Name: Controlador de autorización de Firewall de Windows
PNP Device ID: ROOT\LEGACY_MPSDRV\0000
Service: mpsdrv
.
==== System Restore Points ===================
.
RP222: 11/16/2011 3:25:23 PM - Service Pack 1 de Windows 7
RP223: 11/16/2011 9:34:51 PM - Installed Java(TM) 6 Update 29
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3 MUI
Adobe Shockwave Player 11.5
Agatha Christie - Death on the Nile
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Bing Bar
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Control ActiveX de Windows Live Mesh para conexiones remotas
CyberLink DVD Suite
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
EasyBits GO
Energy Star Digital Logo
ESU for Microsoft Windows 7
FATE
FrostWire 4.21.8
Galería fotográfica de Windows Live
Google Update Helper
Hacer clic y ejecutar de Microsoft Office 2010
Hewlett-Packard ACLM.NET v1.1.1.0
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
Insaniquarium Deluxe
Java Auto Updater
Java(TM) 6 Update 23
Jewel Quest II
Jewel Quest Solitaire
John Deere Drive Green
Junk Mail filter update
LabelPrint
LightScribe System Software
Magic Desktop
Malwarebytes' Anti-Malware versión 1.51.2.1300
Mesh Runtime
Messenger Companion
Microsoft Office Access MUI (Spanish) 2010
Microsoft Office Excel MUI (Spanish) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (Spanish) 2010
Microsoft Office Outlook MUI (Spanish) 2010
Microsoft Office PowerPoint MUI (Spanish) 2010
Microsoft Office Proof (Basque) 2010
Microsoft Office Proof (Catalan) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Galician) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Spanish) 2010
Microsoft Office Publisher MUI (Spanish) 2010
Microsoft Office Shared MUI (Spanish) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Spanish) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 es-ES)
MSVCRT
MSVCRT_amd64
Norton Internet Security
Norton Online Backup
Penguins!
PhotoNow!
Plants vs. Zombies
Polar Bowler
Power2Go
PowerDirector
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Software
Recovery Manager
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Word 2010 (KB2345000)
Skype Toolbars
Skype™ 5.3
Slingo Deluxe
Uniblue RegistryBooster
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Virtual Villagers - The Secret City
Wedding Dash
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/17/2011 1:25:27 AM, Error: Microsoft-Windows-DNS-Client [1012] - Error al intentar leer el archivo local de hosts.
11/16/2011 9:30:22 PM, Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Windows Presentation Foundation Font Cache 3.0.0.0.
11/16/2011 9:30:22 PM, Error: Service Control Manager [7000] - El servicio Windows Presentation Foundation Font Cache 3.0.0.0 no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
11/16/2011 9:29:46 PM, Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio HP Wireless Assistant Service.
11/16/2011 9:29:46 PM, Error: Service Control Manager [7000] - El servicio HP Wireless Assistant Service no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
11/16/2011 9:29:16 PM, Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio HP Support Assistant Service.
11/16/2011 9:29:16 PM, Error: Service Control Manager [7000] - El servicio HP Support Assistant Service no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
11/16/2011 9:28:14 PM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/16/2011 9:26:17 PM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/16/2011 9:26:17 PM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/16/2011 9:10:59 PM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/16/2011 4:57:07 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - No se inicializó un motor de entrega multimedia con identificador '0' debido al error '0x80070005' al agregar la dirección URL 'http://+:10243/WMPNSSv4/974091226/'. Reinicie el equipo y después reinicie el servicio WMPNetworkSvc. Si el problema continúa, reinstale el Reproductor de Windows Media de ser posible.
11/16/2011 4:57:07 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - No se inicializó un motor de entrega multimedia con identificador '0' debido al error '0x80070005' al agregar la dirección URL 'http://+:10243/WMPNSSv4/974091226/'. Reinicie el equipo y después reinicie el servicio WMPNetworkSvc. Si el problema continúa, reinstale el Reproductor de Windows Media de ser posible.
11/16/2011 4:57:07 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - No se inicializó un motor de entrega multimedia con identificador '0' debido al error '0x80070005' al agregar la dirección URL 'http://+:10243/WMPNSSv4/963002795/'. Reinicie el equipo y después reinicie el servicio WMPNetworkSvc. Si el problema continúa, reinstale el Reproductor de Windows Media de ser posible.
11/16/2011 4:57:07 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - No se inicializó un motor de entrega multimedia con identificador '0' debido al error '0x80070005' al agregar la dirección URL 'http://+:10243/WMPNSSv4/963002795/'. Reinicie el equipo y después reinicie el servicio WMPNetworkSvc. Si el problema continúa, reinstale el Reproductor de Windows Media de ser posible.
11/16/2011 4:57:07 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - No se puede inicializar un nuevo servidor multimedia debido al error "0x80070005" al inicializar el Motor de entrega de Windows Media. Reinicie el equipo y después reinicie el servicio WMPNetworkSvc. Si el problema continúa, reinstale el Reproductor de Windows Media de ser posible.
