Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojans tracur, sefnit, maljava AND ghistler software dplayersvr all k


  • Please log in to reply

#1
louuu

louuu

    Member

  • Member
  • PipPipPip
  • 223 posts
thank you in advance for your kind help, its sincerely appreciated.

my norton internet security keeps detecting and removing the following, but they keep coming back. 3 various trojans called tracur, sefnit and maljava and also another program by ghistler software called dplayersvr. i remove them and everything seems ok, but later on it returns. also, when the ghistler software dplayersvr is present i cannot do any searches on yahoo as when i attempt to do a search it freezes. i have run a full norton scan and a full malware antibytes scan. both scans removed items, but it seems they keep coming back randomly. im assuming the infection is somewhere in my computer that is allowing it to return. please note i dont get all 3 trojans at once. its one or the other, but one at a time. im attaching the otl log as requested. ps - norton kept stopping me from downloading otl, so i had to turn norton off and then i downloaded otl and ran it. after i turned norton back on it uninstalled all the otl files from my system.

OTL logfile created on: 5/4/2012 4:59:42 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Luis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.98 Gb Total Physical Memory | 10.05 Gb Available Physical Memory | 83.90% Memory free
41.28 Gb Paging File | 39.23 Gb Available in Paging File | 95.04% Paging File free
Paging file location(s): c:\pagefile.sys 30000 40000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1835.67 Gb Total Space | 1397.25 Gb Free Space | 76.12% Space Free | Partition Type: NTFS
Drive F: | 2794.39 Gb Total Space | 590.69 Gb Free Space | 21.14% Space Free | Partition Type: NTFS

Computer Name: LUIS | User Name: Luis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/04 16:59:07 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/02 04:32:02 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/06/17 11:02:10 | 001,000,896 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2011/02/15 07:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2010/03/03 20:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
PRC - [2010/03/03 20:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
PRC - [2007/10/02 12:23:26 | 002,482,176 | ---- | M] (DigiPortal Software, Inc.) -- C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe
PRC - [2007/10/02 12:23:06 | 005,230,592 | ---- | M] (DigiPortal Software, Inc.) -- C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMail.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/15 07:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011/02/15 07:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011/02/15 07:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011/02/15 07:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011/02/15 07:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011/02/15 07:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2010/07/27 00:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/19 18:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/03 21:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/04 16:24:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/02 04:32:02 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/11/10 11:51:28 | 000,520,040 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/11/10 02:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011/06/28 03:25:12 | 001,113,792 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/06/17 11:02:10 | 001,000,896 | ---- | M] (Cyber Power Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/07/16 07:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2010/07/16 07:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2010/07/14 05:00:00 | 000,032,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010/02/12 08:09:18 | 002,227,216 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe -- (GenericMount Helper Service)
SRV - [2009/09/21 21:19:22 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2007/10/02 12:23:26 | 002,482,176 | ---- | M] (DigiPortal Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe -- (svcChoiceMail)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/12/15 05:01:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/05 12:14:35 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/12/02 04:32:08 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/12/02 04:32:00 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011/12/02 04:31:58 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/12/02 04:31:48 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/11/30 15:23:16 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53)
DRV:64bit: - [2011/11/30 15:01:30 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2011/11/20 04:25:04 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/11/19 22:09:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/11/17 22:11:48 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/11/17 22:08:52 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/09/21 20:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2011/09/21 20:35:58 | 000,120,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symfw.sys -- (SYMFW)
DRV:64bit: - [2011/09/21 20:35:58 | 000,056,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2011/07/07 19:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/04/19 18:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/19 17:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 04:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 18:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/30 15:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 15:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/13 19:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/07/26 22:41:28 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/07/20 00:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 00:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/13 17:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/08 06:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/06/03 12:35:02 | 000,033,792 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/12 08:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2010/01/26 18:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AGERESoftModem)
DRV:64bit: - [2010/01/20 17:14:19 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/01/20 17:14:19 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/01/20 17:14:18 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/01/20 17:14:18 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2010/01/20 17:14:18 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/10/01 23:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2009/09/21 21:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009/09/21 21:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009/09/11 17:19:08 | 001,705,600 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 22:24:50 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 02:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2009/06/02 02:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2009/06/02 02:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/09/17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2008/01/19 20:45:40 | 000,045,104 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\v2imount.sys -- (v2imount)
DRV - [2012/04/27 20:18:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120503.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/03/31 10:44:42 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120503.035\EX64.SYS -- (NAVEX15)
DRV - [2012/03/31 10:44:42 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120503.035\ENG64.SYS -- (NAVENG)
DRV - [2012/02/03 05:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/03 05:00:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/26 20:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {1FDA5997-9F20-430E-A84D-ACFB9D00A316}
IE - HKCU\..\SearchScopes\{1FDA5997-9F20-430E-A84D-ACFB9D00A316}: "URL" = http://search.yahoo....rtPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/11/17 22:13:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/05/04 07:03:22 | 000,000,886 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 93.113.196.118 www.google.com
O1 - Hosts: 93.113.196.119 www.bing.com
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [ChoiceMail] C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMail.exe (DigiPortal Software, Inc.)
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClearHistory.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBF958F2-8A6A-4D16-856E-78A57CD80E54}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/04 16:59:06 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
[2012/05/04 09:25:42 | 000,077,408 | -HS- | C] (Ghisler Software GmbH) -- C:\Users\Luis\AppData\Local\dplaysvr.exe
[2012/05/02 17:17:50 | 000,000,000 | ---D | C] -- C:\Users\Luis\Desktop\05-02-12 hibachi grill my fam and jess and j
[2012/04/29 03:48:33 | 000,000,000 | ---D | C] -- C:\Users\Luis\Desktop\j's 1st bday
[2012/04/29 01:02:20 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\dvdcss
[2012/04/28 07:54:47 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\Publish Providers
[2012/04/28 07:54:47 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\NetMedia Providers
[2012/04/28 07:54:46 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\Sony
[2012/04/28 07:54:46 | 000,000,000 | ---D | C] -- C:\Users\Luis\Documents\ACID Pro 7.0 Projects
[2012/04/28 07:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012/04/28 07:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vstplugins
[2012/04/28 07:43:44 | 000,000,000 | ---D | C] -- C:\Users\Luis\Documents\Sony
[2012/04/28 07:21:08 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Local\Sony
[2012/04/28 07:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Setup
[2012/04/25 08:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/23 20:41:52 | 000,000,000 | ---D | C] -- C:\Users\Luis\Desktop\nelsitos home
[2012/04/17 18:51:34 | 000,000,000 | ---D | C] -- C:\Users\Luis\Desktop\pix
[2012/04/05 08:39:35 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Local\2K Games
[2011/11/19 22:09:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Luis\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/04 16:59:07 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
[2012/05/04 16:24:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/04 15:57:58 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 15:57:58 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 15:56:44 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/05/04 15:49:55 | 1059,934,206 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/04 11:24:22 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2012/05/04 10:20:19 | 366,770,176 | ---- | M] () -- C:\Users\Luis\Desktop\Disappeared.S04E26.Hard.Life.in.the.Big.Easy.HDTV.XviD-tNe.avi
[2012/05/04 09:37:10 | 000,014,442 | ---- | M] () -- C:\Users\Luis\Desktop\d2.torrent
[2012/05/04 09:36:49 | 000,014,450 | ---- | M] () -- C:\Users\Luis\Desktop\d1.torrent
[2012/05/04 07:03:31 | 000,077,408 | -HS- | M] (Ghisler Software GmbH) -- C:\Users\Luis\AppData\Local\dplaysvr.exe
[2012/05/04 07:03:28 | 000,046,688 | -HS- | M] () -- C:\Users\Luis\AppData\Local\dplayx.dll
[2012/05/03 18:44:30 | 000,000,258 | ---- | M] () -- C:\Users\Luis\Desktop\shut book share.url
[2012/05/03 18:42:12 | 000,000,208 | ---- | M] () -- C:\Users\Luis\Desktop\Yahoo!.url
[2012/05/03 16:48:04 | 000,000,869 | ---- | M] () -- C:\Windows\ULead32.ini
[2012/05/01 22:36:50 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Luis - Full System Scan.job
[2012/04/30 22:37:24 | 002,956,477 | ---- | M] () -- C:\Users\Luis\Desktop\jonathan walking 4-30-12.MOV
[2012/04/30 14:51:08 | 000,001,057 | ---- | M] () -- C:\Users\Luis\AppData\Roaming\vso_ts_preview.xml
[2012/04/29 18:53:48 | 002,949,558 | ---- | M] () -- C:\Users\Luis\Desktop\photo.JPG
[2012/04/29 17:42:54 | 000,088,336 | ---- | M] () -- C:\Users\Luis\Desktop\jonathan and me.jpg
[2012/04/29 12:03:35 | 000,000,273 | ---- | M] () -- C:\Users\Luis\Desktop\youtube j bday url.url
[2012/04/28 07:52:41 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/28 07:52:41 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/28 07:52:41 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/26 13:32:20 | 000,000,584 | ---- | M] () -- C:\Users\Luis\Desktop\locked up.url
[2012/04/24 22:34:54 | 000,039,004 | ---- | M] () -- C:\Users\Luis\Desktop\mom pop nelsito.jpg
[2012/04/24 22:30:47 | 000,048,163 | ---- | M] () -- C:\Users\Luis\Desktop\luis nelsito.jpg
[2012/04/06 10:35:43 | 000,000,978 | ---- | M] () -- C:\Users\Luis\Desktop\locked up (2).url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/04 09:39:07 | 366,770,176 | ---- | C] () -- C:\Users\Luis\Desktop\Disappeared.S04E26.Hard.Life.in.the.Big.Easy.HDTV.XviD-tNe.avi
[2012/05/04 09:37:10 | 000,014,442 | ---- | C] () -- C:\Users\Luis\Desktop\d2.torrent
[2012/05/04 09:36:48 | 000,014,450 | ---- | C] () -- C:\Users\Luis\Desktop\d1.torrent
[2012/05/04 09:25:42 | 000,046,688 | -HS- | C] () -- C:\Users\Luis\AppData\Local\dplayx.dll
[2012/05/03 18:42:12 | 000,000,208 | ---- | C] () -- C:\Users\Luis\Desktop\Yahoo!.url
[2012/04/30 22:37:24 | 002,956,477 | ---- | C] () -- C:\Users\Luis\Desktop\jonathan walking 4-30-12.MOV
[2012/04/29 18:51:05 | 002,949,558 | ---- | C] () -- C:\Users\Luis\Desktop\photo.JPG
[2012/04/29 18:18:27 | 000,088,336 | ---- | C] () -- C:\Users\Luis\Desktop\jonathan and me.jpg
[2012/04/29 07:09:04 | 000,000,273 | ---- | C] () -- C:\Users\Luis\Desktop\youtube j bday url.url
[2012/04/26 13:32:20 | 000,000,584 | ---- | C] () -- C:\Users\Luis\Desktop\locked up.url
[2012/04/24 22:34:54 | 000,039,004 | ---- | C] () -- C:\Users\Luis\Desktop\mom pop nelsito.jpg
[2012/04/24 22:30:47 | 000,048,163 | ---- | C] () -- C:\Users\Luis\Desktop\luis nelsito.jpg
[2012/04/12 07:17:05 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/06 10:35:43 | 000,000,978 | ---- | C] () -- C:\Users\Luis\Desktop\locked up (2).url
[2012/02/22 06:29:10 | 000,003,584 | ---- | C] () -- C:\Users\Luis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/18 23:26:32 | 000,002,115 | ---- | C] () -- C:\Users\Luis\AppData\Roaming\SAS7_000.DAT
[2011/12/07 11:26:16 | 000,001,057 | ---- | C] () -- C:\Users\Luis\AppData\Roaming\vso_ts_preview.xml
[2011/12/05 09:50:15 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/28 12:01:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/22 00:18:54 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/11/21 21:06:09 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/11/20 00:34:55 | 000,000,150 | ---- | C] () -- C:\Windows\Sierra.ini
[2011/11/19 22:09:58 | 000,007,859 | ---- | C] () -- C:\Users\Luis\AppData\Roaming\pcouffin.cat
[2011/11/19 22:09:58 | 000,001,167 | ---- | C] () -- C:\Users\Luis\AppData\Roaming\pcouffin.inf
[2011/11/19 20:53:18 | 000,000,869 | ---- | C] () -- C:\Windows\ULead32.ini
[2011/11/19 09:55:43 | 000,002,740 | ---- | C] () -- C:\Windows\DesktopOK.ini
[2011/11/18 19:40:22 | 000,005,560 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/11/18 11:38:34 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2011/11/18 09:29:04 | 000,005,005 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011/11/18 00:14:07 | 000,007,603 | ---- | C] () -- C:\Users\Luis\AppData\Local\Resmon.ResmonCfg
[2011/11/17 17:41:28 | 003,256,320 | ---- | C] () -- C:\Windows\SysWow64\camuhcat.exe
[2011/11/17 17:41:28 | 000,860,160 | ---- | C] () -- C:\Windows\SysWow64\capimvoc.dll
[2011/11/17 17:41:28 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ntefipx.dll
[2011/11/17 17:41:28 | 000,124,530 | ---- | C] () -- C:\Windows\SysWow64\setipreg32.dll
[2011/11/03 13:55:08 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/11/03 11:11:59 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2011/10/25 22:21:54 | 000,066,560 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo64.dll
[2011/10/25 22:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/25 22:21:40 | 000,066,560 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder64.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/25 21:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/10/25 21:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== LOP Check ==========