11/16/2011 4:57:07 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - No se puede inicializar un nuevo servidor multimedia debido al error "0x80070005" al inicializar el Motor de entrega de Windows Media. Reinicie el equipo y después reinicie el servicio WMPNetworkSvc. Si el problema continúa, reinstale el Reproductor de Windows Media de ser posible.
11/16/2011 4:57:07 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - No se puede inicializar un nuevo servidor multimedia debido al error "0x80070005" al inicializar el Motor de entrega de Windows Media. Reinicie el equipo y después reinicie el servicio WMPNetworkSvc. Si el problema continúa, reinstale el Reproductor de Windows Media de ser posible.
11/16/2011 4:57:07 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - No se puede inicializar un nuevo servidor multimedia debido al error "0x80070005" al inicializar el Motor de entrega de Windows Media. Reinicie el equipo y después reinicie el servicio WMPNetworkSvc. Si el problema continúa, reinstale el Reproductor de Windows Media de ser posible.
11/16/2011 4:53:15 PM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/16/2011 4:53:15 PM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/16/2011 4:42:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80070643: Windows Internet Explorer 9 para Windows 7 para sistemas basados en x64.
11/16/2011 3:14:45 PM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/16/2011 3:13:35 PM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/16/2011 3:13:35 PM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/16/2011 2:39:46 PM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/16/2011 2:38:38 PM, Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: BHDrvx64
11/16/2011 2:38:21 PM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/16/2011 2:38:21 PM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/16/2011 10:18:49 PM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/16/2011 10:17:23 PM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/16/2011 10:17:23 PM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/15/2011 7:15:43 PM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/15/2011 7:15:06 PM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/15/2011 7:15:06 PM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/15/2011 3:29:52 PM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/15/2011 3:28:44 PM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/15/2011 3:28:44 PM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/15/2011 12:44:45 AM, Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio HPWMISVC.
11/15/2011 12:43:54 AM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/15/2011 12:43:54 AM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/15/2011 10:38:22 PM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/15/2011 10:37:43 PM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/15/2011 10:37:43 PM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/14/2011 8:47:59 PM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/14/2011 8:47:59 PM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/14/2011 5:13:08 AM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/14/2011 5:12:13 AM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/14/2011 5:12:13 AM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/13/2011 12:39:58 PM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/13/2011 12:39:04 PM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/13/2011 12:39:04 PM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/12/2011 4:18:10 AM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/12/2011 4:16:48 AM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/12/2011 4:16:48 AM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/12/2011 1:20:34 PM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/12/2011 1:19:12 PM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/12/2011 1:19:12 PM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/11/2011 11:34:14 PM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/11/2011 11:32:49 PM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/11/2011 11:32:49 PM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/11/2011 11:31:33 PM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/11/2011 11:30:03 PM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/11/2011 11:30:03 PM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/10/2011 3:32:13 AM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/10/2011 3:29:03 PM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/10/2011 3:28:08 PM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/10/2011 3:28:08 PM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/10/2011 3:24:39 AM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/10/2011 3:24:39 AM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/10/2011 2:18:00 AM, Error: Service Control Manager [7024] - El servicio Escucha de Grupo Hogar se cerró con el error específico de servicio %%-2147023143.
11/10/2011 2:17:23 AM, Error: Service Control Manager [7001] - El servicio Firewall de Windows depende del servicio Controlador de autorización de Firewall de Windows, el cual no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
11/10/2011 2:17:23 AM, Error: Service Control Manager [7000] - El servicio Controlador de autorización de Firewall de Windows no pudo iniciarse debido al siguiente error: No se puede crear un archivo que ya existe.
.
==== End Of File ===========================

 

[Guiri1988]

THANK YOU THANK YOU THANK YOU THANK YOU again for your help reguarding this issue. It is GREATLY appreciated

 

[Broni]

You're very welcome

What is the exact wording of Norton's detection?

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Guiri1988]

okay, Im running aswMBR.exe now. My computer is in Spanish, as I bought it in Spain. But it basically says that Norton has detected a threat from the Tidserv Activity 2, and that it must be deleted manually.

 

[Broni]

Is that all info you're getting from Norton?

 

[Guiri1988]

Yes, they tell me I need to delete it manually, Then they offer me a remover that I downloaded that was suppose to remove it, but It didn´t work. I know where the damn virus is too. Its in my windows c drive in one of the files, its disguising its self there I just don´t know how to delete the darn thing! Thanks for your help and patience with this I really do appreciate it and know your busy. Any help you can offer at your nearest convinience would be greatly appreciated


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-17 03:28:51
-----------------------------
03:28:51.332 OS Version: Windows x64 6.1.7601 Service Pack 1
03:28:51.332 Number of processors: 2 586 0x603
03:28:51.334 ComputerName: SDF-1 UserName: Paul
03:28:52.619 Initialize success
03:28:57.409 AVAST engine defs: 11111601
03:29:03.075 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
03:29:03.077 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 11
03:29:05.105 Disk 0 MBR read successfully
03:29:05.111 Disk 0 MBR scan
03:29:05.131 Disk 0 unknown MBR code
03:29:05.138 Service scanning
03:29:06.674 Modules scanning
03:29:06.682 Disk 0 trace - called modules:
03:29:06.707 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
03:29:06.715 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004609760]
03:29:06.725 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8004592b80]
03:29:06.733 5 amdxata.sys[fffff880010fa7a8] -> nt!IofCallDriver -> [0xfffffa8004590280]
03:29:06.744 7 ACPI.sys[fffff88000edd7a1] -> nt!IofCallDriver -> \Device\00000060[0xfffffa8004588870]
03:29:08.457 AVAST engine scan C:\Windows
03:29:43.767 AVAST engine scan C:\Windows\system32
03:33:30.840 AVAST engine scan C:\Windows\system32\drivers
03:34:06.566 AVAST engine scan C:\Users\Paul
04:59:09.747 AVAST engine scan C:\ProgramData
05:21:01.948 Scan finished successfully
05:22:53.203 Disk 0 MBR has been saved successfully to "C:\Users\Paul\Desktop\MBR.dat"
05:22:53.209 The log file has been saved successfully to "C:\Users\Paul\Desktop\aswMBR.txt"

 

[Broni]

So far no scan detects any rootkit activity, but go on....

 

[Guiri1988]

Okay, I Redid the aswMBR scan. The first time i did it, it found a corruption, but my comp. died soooo it didn´t save the log -_- I re-did the scan, and here are the results with the corruption detected. I´m also in the process of doing the combofix scan

 

[Guiri1988]

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-18 00:24:13
-----------------------------
00:24:13.971 OS Version: Windows x64 6.1.7601 Service Pack 1
00:24:13.971 Number of processors: 2 586 0x603
00:24:13.973 ComputerName: SDF-1 UserName: Paul
00:24:15.715 Initialize success
00:25:42.189 AVAST engine defs: 11111703
00:25:48.321 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
00:25:48.326 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 11
00:25:50.378 Disk 0 MBR read successfully
00:25:50.383 Disk 0 MBR scan
00:25:50.393 Disk 0 unknown MBR code
00:25:50.400 Service scanning
00:25:52.576 Modules scanning
00:25:52.584 Disk 0 trace - called modules:
00:25:52.613 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
00:25:52.617 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004609730]
00:25:52.621 3 CLASSPNP.SYS[fffff88001b8e43f] -> nt!IofCallDriver -> [0xfffffa800458cb80]
00:25:52.625 5 amdxata.sys[fffff880011307a8] -> nt!IofCallDriver -> [0xfffffa8004588d20]
00:25:52.630 7 ACPI.sys[fffff88000eaa7a1] -> nt!IofCallDriver -> \Device\00000060[0xfffffa8004588660]
00:25:56.119 AVAST engine scan C:\Windows
00:25:58.748 AVAST engine scan C:\Windows\system32
00:26:12.371 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen
00:28:22.350 AVAST engine scan C:\Windows\system32\drivers
00:28:40.594 AVAST engine scan C:\Users\Paul
00:29:20.602 Disk 0 MBR has been saved successfully to "C:\Users\Paul\Desktop\MBR.dat"
00:29:20.608 The log file has been saved successfully to "C:\Users\Paul\Desktop\aswMBR.txt"

 

[Broni]

Proceed with Combofix.

 

[Guiri1988]