[2012/02/24 02:08:47 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Acronis
[2012/01/10 14:19:48 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Catalina Marketing Corp
[2012/04/28 13:35:50 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\DAEMON Tools Lite
[2011/12/07 03:39:47 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\DAEMON Tools Pro
[2011/11/26 20:14:04 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\EPSON
[2011/11/23 06:03:09 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\GetRightToGo
[2012/02/22 17:32:17 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Leadertech
[2012/04/28 07:54:47 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\NetMedia Providers
[2012/01/18 23:02:54 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Nuance
[2012/04/28 07:54:47 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Publish Providers
[2012/03/22 20:09:39 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Rovio
[2011/11/30 15:27:03 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Seagate
[2011/11/20 00:38:01 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Sierra
[2011/12/07 17:08:04 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Simple Star
[2012/01/07 19:04:27 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\SoftGrid Client
[2012/04/28 07:54:46 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Sony
[2011/12/04 19:14:29 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Splashtop Remote Client
[2011/12/05 09:51:02 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\TP
[2012/05/04 10:53:58 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\uTorrent
[2012/04/30 14:09:12 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Vso
[2011/11/20 03:24:06 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\WinAVI
[2012/01/07 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\WinISO Computing
[2012/04/18 00:10:31 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:F35A93AD
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:02A62A91
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9638A27E

< End of report >

Edited by louuu, 04 May 2012 - 05:08 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,786 posts
  • MVP
Got you. We are slow today so I have to post something quickly or someone else will grab it. I see the problem. Doesn't look too bad.

Ron
  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,786 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
O1 - Hosts: 93.113.196.118 www.google.com
O1 - Hosts: 93.113.196.119 www.bing.com
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClearHistory.cmd ()
[2012/05/04 09:25:42 | 000,077,408 | -HS- | C] (Ghisler Software GmbH) -- C:\Users\Luis\AppData\Local\dplaysvr.exe
[2012/05/04 07:03:31 | 000,077,408 | -HS- | M] (Ghisler Software GmbH) -- C:\Users\Luis\AppData\Local\dplaysvr.exe
[2012/05/04 07:03:28 | 000,046,688 | -HS- | M] () -- C:\Users\Luis\AppData\Local\dplayx.dll
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:F35A93AD
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:02A62A91
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9638A27E


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Users\Luis\AppData\Local\*.exe
C:\Users\Luis\AppData\Local\*.dll
    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box:

nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#4
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
thanks ron for helping me again. i did everything you asked and below are all the logs. ill wait for your reply.



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-04 19:36:00
-----------------------------
19:36:00.752 OS Version: Windows x64 6.1.7601 Service Pack 1
19:36:00.752 Number of processors: 8 586 0x2A07
19:36:00.752 ComputerName: LUIS UserName: Luis
19:36:02.612 Initialize success
19:37:32.400 AVAST engine defs: 12050401
19:37:39.130 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
19:37:39.130 Disk 0 Vendor: WDC_WD20 05.0 Size: 1907729MB BusType: 3
19:37:39.140 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
19:37:39.140 Disk 1 Vendor: ST330006 CC45 Size: 2861588MB BusType: 3
19:37:39.150 Disk 0 MBR read successfully
19:37:39.160 Disk 0 MBR scan
19:37:39.160 Disk 0 Windows 7 default MBR code
19:37:39.160 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1879723 MB offset 2048
19:37:39.190 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 28005 MB offset 3849674752
19:37:39.220 Disk 0 scanning C:\Windows\system32\drivers
19:37:44.530 Service scanning
19:38:00.650 Modules scanning
19:38:02.690 AVAST engine scan C:\Windows
19:38:06.150 AVAST engine scan C:\Windows\system32
19:39:25.220 AVAST engine scan C:\Windows\system32\drivers
19:39:33.180 AVAST engine scan C:\Users\Luis
19:42:07.940 Disk 0 MBR has been saved successfully to "C:\Users\Luis\Desktop\MBR.dat"
19:42:07.940 The log file has been saved successfully to "C:\Users\Luis\Desktop\aswMBR.txt"



ComboFix 12-05-04.03 - Luis 05/04/2012 19:45:22.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12270.10345 [GMT -4:00]
Running from: c:\users\Luis\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Luis\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))
.
.
2012-05-04 23:48 . 2012-05-04 23:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-04 23:48 . 2012-05-04 23:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-04 23:48 . 2012-05-04 23:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-04 23:29 . 2012-05-04 23:29 -------- d-----w- C:\_OTL
2012-04-29 05:02 . 2012-04-29 05:02 -------- d-----w- c:\users\Luis\AppData\Roaming\dvdcss
2012-04-28 11:54 . 2012-04-28 11:54 -------- d-----w- c:\users\Luis\AppData\Roaming\Publish Providers
2012-04-28 11:54 . 2012-04-28 11:54 -------- d-----w- c:\users\Luis\AppData\Roaming\NetMedia Providers
2012-04-28 11:54 . 2012-04-28 11:54 -------- d-----w- c:\users\Luis\AppData\Roaming\Sony
2012-04-28 11:43 . 2012-04-28 11:43 -------- d-----w- c:\program files (x86)\Vstplugins
2012-04-28 11:21 . 2012-04-28 11:54 -------- d-----w- c:\users\Luis\AppData\Local\Sony
2012-04-28 11:12 . 2012-04-28 11:12 -------- d-----w- c:\program files (x86)\Sony Setup
2012-04-14 03:24 . 2012-05-04 20:24 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-10 22:20 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 22:20 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-10 22:20 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-05 12:39 . 2012-04-05 12:39 -------- d-----w- c:\users\Luis\AppData\Local\2K Games
2012-04-05 12:31 . 2012-04-05 12:31 -------- d-----w- c:\windows\F9835182794B4F24902AE2CA9D43380F.TMP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 20:24 . 2012-04-01 21:27 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 20:24 . 2011-11-18 13:02 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2011-11-18 13:00 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 06:38 . 2012-03-13 20:25 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 20:25 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 20:25 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 20:25 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-13 20:26 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 20:26 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 02:43 . 2012-02-10 02:43 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-02-10 02:43 . 2012-02-10 02:43 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-02-10 02:43 . 2012-02-10 02:43 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 02:43 . 2012-02-10 02:43 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-02-10 02:43 . 2012-02-10 02:43 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 02:43 . 2012-02-10 02:43 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-10 02:43 . 2012-02-10 02:43 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-02-10 02:43 . 2012-02-10 02:43 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-02-10 02:43 . 2012-02-10 02:43 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-02-10 02:43 . 2012-02-10 02:43 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 02:43 . 2012-02-10 02:43 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 02:43 . 2012-02-10 02:43 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-02-10 02:43 . 2012-02-10 02:43 25541952 ----a-w- c:\windows\system32\nvoglv64.dll
2012-02-10 02:43 . 2012-02-10 02:43 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 02:43 . 2012-02-10 02:43 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-02-10 02:43 . 2012-02-10 02:43 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-02-10 02:43 . 2012-02-10 02:43 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-02-10 02:43 . 2012-02-10 02:43 19443520 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-02-10 02:43 . 2012-02-10 02:43 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-10 02:43 . 2012-02-10 02:43 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-02-10 02:43 . 2012-02-10 02:43 13624128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 02:43 . 2011-12-11 01:29 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-02-10 02:43 . 2011-12-11 01:29 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-10 02:43 . 2011-12-11 01:29 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-02-10 02:43 . 2011-12-11 01:29 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 02:43 . 2011-12-11 01:29 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-10 02:43 . 2011-12-11 01:29 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ChoiceMail"="c:\program files (x86)\DigiPortal Software\ChoiceMail\ChoiceMail.exe" [2007-10-02 5230592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 cpuz130;cpuz130;c:\users\Luis\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-02-12 2227216]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WISOVD;WISOVD;c:\program files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys [x]
R4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-03 457200]
R4 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-07-14 32240]
R4 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288]
R4 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-11-10 520040]
R4 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-11-10 370504]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [x]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120504.001\IDSvia64.sys [2012-04-28 488568]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-12-02 3246040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 117648]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
S2 svcChoiceMail;Choice Mail;c:\program files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe [2007-10-02 2482176]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 ALSysIO;ALSysIO;c:\users\Luis\AppData\Local\Temp\ALSysIO64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 138360]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [x]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2009-09-22 2963960]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-21 03:24 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:24]
.
2012-05-02 c:\windows\Tasks\Norton Internet Security - Luis - Full System Scan.job
- c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\Navw32.exe [2011-11-18 00:35]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-2K Games - c:\users\Luis\AppData\Local\Apps\2K Games\lxexf.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\Norton Ghost\Agent\VProSvc.exe
c:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
.
**************************************************************************
.
Completion time: 2012-05-04 19:52:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-04 23:52
.
Pre-Run: 1,500,212,424,704 bytes free
Post-Run: 1,502,361,956,352 bytes free
.
- - End Of File - - 5805B4567F72372807D5E9C136E73FFD