ComboFix 11-11-17.03 - Paul 11/18/2011 0:37.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.3835.2087 [GMT -2:00]
Running from: c:\users\Paul\AppData\Local\Temp\6vk1b9n2.tmp\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Paul\AppData\Roaming\2ABC.06B
c:\users\Paul\AppData\Roaming\ldr.ini
c:\users\Paul\AppData\Roaming\Microsoft\conhost.exe
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud Protection
c:\users\Paul\Documents\~WRL0003.tmp
c:\users\Paul\Documents\~WRL0005.tmp
c:\users\Paul\Documents\~WRL2805.tmp
c:\windows\assembly\tmp\U
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-18 03:44 . 2011-11-18 03:44 -------- d-----w- c:\users\Invitado\AppData\Local\temp
2011-11-18 03:44 . 2011-11-18 03:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-17 14:07 . 2011-11-17 15:17 -------- d-----w- c:\programdata\Recovery
2011-11-16 17:25 . 2011-11-16 17:25 -------- d-----w- c:\windows\system32\SPReview
2011-11-16 17:24 . 2011-11-16 17:24 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
2011-11-16 17:24 . 2011-11-16 17:24 -------- d-----w- c:\programdata\Malwarebytes
2011-11-16 17:24 . 2011-11-16 17:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-16 17:24 . 2011-08-31 19:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-16 17:21 . 2011-11-16 17:21 -------- d-----w- c:\windows\system32\EventProviders
2011-11-16 17:04 . 2011-11-16 17:04 -------- d-----w- c:\program files (x86)\Safari
2011-11-16 17:02 . 2011-11-16 17:02 -------- d-----w- c:\program files\Bonjour
2011-11-16 17:02 . 2011-11-16 17:02 -------- d-----w- c:\program files (x86)\Bonjour
2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-11-10 17:36 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 17:36 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-10 17:36 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 17:36 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 18:13 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-11-07 18:13 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-11-03 15:12 . 2011-11-03 15:12 -------- d-----w- c:\users\Paul\AppData\Roaming\Tific
2011-11-03 15:10 . 2011-11-03 15:10 -------- d-----w- c:\users\Paul\AppData\Local\Symantec
2011-10-22 14:52 . 2011-10-22 14:52 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 18:16 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-11-16 18:16 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-10-01 03:25 . 2011-10-11 23:45 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-11 23:45 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-13 00:26 . 2011-10-12 14:16 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7A42F17-8B8E-4A40-9BA9-B6BC66159A83}\mpengine.dll
2011-08-31 01:05 . 2011-08-31 01:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 01:05 . 2011-08-31 01:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 01:05 . 2011-08-31 01:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 01:05 . 2011-08-31 01:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 01:05 . 2011-08-31 01:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 01:05 . 2011-08-31 01:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 01:05 . 2011-08-31 01:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 01:05 . 2011-08-31 01:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-08-27 05:37 . 2011-10-11 23:45 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-11 23:45 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-11 23:45 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-27 04:26 . 2011-10-11 23:45 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-20 05:37 . 2011-10-11 23:46 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 04:31 . 2011-10-11 23:46 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-09 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2011-01-14 67456]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-30 102400]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-07-02 602680]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-06-02 61112]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servicio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-17 315392]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Servicio de Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 136176]
R3 netr28x;Controlador inalámbrico para Windows Vista Ralink 802.11n;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20111114.002_612\BHDrvx64.sys [2011-11-14 1156216]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20111117.030\IDSvia64.sys [2011-11-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-07-02 27192]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 08:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 15:29]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 15:29]
.
2011-11-13 c:\windows\Tasks\HPCeeScheduleForPaul.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
2011-11-18 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-14 12:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"combofix"="c:\combofix\CF26652.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Enviar a OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\hh5iqkrk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.slaago.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=WIc6A0ZQ&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60788
FF - prefs.js: network.proxy.type - 2
FF - user.js: keyword.URL - hxxp://www.slaago.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=WIc6A0ZQ&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-conhost - c:\users\Paul\AppData\Roaming\Microsoft\conhost.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3669719314-2236979326-3172160180-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-3669719314-2236979326-3172160180-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3669719314-2236979326-3172160180-1001)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3669719314-2236979326-3172160180-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3669719314-2236979326-3172160180-1001)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3669719314-2236979326-3172160180-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-3669719314-2236979326-3172160180-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3669719314-2236979326-3172160180-1001)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3669719314-2236979326-3172160180-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3669719314-2236979326-3172160180-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3669719314-2236979326-3172160180-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3669719314-2236979326-3172160180-1001)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3669719314-2236979326-3172160180-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3669719314-2236979326-3172160180-1001)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3669719314-2236979326-3172160180-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2011-11-18 01:56:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-18 03:56
.
Pre-Run: 503.533.199.360 bytes libres
Post-Run: 505.559.785.472 bytes libres
.
- - End Of File - - B104B54F6C52EC9AF2CC56E55AC8A9A7

 

[Broni]

Looks good now

Is Norton still complaining?

Uninstall Uniblue RegistryBooster.
Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

=============================================================

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Guiri1988]

norton stopped complaining so I think I´m all good now Thank You again for your time and assistance. I GREATLY appreciate it and cannot thank you enough

 

[Guiri1988]

OTL logfile created on: 11/18/2011 9:07:51 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paul\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: MM/dd/yyyy

3,75 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 54,56% Memory free
7,49 Gb Paging File | 5,41 Gb Available in Paging File | 72,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580,18 Gb Total Space | 470,46 Gb Free Space | 81,09% Space Free | Partition Type: NTFS
Drive D: | 15,69 Gb Total Space | 2,26 Gb Free Space | 14,41% Space Free | Partition Type: NTFS
Drive E: | 4,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SDF-1 | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/18 20:59:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Downloads\OTL.exe
PRC - [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2011/09/27 07:22:50 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
PRC - [2011/04/16 22:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/25 07:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/20 10:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/07/02 07:51:16 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/07/02 07:48:24 | 000,602,680 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/04/23 08:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/03/18 10:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/18 02:13:32 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/11/18 02:13:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/11/18 02:13:06 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/11/18 02:12:57 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/11/18 02:12:43 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/11/18 02:12:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/11/18 02:12:34 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/11/18 02:12:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/11/18 02:12:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c00727112fd9ff7a0c374248b8913656\System.Xml.ni.dll
MOD - [2011/11/18 02:12:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/11/18 02:12:16 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/11/18 02:12:11 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/10/22 12:54:21 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/12 21:35:42 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/04 23:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010/11/04 23:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/05/19 06:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/05/19 06:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/05/19 06:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/02/09 14:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/09 14:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/09 14:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/09 14:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/09 14:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/09 14:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/09 14:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/09 14:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 15:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/30 11:19:14 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/18 12:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 11:54:20 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/04/16 22:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/28 15:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 07:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/07/02 07:51:16 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/01 11:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/03 21:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 10:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/18 00:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Archivos de programa\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/08 16:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/05/11 13:20:19 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/31 01:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 01:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/15 00:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/27 04:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 03:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 11:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/22 21:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/06/30 11:51:20 | 006,792,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/30 10:46:16 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/31 17:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/06 11:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/16 01:26:28 | 000,319,536 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/10 04:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/02/05 01:06:00 | 001,093,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/12/21 21:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/08 00:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/08 00:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/22 23:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 19:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 19:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 19:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 18:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 18:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 18:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 18:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 10:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/11/17 07:33:27 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20111118.004\EX64.SYS -- (NAVEX15)
DRV - [2011/11/17 07:33:27 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20111118.004\ENG64.SYS -- (NAVENG)
DRV - [2011/11/15 16:24:58 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20111117.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/14 19:31:30 | 001,156,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20111114.002_612\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 21:21:55 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 21:21:55 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/22 23:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/10