19:55:14.0326 4880 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
19:55:14.0376 4880 ============================================================
19:55:14.0376 4880 Current date / time: 2012/05/04 19:55:14.0376
19:55:14.0376 4880 SystemInfo:
19:55:14.0376 4880
19:55:14.0376 4880 OS Version: 6.1.7601 ServicePack: 1.0
19:55:14.0376 4880 Product type: Workstation
19:55:14.0376 4880 ComputerName: LUIS
19:55:14.0376 4880 UserName: Luis
19:55:14.0376 4880 Windows directory: C:\Windows
19:55:14.0376 4880 System windows directory: C:\Windows
19:55:14.0376 4880 Running under WOW64
19:55:14.0376 4880 Processor architecture: Intel x64
19:55:14.0376 4880 Number of processors: 8
19:55:14.0376 4880 Page size: 0x1000
19:55:14.0376 4880 Boot type: Normal boot
19:55:14.0376 4880 ============================================================
19:55:15.0066 4880 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:55:15.0066 4880 Drive \Device\Harddisk1\DR1 - Size: 0xBAA1476000 (746.52 Gb), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:55:15.0076 4880 ============================================================
19:55:15.0076 4880 \Device\Harddisk0\DR0:
19:55:15.0076 4880 MBR partitions:
19:55:15.0076 4880 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE5755800
19:55:15.0076 4880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE5756000, BlocksNum 0x36B2800
19:55:15.0076 4880 \Device\Harddisk1\DR1:
19:55:15.0076 4880 GPT partitions:
19:55:15.0076 4880 \Device\Harddisk1\DR1\Partition0: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {912CF2A5-049B-49AB-ABC8-69C24575BB7F}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
19:55:15.0076 4880 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {83D05185-E4EB-4A46-A4CC-C7018372C2C4}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C9800
19:55:15.0076 4880 MBR partitions:
19:55:15.0076 4880 ============================================================
19:55:15.0086 4880 C: <-> \Device\Harddisk0\DR0\Partition0
19:55:15.0116 4880 F: <-> \Device\Harddisk1\DR1\Partition1
19:55:15.0116 4880 ============================================================
19:55:15.0116 4880 Initialize success
19:55:15.0116 4880 ============================================================
19:56:31.0936 3688 ============================================================
19:56:31.0936 3688 Scan started
19:56:31.0936 3688 Mode: Manual; SigCheck; TDLFS;
19:56:31.0936 3688 ============================================================
19:56:32.0396 3688 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:56:32.0456 3688 1394ohci - ok
19:56:32.0536 3688 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 (a15069eec83ebc54150564b2585cfdba) C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
19:56:32.0576 3688 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
19:56:32.0606 3688 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:56:32.0626 3688 ACPI - ok
19:56:32.0656 3688 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:56:32.0686 3688 AcpiPmi - ok
19:56:32.0786 3688 AcrSch2Svc (a0f50c4d79d3fd3ca0664ea9959388de) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
19:56:32.0836 3688 AcrSch2Svc - ok
19:56:32.0896 3688 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:56:32.0906 3688 AdobeARMservice - ok
19:56:33.0006 3688 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:56:33.0016 3688 AdobeFlashPlayerUpdateSvc - ok
19:56:33.0146 3688 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:56:33.0166 3688 adp94xx - ok
19:56:33.0206 3688 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:56:33.0226 3688 adpahci - ok
19:56:33.0236 3688 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:56:33.0246 3688 adpu320 - ok
19:56:33.0306 3688 ADVService (7233688fc422ef657e082309e6180142) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
19:56:33.0316 3688 ADVService - ok
19:56:33.0336 3688 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:56:33.0416 3688 AeLookupSvc - ok
19:56:33.0446 3688 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
19:56:33.0456 3688 afcdp - ok
19:56:33.0596 3688 afcdpsrv (af44f7e027037628f1fac3c13cde73e6) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
19:56:33.0666 3688 afcdpsrv - ok
19:56:33.0756 3688 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:56:33.0796 3688 AFD - ok
19:56:33.0836 3688 AgereModemAudio (48008d4ea73c1058f36d323a644410d4) C:\Program Files\LSI SoftModem\agr64svc.exe
19:56:33.0846 3688 AgereModemAudio - ok
19:56:33.0926 3688 AGERESoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys
19:56:33.0986 3688 AGERESoftModem - ok
19:56:33.0996 3688 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:56:34.0006 3688 agp440 - ok
19:56:34.0016 3688 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:56:34.0046 3688 ALG - ok
19:56:34.0046 3688 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:56:34.0066 3688 aliide - ok
19:56:34.0106 3688 ALSysIO - ok
19:56:34.0146 3688 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
19:56:34.0186 3688 AMD External Events Utility - ok
19:56:34.0196 3688 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:56:34.0206 3688 amdide - ok
19:56:34.0206 3688 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:56:34.0226 3688 AmdK8 - ok
19:56:34.0536 3688 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
19:56:34.0716 3688 amdkmdag - ok
19:56:35.0056 3688 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
19:56:35.0106 3688 amdkmdap - ok
19:56:35.0126 3688 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:56:35.0146 3688 AmdPPM - ok
19:56:35.0156 3688 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:56:35.0176 3688 amdsata - ok
19:56:35.0186 3688 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:56:35.0206 3688 amdsbs - ok
19:56:35.0226 3688 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:56:35.0226 3688 amdxata - ok
19:56:35.0236 3688 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:56:35.0286 3688 AppID - ok
19:56:35.0296 3688 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:56:35.0336 3688 AppIDSvc - ok
19:56:35.0386 3688 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:56:35.0446 3688 Appinfo - ok
19:56:35.0476 3688 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:56:35.0486 3688 arc - ok
19:56:35.0496 3688 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:56:35.0506 3688 arcsas - ok
19:56:35.0526 3688 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:56:35.0576 3688 AsyncMac - ok
19:56:35.0736 3688 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:56:35.0746 3688 atapi - ok
19:56:35.0816 3688 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
19:56:35.0826 3688 AtiHDAudioService - ok
19:56:35.0856 3688 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:56:35.0916 3688 AudioEndpointBuilder - ok
19:56:35.0926 3688 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:56:35.0946 3688 AudioSrv - ok
19:56:36.0056 3688 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:56:36.0096 3688 AxInstSV - ok
19:56:36.0126 3688 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:56:36.0166 3688 b06bdrv - ok
19:56:36.0176 3688 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:56:36.0216 3688 b57nd60a - ok
19:56:36.0226 3688 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:56:36.0256 3688 BDESVC - ok
19:56:36.0266 3688 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:56:36.0316 3688 Beep - ok
19:56:36.0516 3688 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:56:36.0566 3688 BFE - ok
19:56:36.0616 3688 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys
19:56:36.0626 3688 BHDrvx64 - ok
19:56:36.0676 3688 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
19:56:36.0726 3688 BITS - ok
19:56:36.0746 3688 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:56:36.0756 3688 blbdrive - ok
19:56:36.0806 3688 BOT4Service (f4ba084cbde9b67c57bc7891c0225ea8) C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
19:56:36.0816 3688 BOT4Service - ok
19:56:36.0836 3688 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:56:36.0856 3688 bowser - ok
19:56:36.0866 3688 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:56:36.0876 3688 BrFiltLo - ok
19:56:36.0886 3688 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:56:36.0896 3688 BrFiltUp - ok
19:56:36.0916 3688 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:56:36.0936 3688 BridgeMP - ok
19:56:36.0956 3688 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:56:36.0986 3688 Browser - ok
19:56:36.0996 3688 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:56:37.0006 3688 Brserid - ok
19:56:37.0016 3688 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:56:37.0036 3688 BrSerWdm - ok
19:56:37.0036 3688 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:56:37.0046 3688 BrUsbMdm - ok
19:56:37.0046 3688 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:56:37.0056 3688 BrUsbSer - ok
19:56:37.0056 3688 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:56:37.0066 3688 BTHMODEM - ok
19:56:37.0096 3688 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
19:56:37.0136 3688 BTHPORT - ok
19:56:37.0146 3688 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:56:37.0196 3688 bthserv - ok
19:56:37.0216 3688 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
19:56:37.0216 3688 BTHUSB - ok
19:56:37.0246 3688 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
19:56:37.0256 3688 btwampfl - ok
19:56:37.0266 3688 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys
19:56:37.0276 3688 btwavdt - ok
19:56:37.0286 3688 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\drivers\btwrchid.sys
19:56:37.0286 3688 btwrchid - ok
19:56:37.0296 3688 catchme - ok
19:56:37.0356 3688 ccHP (a2e6ab452b9393ca8d11d28827e0e1a1) C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys
19:56:37.0376 3688 ccHP - ok
19:56:37.0386 3688 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:56:37.0416 3688 cdfs - ok
19:56:37.0426 3688 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:56:37.0436 3688 cdrom - ok
19:56:37.0446 3688 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:56:37.0476 3688 CertPropSvc - ok
19:56:37.0486 3688 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:56:37.0496 3688 circlass - ok
19:56:37.0516 3688 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:56:37.0526 3688 CLFS - ok
19:56:37.0556 3688 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:56:37.0566 3688 clr_optimization_v2.0.50727_32 - ok
19:56:37.0586 3688 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:56:37.0586 3688 clr_optimization_v2.0.50727_64 - ok
19:56:37.0636 3688 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:56:37.0646 3688 clr_optimization_v4.0.30319_32 - ok
19:56:37.0666 3688 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:56:37.0676 3688 clr_optimization_v4.0.30319_64 - ok
19:56:37.0676 3688 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:56:37.0686 3688 CmBatt - ok
19:56:37.0686 3688 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:56:37.0696 3688 cmdide - ok
19:56:37.0726 3688 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:56:37.0766 3688 CNG - ok
19:56:37.0776 3688 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:56:37.0776 3688 Compbatt - ok
19:56:37.0786 3688 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:56:37.0796 3688 CompositeBus - ok
19:56:37.0796 3688 COMSysApp - ok
19:56:37.0836 3688 cpuz130 - ok
19:56:37.0856 3688 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
19:56:37.0866 3688 cpuz135 - ok
19:56:37.0866 3688 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:56:37.0876 3688 crcdisk - ok
19:56:37.0886 3688 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:56:37.0926 3688 CryptSvc - ok
19:56:37.0956 3688 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:56:37.0996 3688 DcomLaunch - ok
19:56:38.0006 3688 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:56:38.0036 3688 defragsvc - ok
19:56:38.0046 3688 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:56:38.0076 3688 DfsC - ok
19:56:38.0096 3688 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:56:38.0126 3688 Dhcp - ok
19:56:38.0136 3688 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:56:38.0156 3688 discache - ok
19:56:38.0166 3688 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:56:38.0176 3688 Disk - ok
19:56:38.0196 3688 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:56:38.0226 3688 Dnscache - ok
19:56:38.0246 3688 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:56:38.0276 3688 dot3svc - ok
19:56:38.0296 3688 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:56:38.0316 3688 DPS - ok
19:56:38.0336 3688 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:56:38.0346 3688 drmkaud - ok
19:56:38.0376 3688 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:56:38.0396 3688 DXGKrnl - ok
19:56:38.0396 3688 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:56:38.0426 3688 EapHost - ok
19:56:38.0556 3688 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:56:38.0646 3688 ebdrv - ok
19:56:38.0686 3688 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:56:38.0706 3688 eeCtrl - ok
19:56:38.0816 3688 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:56:38.0826 3688 EFS - ok
19:56:38.0886 3688 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:56:38.0926 3688 ehRecvr - ok
19:56:38.0946 3688 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:56:38.0966 3688 ehSched - ok
19:56:39.0006 3688 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:56:39.0036 3688 elxstor - ok
19:56:39.0046 3688 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
19:56:39.0066 3688 ENTECH64 - ok
19:56:39.0116 3688 EPSON_PM_RPCV4_01 (000598eaa293d5139f3dbc68516f901e) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
19:56:39.0146 3688 EPSON_PM_RPCV4_01 - ok
19:56:39.0166 3688 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:56:39.0186 3688 EraserUtilRebootDrv - ok
19:56:39.0186 3688 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:56:39.0206 3688 ErrDev - ok
19:56:39.0236 3688 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:56:39.0266 3688 EventSystem - ok
19:56:39.0266 3688 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:56:39.0296 3688 exfat - ok
19:56:39.0316 3688 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:56:39.0356 3688 fastfat - ok
19:56:39.0396 3688 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:56:39.0436 3688 Fax - ok
19:56:39.0446 3688 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:56:39.0456 3688 fdc - ok
19:56:39.0466 3688 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:56:39.0506 3688 fdPHost - ok
19:56:39.0516 3688 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:56:39.0536 3688 FDResPub - ok
19:56:39.0556 3688 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:56:39.0566 3688 FileInfo - ok
19:56:39.0576 3688 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:56:39.0606 3688 Filetrace - ok
19:56:39.0606 3688 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:56:39.0616 3688 flpydisk - ok
19:56:39.0636 3688 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:56:39.0646 3688 FltMgr - ok
19:56:39.0696 3688 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:56:39.0736 3688 FontCache - ok
19:56:40.0006 3688 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:56:40.0026 3688 FontCache3.0.0.0 - ok
19:56:40.0056 3688 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:56:40.0076 3688 FsDepends - ok
19:56:40.0096 3688 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:56:40.0106 3688 Fs_Rec - ok
19:56:40.0126 3688 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:56:40.0146 3688 fvevol - ok
19:56:40.0146 3688 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:56:40.0166 3688 gagp30kx - ok
19:56:40.0196 3688 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:56:40.0206 3688 GEARAspiWDM - ok
19:56:40.0216 3688 GenericMount (9ba50351af95c9df28c8bcd382427d11) C:\Windows\system32\DRIVERS\GenericMount.sys
19:56:40.0226 3688 GenericMount - ok
19:56:40.0376 3688 GenericMount Helper Service (9573dc01b6baa0371ed4afbaebee4dcc) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe
19:56:40.0436 3688 GenericMount Helper Service - ok
19:56:40.0536 3688 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:56:40.0576 3688 gpsvc - ok
19:56:40.0676 3688 HCW85BDA (6d0f56d217545e2d0addbf301b35260f) C:\Windows\system32\drivers\HCW85BDA.sys
19:56:40.0736 3688 HCW85BDA - ok
19:56:40.0796 3688 hcw85cir (c3097ddf0618315438a660ce34cab4e6) C:\Windows\system32\drivers\hcw85cir3.sys
19:56:40.0816 3688 hcw85cir - ok
19:56:40.0826 3688 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:56:40.0856 3688 HDAudBus - ok
19:56:40.0856 3688 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:56:40.0866 3688 HidBatt - ok
19:56:40.0876 3688 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:56:40.0886 3688 HidBth - ok
19:56:40.0896 3688 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:56:40.0906 3688 HidIr - ok
19:56:40.0926 3688 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:56:40.0946 3688 hidserv - ok
19:56:40.0956 3688 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:56:40.0966 3688 HidUsb - ok
19:56:40.0976 3688 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:56:40.0996 3688 hkmsvc - ok
19:56:41.0026 3688 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:56:41.0046 3688 HomeGroupListener - ok
19:56:41.0066 3688 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:56:41.0076 3688 HomeGroupProvider - ok
19:56:41.0096 3688 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:56:41.0106 3688 HpSAMD - ok
19:56:41.0146 3688 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:56:41.0206 3688 HTTP - ok
19:56:41.0226 3688 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:56:41.0226 3688 hwpolicy - ok
19:56:41.0236 3688 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:56:41.0236 3688 i8042prt - ok
19:56:41.0276 3688 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
19:56:41.0296 3688 iaStor - ok
19:56:41.0366 3688 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:56:41.0376 3688 IAStorDataMgrSvc - ok
19:56:41.0406 3688 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:56:41.0436 3688 iaStorV - ok
19:56:41.0516 3688 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:56:41.0546 3688 idsvc - ok
19:56:41.0646 3688 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120504.001\IDSvia64.sys
19:56:41.0666 3688 IDSVia64 - ok
19:56:41.0766 3688 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:56:41.0776 3688 iirsp - ok
19:56:41.0826 3688 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:56:41.0866 3688 IKEEXT - ok
19:56:41.0886 3688 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
19:56:41.0906 3688 Impcd - ok
19:56:42.0046 3688 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
19:56:42.0076 3688 IntcAzAudAddService - ok
19:56:42.0146 3688 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:56:42.0166 3688 IntcDAud - ok
19:56:42.0176 3688 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:56:42.0186 3688 intelide - ok
19:56:42.0196 3688 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:56:42.0206 3688 intelppm - ok
19:56:42.0226 3688 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:56:42.0256 3688 IPBusEnum - ok
19:56:42.0266 3688 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:56:42.0286 3688 IpFilterDriver - ok
19:56:42.0306 3688 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:56:42.0336 3688 iphlpsvc - ok
19:56:42.0346 3688 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:56:42.0366 3688 IPMIDRV - ok
19:56:42.0376 3688 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:56:42.0396 3688 IPNAT - ok
19:56:42.0406 3688 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:56:42.0416 3688 IRENUM - ok
19:56:42.0416 3688 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:56:42.0426 3688 isapnp - ok
19:56:42.0436 3688 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:56:42.0446 3688 iScsiPrt - ok
19:56:42.0466 3688 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
19:56:42.0476 3688 k57nd60a - ok
19:56:42.0486 3688 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:56:42.0486 3688 kbdclass - ok
19:56:42.0496 3688 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:56:42.0506 3688 kbdhid - ok
19:56:42.0526 3688 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:56:42.0536 3688 KeyIso - ok
19:56:42.0546 3688 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:56:42.0546 3688 KSecDD - ok
19:56:42.0566 3688 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:56:42.0576 3688 KSecPkg - ok
19:56:42.0586 3688 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:56:42.0616 3688 ksthunk - ok
19:56:42.0636 3688 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:56:42.0666 3688 KtmRm - ok
19:56:42.0686 3688 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:56:42.0716 3688 LanmanServer - ok
19:56:42.0726 3688 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:56:42.0746 3688 LanmanWorkstation - ok
19:56:42.0966 3688 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
19:56:43.0036 3688 LiveUpdate - ok
19:56:43.0126 3688 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:56:43.0166 3688 lltdio - ok
19:56:43.0186 3688 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:56:43.0216 3688 lltdsvc - ok
19:56:43.0226 3688 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:56:43.0246 3688 lmhosts - ok
19:56:43.0256 3688 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:56:43.0266 3688 LSI_FC - ok
19:56:43.0266 3688 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:56:43.0276 3688 LSI_SAS - ok
19:56:43.0276 3688 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:56:43.0286 3688 LSI_SAS2 - ok
19:56:43.0286 3688 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:56:43.0296 3688 LSI_SCSI - ok
19:56:43.0306 3688 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:56:43.0336 3688 luafv - ok
19:56:43.0346 3688 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:56:43.0356 3688 Mcx2Svc - ok
19:56:43.0356 3688 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:56:43.0366 3688 megasas - ok
19:56:43.0376 3688 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:56:43.0386 3688 MegaSR - ok
19:56:43.0406 3688 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
19:56:43.0416 3688 MEIx64 - ok
19:56:43.0426 3688 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:56:43.0456 3688 MMCSS - ok
19:56:43.0466 3688 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:56:43.0496 3688 Modem - ok
19:56:43.0506 3688 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:56:43.0526 3688 monitor - ok
19:56:43.0526 3688 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:56:43.0536 3688 mouclass - ok
19:56:43.0556 3688 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:56:43.0556 3688 mouhid - ok
19:56:43.0576 3688 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:56:43.0576 3688 mountmgr - ok
19:56:43.0596 3688 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:56:43.0596 3688 mpio - ok
19:56:43.0616 3688 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:56:43.0636 3688 mpsdrv - ok
19:56:43.0666 3688 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:56:43.0716 3688 MpsSvc - ok
19:56:43.0716 3688 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:56:43.0736 3688 MRxDAV - ok
19:56:43.0756 3688 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:56:43.0766 3688 mrxsmb - ok
19:56:43.0796 3688 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:56:43.0816 3688 mrxsmb10 - ok
19:56:43.0826 3688 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:56:43.0836 3688 mrxsmb20 - ok
19:56:43.0856 3688 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:56:43.0856 3688 msahci - ok
19:56:43.0866 3688 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:56:43.0876 3688 msdsm - ok
19:56:43.0896 3688 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:56:43.0906 3688 MSDTC - ok
19:56:43.0916 3688 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:56:43.0936 3688 Msfs - ok
19:56:43.0946 3688 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:56:43.0966 3688 mshidkmdf - ok
19:56:43.0976 3688 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:56:43.0986 3688 msisadrv - ok
19:56:44.0006 3688 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:56:44.0036 3688 MSiSCSI - ok
19:56:44.0036 3688 msiserver - ok
19:56:44.0046 3688 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:56:44.0066 3688 MSKSSRV - ok
19:56:44.0066 3688 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:56:44.0096 3688 MSPCLOCK - ok
19:56:44.0106 3688 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:56:44.0126 3688 MSPQM - ok
19:56:44.0146 3688 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:56:44.0156 3688 MsRPC - ok
19:56:44.0166 3688 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:56:44.0176 3688 mssmbios - ok
19:56:44.0186 3688 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:56:44.0206 3688 MSTEE - ok
19:56:44.0216 3688 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:56:44.0226 3688 MTConfig - ok
19:56:44.0236 3688 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:56:44.0246 3688 Mup - ok
19:56:44.0276 3688 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:56:44.0336 3688 napagent - ok
19:56:44.0356 3688 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:56:44.0366 3688 NativeWifiP - ok
19:56:44.0486 3688 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120504.005\ENG64.SYS
19:56:44.0496 3688 NAVENG - ok
19:56:44.0586 3688 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120504.005\EX64.SYS
19:56:44.0626 3688 NAVEX15 - ok
19:56:44.0766 3688 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:56:44.0786 3688 NDIS - ok
19:56:44.0796 3688 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:56:44.0816 3688 NdisCap - ok
19:56:44.0826 3688 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:56:44.0846 3688 NdisTapi - ok
19:56:44.0856 3688 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:56:44.0876 3688 Ndisuio - ok
19:56:44.0886 3688 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:56:44.0916 3688 NdisWan - ok
19:56:44.0926 3688 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:56:44.0946 3688 NDProxy - ok
19:56:45.0046 3688 Nero BackItUp Scheduler 3 (6d4028d458eaaa1782099750790dc8c9) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
19:56:45.0076 3688 Nero BackItUp Scheduler 3 - ok
19:56:45.0096 3688 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:56:45.0146 3688 NetBIOS - ok
19:56:45.0166 3688 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:56:45.0186 3688 NetBT - ok
19:56:45.0206 3688 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:56:45.0206 3688 Netlogon - ok