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DA 52 C1 12 E2 97 FF 40 B4 03 FA E5 55 89 7F 41 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.1.3
FF - prefs.js..keyword.URL: "http://www.slaago.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=WIc6A0ZQ&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60788
FF - prefs.js..network.proxy.type: 2

FF - user.js..keyword.URL: "http://www.slaago.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=WIc6A0ZQ&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2011/09/30 20:00:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_1_3 [2011/11/18 20:43:32 | 000,000,000 | ---D | M]

[2011/02/04 13:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Extensions
[2011/06/22 10:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\hh5iqkrk.default\extensions
[2011/03/31 17:01:05 | 000,002,396 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\hh5iqkrk.default\searchplugins\askcom.xml
[2011/03/16 18:02:42 | 000,002,198 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\hh5iqkrk.default\searchplugins\google-search.xml
[2011/11/18 02:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/11/16 20:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/09/30 20:00:58 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPLGN
[2010/11/12 15:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/11/18 01:48:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{277475FC-646D-410E-B773-8A03B4C83F6A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

[Guiri1988]

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/18 01:56:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/18 01:48:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/18 00:34:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/18 00:34:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/18 00:34:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/18 00:34:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/18 00:33:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/17 12:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2011/11/16 15:25:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/11/16 15:24:39 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2011/11/16 15:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/16 15:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/16 15:24:04 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/16 15:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/16 15:21:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/11/16 15:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2011/11/16 15:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/16 15:02:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/11/16 15:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/11/14 10:47:52 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{2CCC7C4F-E2AE-446B-86DC-215C48CE4B22}
[2011/11/14 10:47:40 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{25D6CA44-BABA-44F6-A22F-EBAF90ACC5DD}
[2011/11/12 04:40:04 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{199F086E-C25D-412A-ACF1-709C7EDF88DD}
[2011/11/06 00:10:35 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{C5E59E00-975A-44B7-BA17-AC027ABFDBD1}
[2011/11/04 01:54:12 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{E20FD84F-EA3B-47E9-A302-422461F2ACFB}
[2011/11/04 01:54:01 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{5FD8D606-6050-489B-AA22-5539D648979D}
[2011/11/03 13:41:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{D88F662F-2371-4696-BAD2-DB8235B10A4F}
[2011/11/03 13:41:15 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{1E52B025-3B74-45FC-AC0D-673CE8D27EE8}
[2011/11/03 13:12:47 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Tific
[2011/11/03 13:10:20 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Symantec
[2011/10/27 14:39:16 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{9B986B81-E134-4C30-B9C3-322F6FB64E7B}
[2011/10/27 14:39:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{9D5DDDA6-890C-44D7-814C-0FF6B0522F5C}
[2011/10/22 12:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2011/10/22 12:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}

========== Files - Modified Within 30 Days ==========

[2011/11/18 21:07:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/18 20:51:16 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 20:51:16 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 20:50:11 | 001,557,394 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/18 20:50:11 | 000,704,518 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2011/11/18 20:50:11 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/18 20:50:11 | 000,138,226 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2011/11/18 20:50:11 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/18 20:47:15 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/18 20:43:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/18 20:43:09 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/18 02:03:09 | 000,426,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/18 01:48:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/18 00:29:20 | 000,000,512 | ---- | M] () -- C:\Users\Paul\Desktop\MBR.dat
[2011/11/16 22:38:36 | 001,545,858 | ---- | M] () -- C:\Users\Paul\Desktop\tdsskiller.zip
[2011/11/16 15:24:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/16 15:04:18 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/11/14 12:29:10 | 737,183,490 | R--- | M] () -- C:\Users\Paul\Desktop\Rudo Y Cursi.avi
[2011/11/13 12:39:04 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPaul.job
[2011/11/08 17:15:36 | 000,000,109 | ---- | M] () -- C:\Users\Paul\webct_upload_applet.properties