19:56:45.0236 3688 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:56:45.0266 3688 Netman - ok
19:56:45.0296 3688 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:56:45.0336 3688 netprofm - ok
19:56:45.0376 3688 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:56:45.0376 3688 NetTcpPortSharing - ok
19:56:45.0386 3688 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:56:45.0386 3688 nfrd960 - ok
19:56:45.0406 3688 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:56:45.0436 3688 NlaSvc - ok
19:56:45.0496 3688 NMIndexingService (ff4d73b16ea3a32d34ceb3a7bc3c3773) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
19:56:45.0516 3688 NMIndexingService - ok
19:56:45.0746 3688 Norton Ghost (a1787754952a0b700e386dc7c5fa5726) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
19:56:45.0826 3688 Norton Ghost - ok
19:56:45.0886 3688 Norton Internet Security (64c89db40949fd0e7c8ff303676a91f1) C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
19:56:45.0896 3688 Norton Internet Security - ok
19:56:45.0976 3688 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:56:46.0016 3688 Npfs - ok
19:56:46.0026 3688 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:56:46.0056 3688 nsi - ok
19:56:46.0066 3688 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:56:46.0086 3688 nsiproxy - ok
19:56:46.0156 3688 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:56:46.0196 3688 Ntfs - ok
19:56:46.0236 3688 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:56:46.0266 3688 Null - ok
19:56:46.0286 3688 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:56:46.0316 3688 nusb3hub - ok
19:56:46.0336 3688 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:56:46.0356 3688 nusb3xhc - ok
19:56:46.0386 3688 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
19:56:46.0396 3688 NVHDA - ok
19:56:47.0216 3688 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:56:47.0346 3688 nvlddmkm - ok
19:56:47.0496 3688 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:56:47.0516 3688 nvraid - ok
19:56:47.0526 3688 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:56:47.0546 3688 nvstor - ok
19:56:47.0636 3688 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
19:56:47.0676 3688 nvsvc - ok
19:56:47.0786 3688 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:56:47.0826 3688 nvUpdatusService - ok
19:56:47.0856 3688 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:56:47.0866 3688 nv_agp - ok
19:56:47.0946 3688 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:56:47.0966 3688 odserv - ok
19:56:47.0976 3688 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:56:47.0996 3688 ohci1394 - ok
19:56:48.0036 3688 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:56:48.0046 3688 ose - ok
19:56:48.0076 3688 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:56:48.0106 3688 p2pimsvc - ok
19:56:48.0136 3688 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:56:48.0156 3688 p2psvc - ok
19:56:48.0166 3688 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:56:48.0186 3688 Parport - ok
19:56:48.0196 3688 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:56:48.0206 3688 partmgr - ok
19:56:48.0226 3688 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:56:48.0246 3688 PcaSvc - ok
19:56:48.0246 3688 PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - ok
19:56:48.0266 3688 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:56:48.0276 3688 pci - ok
19:56:48.0286 3688 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:56:48.0296 3688 pciide - ok
19:56:48.0316 3688 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:56:48.0326 3688 pcmcia - ok
19:56:48.0346 3688 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
19:56:48.0366 3688 pcouffin - ok
19:56:48.0386 3688 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:56:48.0396 3688 pcw - ok
19:56:48.0436 3688 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:56:48.0486 3688 PEAUTH - ok
19:56:48.0556 3688 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:56:48.0566 3688 PerfHost - ok
19:56:48.0656 3688 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:56:48.0716 3688 pla - ok
19:56:48.0746 3688 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:56:48.0766 3688 PlugPlay - ok
19:56:48.0846 3688 PMBDeviceInfoProvider (ae6c778717de2f6b0c0b5335036d3363) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
19:56:48.0866 3688 PMBDeviceInfoProvider - ok
19:56:48.0896 3688 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys
19:56:48.0906 3688 pmxdrv - ok
19:56:48.0926 3688 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:56:48.0956 3688 PNRPAutoReg - ok
19:56:48.0976 3688 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:56:48.0996 3688 PNRPsvc - ok
19:56:49.0026 3688 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:56:49.0076 3688 PolicyAgent - ok
19:56:49.0086 3688 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:56:49.0116 3688 Power - ok
19:56:49.0186 3688 ppped (7f2b5faafbdb55fb617e7d56f78c0a8a) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
19:56:49.0206 3688 ppped - ok
19:56:49.0226 3688 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:56:49.0246 3688 PptpMiniport - ok
19:56:49.0266 3688 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:56:49.0276 3688 Processor - ok
19:56:49.0296 3688 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:56:49.0316 3688 ProfSvc - ok
19:56:49.0336 3688 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:56:49.0346 3688 ProtectedStorage - ok
19:56:49.0366 3688 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:56:49.0386 3688 Psched - ok
19:56:49.0406 3688 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:56:49.0416 3688 PxHlpa64 - ok
19:56:49.0476 3688 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:56:49.0506 3688 ql2300 - ok
19:56:49.0556 3688 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:56:49.0576 3688 ql40xx - ok
19:56:49.0586 3688 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:56:49.0606 3688 QWAVE - ok
19:56:49.0616 3688 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:56:49.0626 3688 QWAVEdrv - ok
19:56:49.0636 3688 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:56:49.0656 3688 RasAcd - ok
19:56:49.0686 3688 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:56:49.0706 3688 RasAgileVpn - ok
19:56:49.0716 3688 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:56:49.0736 3688 RasAuto - ok
19:56:49.0736 3688 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:56:49.0756 3688 Rasl2tp - ok
19:56:49.0776 3688 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:56:49.0806 3688 RasMan - ok
19:56:49.0816 3688 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:56:49.0846 3688 RasPppoe - ok
19:56:49.0856 3688 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:56:49.0886 3688 RasSstp - ok
19:56:49.0906 3688 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:56:49.0926 3688 rdbss - ok
19:56:49.0936 3688 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:56:49.0946 3688 rdpbus - ok
19:56:49.0946 3688 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:56:49.0966 3688 RDPCDD - ok
19:56:49.0976 3688 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:56:49.0996 3688 RDPENCDD - ok
19:56:50.0006 3688 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:56:50.0026 3688 RDPREFMP - ok
19:56:50.0166 3688 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:56:50.0206 3688 RDPWD - ok
19:56:50.0236 3688 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:56:50.0246 3688 rdyboost - ok
19:56:50.0286 3688 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:56:50.0326 3688 RemoteAccess - ok
19:56:50.0356 3688 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:56:50.0396 3688 RemoteRegistry - ok
19:56:50.0526 3688 RoxMediaDB13 (053a0d66b1982d93a20062e4da40b29b) C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
19:56:50.0576 3688 RoxMediaDB13 - ok
19:56:50.0626 3688 RoxWatch12 (495c85b15470374a9499451893742ee6) C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
19:56:50.0636 3688 RoxWatch12 - ok
19:56:50.0716 3688 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:56:50.0776 3688 RpcEptMapper - ok
19:56:50.0806 3688 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:56:50.0816 3688 RpcLocator - ok
19:56:50.0846 3688 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
19:56:50.0886 3688 RpcSs - ok
19:56:51.0216 3688 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:56:51.0286 3688 rspndr - ok
19:56:51.0336 3688 RTCore64 (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
19:56:51.0346 3688 RTCore64 - ok
19:56:51.0376 3688 Sahdad64 (27db9153d259d632d15483deeab799ed) C:\Windows\system32\Drivers\Sahdad64.sys
19:56:51.0386 3688 Sahdad64 - ok
19:56:51.0406 3688 Saibad64 (f77849d909b90bcacfcf7295aecf299b) C:\Windows\system32\Drivers\Saibad64.sys
19:56:51.0416 3688 Saibad64 - ok
19:56:51.0426 3688 SaibVdAd64 (704d415290a568f68de20942dac23f7e) C:\Windows\system32\Drivers\SaibVdAd64.sys
19:56:51.0436 3688 SaibVdAd64 - ok
19:56:51.0466 3688 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:56:51.0476 3688 SamSs - ok
19:56:51.0486 3688 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:56:51.0496 3688 sbp2port - ok
19:56:51.0516 3688 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:56:51.0536 3688 SCardSvr - ok
19:56:51.0546 3688 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:56:51.0576 3688 scfilter - ok
19:56:51.0606 3688 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:56:51.0646 3688 Schedule - ok
19:56:51.0666 3688 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:56:51.0686 3688 SCPolicySvc - ok
19:56:51.0696 3688 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:56:51.0716 3688 SDRSVC - ok
19:56:51.0726 3688 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:56:51.0756 3688 secdrv - ok
19:56:51.0766 3688 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:56:51.0786 3688 seclogon - ok
19:56:51.0806 3688 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:56:51.0826 3688 SENS - ok
19:56:51.0836 3688 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:56:51.0846 3688 SensrSvc - ok
19:56:51.0846 3688 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
19:56:51.0866 3688 Serenum - ok
19:56:51.0866 3688 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:56:51.0876 3688 Serial - ok
19:56:51.0886 3688 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:56:51.0896 3688 sermouse - ok
19:56:51.0916 3688 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:56:51.0946 3688 SessionEnv - ok
19:56:51.0946 3688 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:56:51.0956 3688 sffdisk - ok
19:56:51.0956 3688 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:56:51.0966 3688 sffp_mmc - ok
19:56:51.0966 3688 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:56:51.0976 3688 sffp_sd - ok
19:56:51.0976 3688 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:56:51.0986 3688 sfloppy - ok
19:56:52.0026 3688 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:56:52.0046 3688 SharedAccess - ok
19:56:52.0076 3688 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:56:52.0116 3688 ShellHWDetection - ok
19:56:52.0116 3688 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:56:52.0126 3688 SiSRaid2 - ok
19:56:52.0126 3688 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:56:52.0136 3688 SiSRaid4 - ok
19:56:52.0136 3688 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:56:52.0156 3688 Smb - ok
19:56:52.0176 3688 snapman (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
19:56:52.0186 3688 snapman - ok
19:56:52.0196 3688 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:56:52.0206 3688 SNMPTRAP - ok
19:56:52.0276 3688 SplashtopRemoteService (00faa2a51f43c680ebf8dce8c666c9a3) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
19:56:52.0306 3688 SplashtopRemoteService - ok
19:56:52.0316 3688 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:56:52.0326 3688 spldr - ok
19:56:52.0356 3688 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:56:52.0376 3688 Spooler - ok
19:56:52.0596 3688 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:56:52.0686 3688 sppsvc - ok
19:56:52.0746 3688 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:56:52.0776 3688 sppuinotify - ok
19:56:52.0836 3688 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys
19:56:52.0846 3688 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb
19:56:52.0846 3688 sptd ( LockedFile.Multi.Generic ) - warning
19:56:52.0846 3688 sptd - detected LockedFile.Multi.Generic (1)
19:56:52.0906 3688 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS
19:56:52.0926 3688 SRTSP - ok
19:56:52.0936 3688 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS
19:56:52.0946 3688 SRTSPX - ok
19:56:52.0996 3688 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:56:53.0016 3688 srv - ok
19:56:53.0046 3688 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:56:53.0056 3688 srv2 - ok
19:56:53.0076 3688 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:56:53.0086 3688 srvnet - ok
19:56:53.0096 3688 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:56:53.0136 3688 SSDPSRV - ok
19:56:53.0146 3688 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:56:53.0166 3688 SstpSvc - ok
19:56:53.0226 3688 SSUService (16467d878ddd9d10f0e42cb81e0cf391) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