========== Files Created - No Company Name ==========

[2011/11/18 00:34:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/18 00:34:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/18 00:34:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/18 00:34:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/18 00:34:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/18 00:29:20 | 000,000,512 | ---- | C] () -- C:\Users\Paul\Desktop\MBR.dat
[2011/11/16 22:38:28 | 001,545,858 | ---- | C] () -- C:\Users\Paul\Desktop\tdsskiller.zip
[2011/11/16 15:24:17 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/16 15:04:17 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/11/16 15:04:14 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/11/14 12:06:29 | 737,183,490 | R--- | C] () -- C:\Users\Paul\Desktop\Rudo Y Cursi.avi
[2011/05/07 17:13:06 | 000,001,854 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\GhostObjGAFix.xml
[2011/02/04 19:38:38 | 001,584,422 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/08 17:41:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/08 17:34:27 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/09/08 17:33:32 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/09/08 17:33:32 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/09/08 17:30:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/07/20 13:21:51 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/20 12:31:32 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/07/20 10:51:01 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010/04/28 23:17:52 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/02/09 14:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 03:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 00:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 22:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 19:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 19:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/10/13 22:44:25 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\906B2
[2011/10/13 22:44:25 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\B2ABC
[2011/08/15 04:26:30 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FrostWire
[2011/10/13 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\fuuuvDD2obFpm
[2011/11/18 20:48:11 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\go
[2011/10/13 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\iELqhYXUelOBz0y
[2011/10/13 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\l888ggRZq
[2011/10/13 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\mXXwwkUUVelBt
[2011/03/31 13:26:16 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OpenCandy
[2011/02/12 20:53:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\SoftGrid Client
[2011/11/03 13:12:47 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Tific
[2011/02/04 19:39:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\TP
[2011/03/31 13:27:33 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Uniblue
[2011/07/20 20:48:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Windows Live Writer
[2011/10/13 22:43:03 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\XTTTXwwjUCeIB
[2011/02/04 13:06:48 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\_MDLogs
[2011/10/29 16:01:15 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 23:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/11/18 01:56:33 | 000,022,822 | ---- | M] () -- C:\ComboFix.txt
[2011/11/18 20:43:09 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/18 20:43:18 | 4021,186,560 | -HS- | M] () -- C:\pagefile.sys
[2011/11/17 02:05:32 | 000,165,800 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_17.11.2011_01.57.23_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 03:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 03:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 03:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 03:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 18:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/09 23:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 02:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/02/04 13:09:18 | 000,000,221 | -HS- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/10/14 16:20:03 | 000,815,312 | ---- | M] (Symantec Corporation) -- C:\Users\Paul\Desktop\NBRT-SOS-Downloader.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 19:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/11/16 16:57:00 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/11/16 16:57:00 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/11/16 16:57:00 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/11/16 16:57:00 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/11/16 16:57:00 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/11/16 16:57:00 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/11/16 21:10:43 | 000,000,402 | -HS- | M] () -- C:\Users\Paul\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/08 17:46:36 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/07/20 12:21:03 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/09/08 17:46:07 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/07/20 12:16:07 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/09/08 17:45:29 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/09/08 17:46:24 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/07/20 12:15:07 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2010/07/20 12:20:25 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/09/08 17:46:50 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

[Guiri1988]

OTL Extras logfile created on: 11/18/2011 9:07:51 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paul\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: MM/dd/yyyy