19:56:53.0246 3688 SSUService - ok
19:56:53.0256 3688 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:56:53.0266 3688 stexstor - ok
19:56:53.0316 3688 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:56:53.0346 3688 stisvc - ok
19:56:53.0476 3688 svcChoiceMail (58a07cc7bae8629ec345017f53f53d87) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe
19:56:53.0536 3688 svcChoiceMail ( UnsignedFile.Multi.Generic ) - warning
19:56:53.0536 3688 svcChoiceMail - detected UnsignedFile.Multi.Generic (1)
19:56:53.0596 3688 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:56:53.0606 3688 swenum - ok
19:56:53.0636 3688 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:56:53.0696 3688 swprv - ok
19:56:53.0696 3688 Symantec SymSnap VSS Provider - ok
19:56:53.0746 3688 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS
19:56:53.0766 3688 SymEFA - ok
19:56:53.0796 3688 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:56:53.0796 3688 SymEvent - ok
19:56:53.0836 3688 SYMFW (b4af6633ecd674b74bd4e80788299d2a) C:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS
19:56:53.0836 3688 SYMFW - ok
19:56:53.0856 3688 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
19:56:53.0866 3688 SymIM - ok
19:56:53.0876 3688 SYMNDISV (d451a05f7e7b9d1f9f8fb76b2a16d786) C:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS
19:56:53.0886 3688 SYMNDISV - ok
19:56:53.0916 3688 symsnap (2d9b2746f7dea46d1572b84a06311566) C:\Windows\system32\DRIVERS\symsnap.sys
19:56:53.0926 3688 symsnap - ok
19:56:54.0206 3688 SymSnapService (ea1a479651ca2e0409c29d586c91901d) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
19:56:54.0246 3688 SymSnapService - ok
19:56:54.0326 3688 SYMTDI (33b37cb0a74f1f4b78a665ece9184095) C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS
19:56:54.0336 3688 SYMTDI - ok
19:56:54.0486 3688 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:56:54.0546 3688 SysMain - ok
19:56:54.0576 3688 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:56:54.0596 3688 TabletInputService - ok
19:56:54.0606 3688 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:56:54.0636 3688 TapiSrv - ok
19:56:54.0646 3688 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:56:54.0666 3688 TBS - ok
19:56:54.0746 3688 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:56:54.0786 3688 Tcpip - ok
19:56:54.0906 3688 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:56:54.0936 3688 TCPIP6 - ok
19:56:54.0996 3688 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:56:55.0046 3688 tcpipreg - ok
19:56:55.0056 3688 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:56:55.0066 3688 TDPIPE - ok
19:56:55.0136 3688 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
19:56:55.0166 3688 tdrpman273 - ok
19:56:55.0186 3688 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:56:55.0196 3688 TDTCP - ok
19:56:55.0226 3688 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:56:55.0246 3688 tdx - ok
19:56:55.0256 3688 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
19:56:55.0266 3688 TermDD - ok
19:56:55.0296 3688 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:56:55.0326 3688 TermService - ok
19:56:55.0336 3688 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:56:55.0346 3688 Themes - ok
19:56:55.0356 3688 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:56:55.0386 3688 THREADORDER - ok
19:56:55.0406 3688 tifsfilter (3e24b7fe52bc455da8d6e2cc2b4ca23f) C:\Windows\system32\DRIVERS\tifsfilt.sys
19:56:55.0416 3688 tifsfilter - ok
19:56:55.0456 3688 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
19:56:55.0486 3688 timounter - ok
19:56:55.0496 3688 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:56:55.0526 3688 TrkWks - ok
19:56:55.0546 3688 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:56:55.0576 3688 TrustedInstaller - ok
19:56:55.0586 3688 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:56:55.0606 3688 tssecsrv - ok
19:56:55.0616 3688 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:56:55.0636 3688 TsUsbFlt - ok
19:56:55.0636 3688 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:56:55.0646 3688 TsUsbGD - ok
19:56:55.0656 3688 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:56:55.0686 3688 tunnel - ok
19:56:55.0686 3688 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:56:55.0696 3688 uagp35 - ok
19:56:55.0716 3688 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:56:55.0746 3688 udfs - ok
19:56:55.0756 3688 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:56:55.0766 3688 UI0Detect - ok
19:56:55.0776 3688 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:56:55.0776 3688 uliagpkx - ok
19:56:55.0786 3688 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:56:55.0806 3688 umbus - ok
19:56:55.0806 3688 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:56:55.0816 3688 UmPass - ok
19:56:55.0836 3688 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:56:55.0866 3688 upnphost - ok
19:56:55.0896 3688 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:56:55.0906 3688 usbaudio - ok
19:56:55.0926 3688 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
19:56:55.0946 3688 usbbus - ok
19:56:55.0966 3688 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:56:55.0986 3688 usbccgp - ok
19:56:55.0996 3688 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:56:56.0006 3688 usbcir - ok
19:56:56.0036 3688 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
19:56:56.0046 3688 UsbDiag - ok
19:56:56.0066 3688 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:56:56.0086 3688 usbehci - ok
19:56:56.0096 3688 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:56:56.0116 3688 usbhub - ok
19:56:56.0146 3688 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
19:56:56.0156 3688 USBModem - ok
19:56:56.0166 3688 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:56:56.0176 3688 usbohci - ok
19:56:56.0186 3688 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:56:56.0206 3688 usbprint - ok
19:56:56.0236 3688 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:56:56.0256 3688 usbscan - ok
19:56:56.0266 3688 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:56:56.0296 3688 USBSTOR - ok
19:56:56.0306 3688 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:56:56.0326 3688 usbuhci - ok
19:56:56.0336 3688 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:56:56.0396 3688 UxSms - ok
19:56:56.0436 3688 v2imount (39583837498d6430833b03b37bcb1eff) C:\Windows\system32\DRIVERS\v2imount.sys
19:56:56.0446 3688 v2imount - ok
19:56:56.0466 3688 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:56:56.0476 3688 VaultSvc - ok
19:56:56.0486 3688 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:56:56.0496 3688 vdrvroot - ok
19:56:56.0516 3688 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:56:56.0556 3688 vds - ok
19:56:56.0566 3688 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:56:56.0576 3688 vga - ok
19:56:56.0586 3688 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:56:56.0606 3688 VgaSave - ok
19:56:56.0626 3688 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:56:56.0636 3688 vhdmp - ok
19:56:56.0636 3688 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:56:56.0646 3688 viaide - ok
19:56:56.0676 3688 vidsflt53 (c69a784bec737cd7460ebf3c3834d65e) C:\Windows\system32\DRIVERS\vsflt53.sys
19:56:56.0686 3688 vidsflt53 - ok
19:56:56.0696 3688 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:56:56.0696 3688 volmgr - ok
19:56:56.0726 3688 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:56:56.0736 3688 volmgrx - ok
19:56:56.0746 3688 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:56:56.0756 3688 volsnap - ok
19:56:56.0776 3688 VProEventMonitor (8b7454930230db4bc4ba35a467be09aa) C:\Windows\system32\DRIVERS\vproeventmonitor.sys
19:56:56.0786 3688 VProEventMonitor - ok
19:56:56.0796 3688 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:56:56.0806 3688 vsmraid - ok
19:56:56.0876 3688 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:56:56.0946 3688 VSS - ok
19:56:57.0036 3688 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:56:57.0056 3688 vwifibus - ok
19:56:57.0156 3688 VX3000 (e13b31e0ada64cf1513d993f436ca39d) C:\Windows\system32\DRIVERS\VX3000.sys
19:56:57.0196 3688 VX3000 - ok
19:56:57.0246 3688 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:56:57.0296 3688 W32Time - ok
19:56:57.0306 3688 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:56:57.0306 3688 WacomPen - ok
19:56:57.0316 3688 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:56:57.0346 3688 WANARP - ok
19:56:57.0346 3688 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:56:57.0366 3688 Wanarpv6 - ok
19:56:57.0446 3688 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:56:57.0486 3688 WatAdminSvc - ok
19:56:57.0546 3688 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:56:57.0606 3688 wbengine - ok
19:56:57.0646 3688 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:56:57.0676 3688 WbioSrvc - ok
19:56:57.0706 3688 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:56:57.0746 3688 wcncsvc - ok
19:56:57.0756 3688 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:56:57.0776 3688 WcsPlugInService - ok
19:56:57.0776 3688 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:56:57.0786 3688 Wd - ok
19:56:57.0816 3688 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:56:57.0836 3688 Wdf01000 - ok
19:56:57.0856 3688 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:56:57.0906 3688 WdiServiceHost - ok
19:56:57.0906 3688 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:56:57.0926 3688 WdiSystemHost - ok
19:56:57.0946 3688 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:56:57.0966 3688 WebClient - ok
19:56:57.0986 3688 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:56:58.0016 3688 Wecsvc - ok
19:56:58.0026 3688 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:56:58.0046 3688 wercplsupport - ok
19:56:58.0056 3688 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:56:58.0086 3688 WerSvc - ok
19:56:58.0106 3688 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:56:58.0126 3688 WfpLwf - ok
19:56:58.0156 3688 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
19:56:58.0176 3688 WimFltr - ok
19:56:58.0186 3688 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:56:58.0196 3688 WIMMount - ok
19:56:58.0226 3688 WinDefend - ok
19:56:58.0226 3688 WinHttpAutoProxySvc - ok
19:56:58.0266 3688 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:56:58.0306 3688 Winmgmt - ok
19:56:58.0396 3688 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:56:58.0466 3688 WinRM - ok
19:56:58.0516 3688 WISOVD - ok
19:56:58.0606 3688 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:56:58.0646 3688 Wlansvc - ok
19:56:58.0656 3688 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:56:58.0666 3688 WmiAcpi - ok
19:56:58.0686 3688 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:56:58.0706 3688 wmiApSrv - ok
19:56:58.0706 3688 WMPNetworkSvc - ok
19:56:58.0726 3688 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:56:58.0736 3688 WPCSvc - ok
19:56:58.0746 3688 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:56:58.0756 3688 WPDBusEnum - ok
19:56:58.0756 3688 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:56:58.0786 3688 ws2ifsl - ok
19:56:58.0806 3688 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:56:58.0816 3688 wscsvc - ok
19:56:58.0816 3688 WSearch - ok
19:56:58.0926 3688 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:56:59.0006 3688 wuauserv - ok
19:56:59.0046 3688 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:56:59.0076 3688 WudfPf - ok
19:56:59.0086 3688 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:56:59.0116 3688 WUDFRd - ok
19:56:59.0126 3688 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:56:59.0146 3688 wudfsvc - ok
19:56:59.0156 3688 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:56:59.0186 3688 WwanSvc - ok
19:56:59.0196 3688 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:56:59.0266 3688 \Device\Harddisk0\DR0 - ok
19:56:59.0266 3688 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:56:59.0316 3688 \Device\Harddisk1\DR1 - ok
19:56:59.0316 3688 Boot (0x1200) (dcfe69086f81dea9a8b1baf90586c591) \Device\Harddisk0\DR0\Partition0
19:56:59.0336 3688 \Device\Harddisk0\DR0\Partition0 - ok
19:56:59.0356 3688 Boot (0x1200) (75fc6cb5eb1c6ce9421c617867b53cca) \Device\Harddisk0\DR0\Partition1
19:56:59.0356 3688 \Device\Harddisk0\DR0\Partition1 - ok
19:56:59.0366 3688 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk1\DR1\Partition0
19:56:59.0366 3688 \Device\Harddisk1\DR1\Partition0 - ok
19:56:59.0366 3688 Boot (0x1200) (6d4ffcef9d17b4c52f98b7dc23c0b9db) \Device\Harddisk1\DR1\Partition1
19:56:59.0366 3688 \Device\Harddisk1\DR1\Partition1 - ok
19:56:59.0366 3688 ============================================================
19:56:59.0366 3688 Scan finished
19:56:59.0366 3688 ============================================================
19:56:59.0376 4412 Detected object count: 2
19:56:59.0376 4412 Actual detected object count: 2
19:59:39.0004 4412 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:59:39.0004 4412 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:59:39.0004 4412 svcChoiceMail ( UnsignedFile.Multi.Generic ) - skipped by user
19:59:39.0004 4412 svcChoiceMail ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:00:10.0154 5136 Deinitialize success