3,75 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 54,56% Memory free
7,49 Gb Paging File | 5,41 Gb Available in Paging File | 72,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580,18 Gb Total Space | 470,46 Gb Free Space | 81,09% Space Free | Partition Type: NTFS
Drive D: | 15,69 Gb Total Space | 2,26 Gb Free Space | 14,41% Space Free | Partition Type: NTFS
Drive E: | 4,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SDF-1 | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
"{42081A74-B2BB-B64E-ABF5-9CEE13974355}" = ATI Catalyst Install Manager
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B72AB8-52E9-4D34-99A9-BC7377EB35DE}" = HP Wireless Assistant
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2010
"{90140000-006D-0C0A-1000-0000000FF1CE}" = Hacer clic y ejecutar de Microsoft Office 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E0A6C0AA-8580-82CF-3D5F-5F32F8DE9A01}" = ccc-utility64
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{093B1CF6-C00F-BD98-A8B7-C20D0AB36074}" = Catalyst Control Center Graphics Light
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0D901B50-9D9C-64A2-136E-7CC4DD9FBDB4}" = CCC Help German
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{303D7F80-2108-9679-149F-64A7AEF13C26}" = CCC Help Czech
"{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B7301EA-5833-CDAC-E4A4-6442EEDEBD87}" = CCC Help Korean
"{3CD48ADA-3A4F-999C-2BAA-64DF229FF839}" = CCC Help Turkish
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{553EFB44-564E-2F68-9A24-A59765B81000}" = CCC Help Russian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{671BF921-422D-BA7E-5158-5264ACE51C9D}" = CCC Help Portuguese
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A65C27A-830B-77E6-43D1-52F236AF9A16}" = CCC Help Greek
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F75DDF4-09D6-7ED2-8DA9-61F0B57FCF81}" = CCC Help Dutch
"{8064A439-ACA7-3E32-3630-FC22155FEB4E}" = CCC Help English
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{810005FC-9F35-5EAB-1479-B1E7DEAB44D5}" = CCC Help Norwegian
"{820F8A24-8C77-3B64-D90A-C23D211BEDA9}" = Catalyst Control Center Graphics Previews Common
"{824A35FE-EAB8-48E5-89EC-94D7D730C5FB}" = HP Software Framework
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89C0094C-9508-6BE5-8445-4ADDC9BD2681}" = CCC Help Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DAD8A5E-6B6A-C4DC-D2A7-02CD66702F31}" = Catalyst Control Center Core Implementation
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EEA74DA-5E7E-5E51-817C-FFAEACEBF3B3}" = CCC Help Chinese Traditional
"{8F8EDCB5-1042-4598-D413-1DD04FC7EA27}" = CCC Help Hungarian
"{90140000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010
"{90140000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010
"{90140000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010
"{90140000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010
"{90140000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010
"{90140000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010
"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010
"{90140000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}" = Windows Live Sync
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96EB53BC-8225-A97A-FF5C-B33F85DD5B86}" = CCC Help French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBDA769-3D13-095F-77BA-35AED9D54D4C}" = CCC Help Thai
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB418F5A-4AB2-999B-19EA-8BB9C311B70C}" = Catalyst Control Center Graphics Full Existing
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
"{B360E24A-BF25-4353-AA79-1B54F509024A}" = HP Documentation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BCE6F36E-4FA9-C700-CA8F-04EE0702FB32}" = CCC Help Spanish
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C5755376-76B8-52F7-7357-3E7CA61C7168}" = CCC Help Finnish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA12CCA6-A4C8-5796-C29E-4ADA9E5DE596}" = Catalyst Control Center Graphics Previews Vista
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE0F869E-2504-4F92-2BD2-DD996E7010B7}" = CCC Help Danish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2CB8122-63AF-D5C8-299F-C67A1EF343C3}" = CCC Help Polish
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEEF336C-5C79-3846-7AD1-7693CCA99659}" = CCC Help Chinese Standard
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E103722E-7E7F-5783-3685-DE7370908470}" = Catalyst Control Center InstallProxy
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E6E7A082-A47D-7059-ACBD-36FDA02695EC}" = Catalyst Control Center Graphics Full New
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF83E9E7-FFE9-B86A-94C9-95D8F5EF2320}" = Catalyst Control Center Localization All
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CDD8A0-5E3B-F975-AA54-C725477E5067}" = ccc-core-static
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD71BC19-4A59-75F5-E4EF-4AEC3E6BF12E}" = CCC Help Japanese
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEC06A8C-01A7-5CF5-923F-CD2D34229E4B}" = CCC Help Swedish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"EasyBits Magic Desktop" = Magic Desktop
"FrostWire" = FrostWire 4.21.8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versión 1.51.2.1300
"My HP Game Console" = HP Game Console
"NIS" = Norton Internet Security
"Office14.Click2Run" = Hacer clic y ejecutar de Microsoft Office 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087420" = Agatha Christie - Death on the Nile
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/17/2011 5:36:18 AM | Computer Name = SDF-1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3074

Error - 11/17/2011 5:36:19 AM | Computer Name = SDF-1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/17/2011 5:36:19 AM | Computer Name = SDF-1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4072

Error - 11/17/2011 5:36:19 AM | Computer Name = SDF-1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4072

Error - 11/17/2011 1:12:53 PM | Computer Name = SDF-1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/17/2011 1:12:53 PM | Computer Name = SDF-1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 27398097

Error - 11/17/2011 1:12:53 PM | Computer Name = SDF-1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 27398097

Error - 11/17/2011 1:14:57 PM | Computer Name = SDF-1 | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: WebKit2WebProcess.exe, versión:
7534.51.22.9, marca de tiempo: 0x4e813035 Nombre del módulo con errores: WebKit.dll,
versión: 7534.51.22.9, marca de tiempo: 0x4e81301f Código de excepción: 0xc0000005
Desplazamiento
de errores: 0x0002ce98 Id. del proceso con errores: 0xc90 Hora de inicio de la aplicación
con errores: 0x01cca50b901e6128 Ruta de acceso de la aplicación con errores: C:\Program
Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe Ruta
de acceso del módulo con errores: C:\Program Files (x86)\Common Files\Apple\Apple
Application Support\WebKit.dll Id. del informe: abed1f5f-113f-11e1-8f4f-90fba6c088f8

Error - 11/17/2011 1:20:09 PM | Computer Name = SDF-1 | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: Safari.exe, versión: 5.34.51.22,
marca de tiempo: 0x4e824093 Nombre del módulo con errores: MSVCR80.dll, versión:
8.0.50727.6195, marca de tiempo: 0x4dcddbf3 Código de excepción: 0xc0000005 Desplazamiento
de errores: 0x000172d7 Id. del proceso con errores: 0x10e0 Hora de inicio de la aplicación
con errores: 0x01cca50b888cc10b Ruta de acceso de la aplicación con errores: C:\Program
Files (x86)\Safari\Safari.exe Ruta de acceso del módulo con errores: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Id.
del informe: 661b1d5a-1140-11e1-8f4f-90fba6c088f8

Error - 11/17/2011 11:45:52 PM | Computer Name = SDF-1 | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