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.04.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Luis :: LUIS [administrator]

5/4/2012 8:11:17 PM
mbam-log-2012-05-04 (20-11-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224306
Time elapsed: 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




OTL logfile created on: 5/4/2012 8:13:58 PM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Luis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.98 Gb Total Physical Memory | 10.14 Gb Available Physical Memory | 84.61% Memory free
41.28 Gb Paging File | 39.32 Gb Available in Paging File | 95.25% Paging File free
Paging file location(s): c:\pagefile.sys 30000 40000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1835.67 Gb Total Space | 1399.33 Gb Free Space | 76.23% Space Free | Partition Type: NTFS
Drive F: | 2794.39 Gb Total Space | 590.69 Gb Free Space | 21.14% Space Free | Partition Type: NTFS

Computer Name: LUIS | User Name: Luis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/04 19:28:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/02 04:32:02 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/06/17 11:02:10 | 001,000,896 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2011/02/15 07:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2010/03/03 20:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
PRC - [2010/03/03 20:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
PRC - [2007/10/02 12:23:26 | 002,482,176 | ---- | M] (DigiPortal Software, Inc.) -- C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/15 07:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011/02/15 07:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011/02/15 07:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011/02/15 07:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011/02/15 07:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011/02/15 07:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2010/07/27 00:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/19 18:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/03 21:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/04 16:24:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/02 04:32:02 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/11/10 11:51:28 | 000,520,040 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/11/10 02:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011/06/28 03:25:12 | 001,113,792 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/06/17 11:02:10 | 001,000,896 | ---- | M] (Cyber Power Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/07/16 07:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2010/07/16 07:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2010/07/14 05:00:00 | 000,032,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010/02/12 08:09:18 | 002,227,216 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe -- (GenericMount Helper Service)
SRV - [2009/09/21 21:19:22 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2007/10/02 12:23:26 | 002,482,176 | ---- | M] (DigiPortal Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe -- (svcChoiceMail)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/12/15 05:01:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/05 12:14:35 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/12/02 04:32:08 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/12/02 04:32:00 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011/12/02 04:31:58 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/12/02 04:31:48 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/11/30 15:23:16 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53)
DRV:64bit: - [2011/11/30 15:01:30 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2011/11/20 04:25:04 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/11/19 22:09:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/11/17 22:11:48 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/11/17 22:08:52 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/09/21 20:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2011/09/21 20:35:58 | 000,120,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symfw.sys -- (SYMFW)
DRV:64bit: - [2011/09/21 20:35:58 | 000,056,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2011/07/07 19:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/04/19 18:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/19 17:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 04:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 18:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/30 15:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 15:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/13 19:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/07/26 22:41:28 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/07/20 00:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 00:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/13 17:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/08 06:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/06/03 12:35:02 | 000,033,792 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/12 08:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2010/01/26 18:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AGERESoftModem)
DRV:64bit: - [2010/01/20 17:14:19 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/01/20 17:14:19 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/01/20 17:14:18 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/01/20 17:14:18 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2010/01/20 17:14:18 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/10/01 23:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2009/09/21 21:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009/09/21 21:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009/09/11 17:19:08 | 001,705,600 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 22:24:50 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 02:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2009/06/02 02:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2009/06/02 02:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/09/17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2008/01/19 20:45:40 | 000,045,104 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\v2imount.sys -- (v2imount)
DRV - [2012/04/27 20:18:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120504.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/03/31 10:44:42 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120504.005\EX64.SYS -- (NAVEX15)
DRV - [2012/03/31 10:44:42 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120504.005\ENG64.SYS -- (NAVENG)
DRV - [2012/02/03 05:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/03 05:00:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/26 20:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {1FDA5997-9F20-430E-A84D-ACFB9D00A316}
IE - HKCU\..\SearchScopes\{1FDA5997-9F20-430E-A84D-ACFB9D00A316}: "URL" = http://search.yahoo....rtPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/11/17 22:13:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/05/04 19:49:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [ChoiceMail] C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMail.exe (DigiPortal Software, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBF958F2-8A6A-4D16-856E-78A57CD80E54}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Unbox.lnk - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe - (Amazon.com)
MsConfig:64bit - StartUpFolder: C:^Users^Luis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RivaTuner.lnk - - File not found
MsConfig:64bit - StartUpReg: 2K Games - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
MsConfig:64bit - StartUpReg: CPMonitor - hkey= - key= - C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe ()
MsConfig:64bit - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Desktop Disc Tool - hkey= - key= - C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe ()
MsConfig:64bit - StartUpReg: DNS7reminder - hkey= - key= - C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: dplaysvr - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: eacdaabcbddct - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: EPSON Stylus CX3800 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIACA.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig:64bit - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig:64bit - StartUpReg: Microsoft Help - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig:64bit - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: PMBVolumeWatcher - hkey= - key= - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
MsConfig:64bit - StartUpReg: PowerPanel Personal Edition User Interaction - hkey= - key= - C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe (Cyber Power Systems, Inc.)
MsConfig:64bit - StartUpReg: RemoteControl9 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe (Sonic Solutions)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: SAOB Monitor - hkey= - key= - C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
MsConfig:64bit - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig:64bit - StartUpReg: VX3000 - hkey= - key= - C:\Windows\vVX3000.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: SymEFA.sys - C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys (Symantec Corporation)
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: SymEFA.sys - C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys (Symantec Corporation)
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/04 20:06:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/04 20:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/04 20:02:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/04 19:54:58 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Luis\Desktop\tdsskiller.exe
[2012/05/04 19:44:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/04 19:44:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/04 19:44:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/04 19:43:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/04 19:43:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/05/04 19:43:23 | 004,484,016 | R--- | C] (Swearware) -- C:\Users\Luis\Desktop\ComboFix.exe
[2012/05/04 19:35:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Luis\Desktop\aswMBR.exe
[2012/05/04 19:29:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/04 19:28:05 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
[2012/05/02 17:17:50 | 000,000,000 | ---D | C] -- C:\Users\Luis\Desktop\05-02-12 hibachi grill my fam and jess and j
[2012/04/29 03:48:33 | 000,000,000 | ---D | C] -- C:\Users\Luis\Desktop\j's 1st bday
[2012/04/29 01:02:20 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\dvdcss
[2012/04/28 07:54:47 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\Publish Providers
[2012/04/28 07:54:47 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\NetMedia Providers
[2012/04/28 07:54:46 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\Sony
[2012/04/28 07:54:46 | 000,000,000 | ---D | C] -- C:\Users\Luis\Documents\ACID Pro 7.0 Projects
[2012/04/28 07:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012/04/28 07:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vstplugins
[2012/04/28 07:43:44 | 000,000,000 | ---D | C] -- C:\Users\Luis\Documents\Sony
[2012/04/28 07:21:08 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Local\Sony
[2012/04/28 07:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Setup
[2012/04/23 20:41:52 | 000,000,000 | ---D | C] -- C:\Users\Luis\Desktop\nelsitos home
[2012/04/17 18:51:34 | 000,000,000 | ---D | C] -- C:\Users\Luis\Desktop\pix
[2012/04/13 23:24:24 | 008,769,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/10 18:20:59 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/10 18:20:59 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/10 18:20:59 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/10 18:19:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/10 18:19:28 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/10 18:19:27 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/10 18:19:22 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/10 18:19:22 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/10 18:19:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/10 18:19:22 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/10 18:19:22 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/10 18:19:22 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/10 18:19:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/05 08:39:35 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Local\2K Games
[2011/11/19 22:09:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Luis\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/04 20:09:24 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 20:09:24 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 20:04:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/05/04 20:01:54 | 1059,934,206 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/04 20:01:29 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2012/05/04 19:55:01 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Luis\Desktop\tdsskiller.exe
[2012/05/04 19:49:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/04 19:43:28 | 004,484,016 | R--- | M] (Swearware) -- C:\Users\Luis\Desktop\ComboFix.exe
[2012/05/04 19:42:07 | 000,000,512 | ---- | M] () -- C:\Users\Luis\Desktop\MBR.dat
[2012/05/04 19:35:19 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Luis\Desktop\aswMBR.exe
[2012/05/04 19:28:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
[2012/05/04 19:24:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/04 19:07:33 | 000,000,429 | ---- | M] () -- C:\Users\Luis\Desktop\trojans tracur, sefnit, maljava AND ghistler software dplayersvr all k - Geeks to Go Forums.url
[2012/05/04 17:43:23 | 000,000,335 | ---- | M] () -- C:\Users\Luis\Desktop\ron.url
[2012/05/04 16:24:16 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/04 16:24:16 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/04 16:24:10 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/04 10:20:19 | 366,770,176 | ---- | M] () -- C:\Users\Luis\Desktop\Disappeared.S04E26.Hard.Life.in.the.Big.Easy.HDTV.XviD-tNe.avi
[2012/05/04 09:37:10 | 000,014,442 | ---- | M] () -- C:\Users\Luis\Desktop\d2.torrent
[2012/05/04 09:36:49 | 000,014,450 | ---- | M] () -- C:\Users\Luis\Desktop\d1.torrent
[2012/05/03 18:44:30 | 000,000,258 | ---- | M] () -- C:\Users\Luis\Desktop\shut book share.url
[2012/05/03 18:42:12 | 000,000,208 | ---- | M] () -- C:\Users\Luis\Desktop\Yahoo!.url
[2012/05/03 16:48:04 | 000,000,869 | ---- | M] () -- C:\Windows\ULead32.ini
[2012/05/01 22:36:50 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Luis - Full System Scan.job
[2012/04/30 22:37:24 | 002,956,477 | ---- | M] () -- C:\Users\Luis\Desktop\jonathan walking 4-30-12.MOV
[2012/04/29 18:53:48 | 002,949,558 | ---- | M] () -- C:\Users\Luis\Desktop\photo.JPG
[2012/04/29 17:42:54 | 000,088,336 | ---- | M] () -- C:\Users\Luis\Desktop\jonathan and me.jpg
[2012/04/29 12:03:35 | 000,000,273 | ---- | M] () -- C:\Users\Luis\Desktop\youtube j bday url.url
[2012/04/28 07:52:41 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/28 07:52:41 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/28 07:52:41 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/26 13:32:20 | 000,000,584 | ---- | M] () -- C:\Users\Luis\Desktop\locked up.url
[2012/04/24 22:34:54 | 000,039,004 | ---- | M] () -- C:\Users\Luis\Desktop\mom pop nelsito.jpg
[2012/04/24 22:30:47 | 000,048,163 | ---- | M] () -- C:\Users\Luis\Desktop\luis nelsito.jpg
[2012/04/06 10:35:43 | 000,000,978 | ---- | M] () -- C:\Users\Luis\Desktop\locked up (2).url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/04 19:44:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/04 19:44:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/04 19:44:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/04 19:44:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/04 19:44:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/04 19:42:07 | 000,000,512 | ---- | C] () -- C:\Users\Luis\Desktop\MBR.dat
[2012/05/04 19:07:33 | 000,000,429 | ---- | C] () -- C:\Users\Luis\Desktop\trojans tracur, sefnit, maljava AND ghistler software dplayersvr all k - Geeks to Go Forums.url
[2012/05/04 17:40:57 | 000,000,335 | ---- | C] () -- C:\Users\Luis\Desktop\ron.url
[2012/05/04 09:39:07 | 366,770,176 | ---- | C] () -- C:\Users\Luis\Desktop\Disappeared.S04E26.Hard.Life.in.the.Big.Easy.HDTV.XviD-tNe.avi
[2012/05/04 09:37:10 | 000,014,442 | ---- | C] () -- C:\Users\Luis\Desktop\d2.torrent
[2012/05/04 09:36:48 | 000,014,450 | ---- | C] () -- C:\Users\Luis\Desktop\d1.torrent
[2012/05/03 18:42:12 | 000,000,208 | ---- | C] () -- C:\Users\Luis\Desktop\Yahoo!.url
[2012/04/30 22:37:24 | 002,956,477 | ---- | C] () -- C:\Users\Luis\Desktop\jonathan walking 4-30-12.MOV
[2012/04/29 18:51:05 | 002,949,558 | ---- | C] () -- C:\Users\Luis\Desktop\photo.JPG
[2012/04/29 18:18:27 | 000,088,336 | ---- | C] () -- C:\Users\Luis\Desktop\jonathan and me.jpg
[2012/04/29 07:09:04 | 000,000,273 | ---- | C] () -- C:\Users\Luis\Desktop\youtube j bday url.url
[2012/04/26 13:32:20 | 000,000,584 | ---- | C] () -- C:\Users\Luis\Desktop\locked up.url
[2012/04/24 22:34:54 | 000,039,004 | ---- | C] () -- C:\Users\Luis\Desktop\mom pop nelsito.jpg
[2012/04/24 22:30:47 | 000,048,163 | ---- | C] () -- C:\Users\Luis\Desktop\luis nelsito.jpg
[2012/04/12 07:17:05 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/06 10:35:43 | 000,000,978 | ---- | C] () -- C:\Users\Luis\Desktop\locked up (2).url
[2012/02/22 06:29:10 | 000,003,584 | ---- | C] () -- C:\Users\Luis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/18 23:26:32 | 000,002,115 | ---- | C] () -- C:\Users\Luis\AppData\Roaming\SAS7_000.DAT
[2011/12/05 09:50:15 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/28 12:01:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/22 00:18:54 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/11/21 21:06:09 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/11/20 00:34:55 | 000,000,150 | ---- | C] () -- C:\Windows\Sierra.ini
[2011/11/19 22:09:58 | 000,007,859 | ---- | C] () -- C:\Users\Luis\AppData\Roaming\pcouffin.cat
[2011/11/19 22:09:58 | 000,001,167 | ---- | C] () -- C:\Users\Luis\AppData\Roaming\pcouffin.inf
[2011/11/19 20:53:18 | 000,000,869 | ---- | C] () -- C:\Windows\ULead32.ini
[2011/11/19 09:55:43 | 000,002,740 | ---- | C] () -- C:\Windows\DesktopOK.ini
[2011/11/18 19:40:22 | 000,005,560 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/11/18 11:38:34 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2011/11/18 09:29:04 | 000,005,005 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011/11/18 00:14:07 | 000,007,603 | ---- | C] () -- C:\Users\Luis\AppData\Local\Resmon.ResmonCfg
[2011/11/17 17:41:28 | 003,256,320 | ---- | C] () -- C:\Windows\SysWow64\camuhcat.exe
[2011/11/17 17:41:28 | 000,860,160 | ---- | C] () -- C:\Windows\SysWow64\capimvoc.dll
[2011/11/17 17:41:28 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ntefipx.dll
[2011/11/17 17:41:28 | 000,124,530 | ---- | C] () -- C:\Windows\SysWow64\setipreg32.dll
[2011/11/03 13:55:08 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/11/03 11:11:59 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2011/10/25 22:21:54 | 000,066,560 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo64.dll
[2011/10/25 22:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/25 22:21:40 | 000,066,560 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder64.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/25 21:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/10/25 21:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/02/24 02:08:47 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Acronis
[2011/11/18 11:41:45 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Adobe
[2011/11/29 18:06:17 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\ATI
[2012/01/10 14:19:48 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Catalina Marketing Corp
[2012/03/08 21:28:04 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\CyberLink
[2012/04/28 13:35:50 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\DAEMON Tools Lite
[2011/12/07 03:39:47 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\DAEMON Tools Pro
[2012/04/29 01:02:20 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\dvdcss
[2011/11/26 20:14:04 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\EPSON
[2011/11/23 06:03:09 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\GetRightToGo
[2011/11/17 17:36:19 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Identities
[2012/02/23 11:52:35 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\InstallShield
[2012/02/23 11:55:47 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Intel Corporation
[2012/02/22 17:32:17 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Leadertech
[2011/11/18 09:02:38 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Macromedia
[2011/11/17 22:34:29 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Macrovision
[2011/11/18 09:00:25 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Malwarebytes
[2010/11/21 03:16:41 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Media Center Programs
[2012/01/07 19:16:09 | 000,000,000 | --SD | M] -- C:\Users\Luis\AppData\Roaming\Microsoft
[2011/11/21 21:20:08 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Nero
[2012/04/28 07:54:47 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\NetMedia Providers
[2012/01/18 23:02:54 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Nuance
[2012/01/30 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\NVIDIA
[2012/04/28 07:54:47 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Publish Providers
[2012/03/22 20:09:39 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Rovio
[2011/12/07 17:19:08 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Roxio
[2011/12/07 17:04:24 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Roxio Log Files
[2011/11/30 15:27:03 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Seagate
[2011/11/20 00:38:01 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Sierra
[2011/12/07 17:08:04 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Simple Star
[2012/02/15 22:55:10 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Skype
[2012/01/07 19:04:27 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\SoftGrid Client
[2012/04/28 07:54:46 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Sony
[2012/01/27 19:05:09 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Sony Corporation
[2011/12/04 19:14:29 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Splashtop Remote Client
[2011/11/18 11:51:04 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Symantec
[2011/12/05 09:51:02 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\TP
[2012/05/04 10:53:58 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\uTorrent
[2012/03/15 19:17:06 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\vlc
[2012/04/30 14:09:12 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Vso
[2011/11/20 03:24:06 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\WinAVI
[2012/01/07 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\WinISO Computing