[ Hewlett-Packard Events ]
Error - 02/05/2011 8:56:38 AM | Computer Name = SDF-1 | Source = Hewlett-Packard | ID = 0
Description = es-ES Error no especificado en el subproceso de representación. PresentationCore

en System.Windows.Media.MediaContext.NotifyPartitionIsZombie(Int32 failureCode)

en System.Windows.Media.MediaContext.NotifyChannelMessage() en System.Windows.Media.MediaContext.CompleteRender()

en System.Windows.Media.MediaContext.LeaveInterlockedPresentation() en System.Windows.Media.MediaContext.DisconnectHandler(Object
obj) en System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) en System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


[ HP Wireless Assistant Events ]
Error - 10/28/2011 3:48:53 PM | Computer Name = SDF-1 | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 en HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) en HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 10/28/2011 3:49:05 PM | Computer Name = SDF-1 | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 en HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) en HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 10/28/2011 3:49:54 PM | Computer Name = SDF-1 | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 en HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) en HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 10/28/2011 3:49:55 PM | Computer Name = SDF-1 | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 en HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) en HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 10/29/2011 2:02:58 PM | Computer Name = SDF-1 | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 en HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) en HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 10/29/2011 2:03:26 PM | Computer Name = SDF-1 | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 en HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) en HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 10/29/2011 2:03:30 PM | Computer Name = SDF-1 | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 en HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) en HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/16/2011 7:36:43 PM | Computer Name = SDF-1 | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error en la aplicación. en HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) en HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) en HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 11/16/2011 7:38:21 PM | Computer Name = SDF-1 | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 11/18/2011 6:46:01 PM | Computer Name = SDF-1 | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 en HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) en HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ System Events ]
Error - 11/17/2011 9:56:38 PM | Computer Name = SDF-1 | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Error al intentar leer el archivo local de hosts.

Error - 11/17/2011 10:35:22 PM | Computer Name = SDF-1 | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Error al intentar leer el archivo local de hosts.

Error - 11/17/2011 10:43:06 PM | Computer Name = SDF-1 | Source = Service Control Manager | ID = 7030
Description = El servicio PEVSystemStart ha sido marcado como servicio interactivo.
Sin embargo, el sistema está configurado para no permitir servicios interactivos.
Este servicio puede tener un funcionamiento incorrecto.

Error - 11/17/2011 11:44:03 PM | Computer Name = SDF-1 | Source = Application Popup | ID = 1060
Description = Se bloqueó la carga de \??\C:\ComboFix\catchme.sys por una incompatibilidad
con este sistema. Póngase en contacto con el fabricante del software para obtener
una versión compatible del controlador.

Error - 11/17/2011 11:45:10 PM | Computer Name = SDF-1 | Source = Service Control Manager | ID = 7030
Description = El servicio PEVSystemStart ha sido marcado como servicio interactivo.
Sin embargo, el sistema está configurado para no permitir servicios interactivos.
Este servicio puede tener un funcionamiento incorrecto.

Error - 11/17/2011 11:45:30 PM | Computer Name = SDF-1 | Source = Service Control Manager | ID = 7030
Description = El servicio PEVSystemStart ha sido marcado como servicio interactivo.
Sin embargo, el sistema está configurado para no permitir servicios interactivos.
Este servicio puede tener un funcionamiento incorrecto.

Error - 11/17/2011 11:49:46 PM | Computer Name = SDF-1 | Source = Service Control Manager | ID = 7000
Description = El servicio HP Support Assistant Service no pudo iniciarse debido
al siguiente error: %%31

Error - 11/17/2011 11:49:46 PM | Computer Name = SDF-1 | Source = Service Control Manager | ID = 7000
Description = El servicio HP Wireless Assistant Service no pudo iniciarse debido
al siguiente error: %%31

Error - 11/17/2011 11:49:46 PM | Computer Name = SDF-1 | Source = Service Control Manager | ID = 7000
Description = El servicio RtVOsdService Installer no pudo iniciarse debido al siguiente
error: %%31

Error - 11/17/2011 11:52:33 PM | Computer Name = SDF-1 | Source = Service Control Manager | ID = 7022
Description = El servicio Windows Update no respondió después de iniciar.


< End of report >

 

[Broni]

Good news

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  FF - prefs.js..browser.search.defaultengine: "Ask.com"
  FF - prefs.js..browser.search.defaultenginename: "Ask.com"
  FF - prefs.js..browser.search.order.1: "Ask.com"
  [2011/03/31 17:01:05 | 000,002,396 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\hh5iqkrk.default\sea rchplugins\askcom.xml
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  O8:64bit: - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
  O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
  O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
  O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
  O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
  O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
  [2011/10/13 22:44:25 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\906B2
  [2011/10/13 22:44:25 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\B2ABC
  [2011/10/13 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\fuuuvDD2obFpm
  [2011/10/13 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\iELqhYXUelOBz0y
  [2011/10/13 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\l888ggRZq
  [2011/10/13 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\mXXwwkUUVelBt
  [2011/03/31 13:27:33 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Uniblue
  [2011/10/13 22:43:03 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\XTTTXwwjUCeIB
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

===========================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

==============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Guiri1988]

Files\Folders moved on Reboot...
C:\Users\Paul\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...