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 23:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 23:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 23:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:02A62A91

< End of report >




OTL Extras logfile created on: 5/4/2012 8:13:58 PM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Luis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.98 Gb Total Physical Memory | 10.14 Gb Available Physical Memory | 84.61% Memory free
41.28 Gb Paging File | 39.32 Gb Available in Paging File | 95.25% Paging File free
Paging file location(s): c:\pagefile.sys 30000 40000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1835.67 Gb Total Space | 1399.33 Gb Free Space | 76.23% Space Free | Partition Type: NTFS
Drive F: | 2794.39 Gb Total Space | 590.69 Gb Free Space | 21.14% Space Free | Partition Type: NTFS

Computer Name: LUIS | User Name: Luis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0156D786-C863-4FBB-91C5-A9D24A4A9D57}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1ADA9387-AB09-442B-BE40-3440AC87BA4B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{242B9B25-BA60-491A-AF39-697829836223}" = lport=139 | protocol=6 | dir=in | app=system |
"{3A13F629-9DCF-4AE8-BB25-A2A74A6A2A00}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4219FA06-BA24-476E-ACF7-0448A923DE2B}" = lport=138 | protocol=17 | dir=in | app=system |
"{48D6D24C-3321-4DFF-8A57-E3B3FEDE174B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A07BD67-FC44-4098-93CA-8993E3C5B553}" = rport=138 | protocol=17 | dir=out | app=system |
"{5ED4AFAE-539C-4D60-8706-BA2828EA2DD9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F05F165-D746-4A49-8AA9-541F50983671}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F890841-207C-472E-AFE3-04B81DD1B22B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5FC23223-DC87-497F-81D5-E401E435874D}" = rport=137 | protocol=17 | dir=out | app=system |
"{6586D4CF-33EC-43A5-B49F-3913725F9008}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{662CF556-A695-48FB-B270-149C30E00B25}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{697A34A8-5F01-4E1B-93CA-E51B152D8701}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6A37F906-2129-4AE8-88F4-DDF5F4CF3E0F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{720D93A4-B9B0-4847-AEDA-5A9F358CC9ED}" = rport=139 | protocol=6 | dir=out | app=system |
"{7243EC02-4BAD-4578-B0CD-C1D4C24DC99F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{970A779C-734F-46D6-95A6-A4B84DC67471}" = rport=445 | protocol=6 | dir=out | app=system |
"{9BD50604-5AB4-41A7-9F50-58E28C6FEB9A}" = lport=137 | protocol=17 | dir=in | app=system |
"{A2875C83-B57C-45E3-AB2C-77E6844C4683}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA2BD37B-CA7C-4D84-87ED-3CA15A971356}" = lport=445 | protocol=6 | dir=in | app=system |
"{C7A42780-D579-4D91-ACD4-55D263424255}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D38642B2-865F-4093-9C89-27A5DF5071D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D40DC13F-80D5-473E-B5A2-FB9AA002C028}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DAD86B34-44AA-4460-AE40-A91E0FA22C1A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A324399-4A7B-422A-8971-F657406C5E11}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{103C19B9-C215-4991-9A06-04DAC8B7BCD1}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srlogin.exe |
"{11AE4BDB-6ECC-425C-9598-89FA8ACFCBC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{260A6627-AF39-45F0-8044-FEBFC25C08DB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2EA77D18-49F7-4DFC-97CC-65882F669544}" = protocol=58 | dir=in | [email protected],-28545 |
"{3A7A7641-EC59-409B-8E48-17AC0D12DE74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E30AB31-4336-4BEA-9BC1-FDF282FCA5F8}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srserver.exe |
"{4D8B3782-6D47-4531-AFD3-EB9292CFC7B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F2763F2-6F50-4C6B-A8FD-859FCD809340}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{53222DDB-5B27-4E91-B317-031D55A8EA02}" = protocol=6 | dir=out | app=system |
"{5B103353-8A41-4780-8507-CBA28B3A3F9C}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\dataproxy.exe |
"{671F1AD1-8D06-4811-AA99-2CC64F3E8D25}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E5CA76E-E6F8-47BF-B337-0B75C2311E7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{81B55D46-7E03-4448-9175-B45BB757C42C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{83359C42-F6E3-478A-8CE2-42EE5E273C81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89C23658-9EBE-4486-BED7-F6C2C2DF1FC9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{91646EC0-1ECB-4C9B-94C5-E6B80ED8FBC2}" = protocol=1 | dir=out | [email protected],-28544 |
"{9CD1A85A-3453-4980-897B-511811A51067}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A175C116-1C5C-457B-8E8B-0E4D03277388}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\prototype\prototypef.exe |
"{A877D60E-C65E-4352-B03B-E4E4427FD996}" = protocol=1 | dir=in | [email protected],-28543 |
"{A8A6F3B8-9FD6-41C6-A138-8A5DB62F319F}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\prototype\prototypef.exe |
"{ADCE5AF9-9F64-467A-9BCB-DA377E5FBB9B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF4616E4-962D-4D83-A9E5-6043D183EA47}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{CF0970C1-5870-4978-BDDE-B12776CA2F91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D845977F-03B5-4B08-AD53-D10E048584B7}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\inputserv.exe |
"{DB42D16E-0442-44E8-B69E-6C786611A7C0}" = protocol=58 | dir=out | [email protected],-28546 |
"{DD574D04-18E8-4A4A-811C-C9A3B6BDCCEE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{E0F6055E-4FCF-42A5-ADB7-F15B3A87D27E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E35564AA-C499-42E6-AAAC-5E91F589F2D1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{ED0C96A1-0AA1-49BF-9584-5AB46AF107E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F081DF7A-64B6-48B5-A620-9D4A682D7418}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F2B78576-6778-4188-B34C-7A5DBA1391F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FEFBA8BD-5EB2-49A5-BC78-E6E3EE081AB6}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srfeature.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"EPSON Printer and Utilities" = EPSON Printer Software
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{07A6B206-3F11-4D92-92A1-90E116ADD660}" = Angry Birds
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{2CAB55FA-A147-4215-81A6-E9A9038B7970}" = Plus Pack for Acronis True Image Home 2011
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3081E111-C2BC-40DE-ABB8-7B4B30C2F140}" = Splashtop Remote Client
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space
"{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}" = Roxio Creator 2011
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers x64
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{54F073B8-7E88-45FE-9648-61F77EC02E0D}" = Freedom Art Collection
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6984B5E1-721C-4F8E-BF5A-ED5F45D90EB6}" = CyberPower PowerPanel Personal Edition 1.3.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
"{72C4226B-BDDE-428C-B7E5-41D6FFAD885B}" = Roxio Creator 2011
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BAC9DAB-9118-4D13-8CF4-78812CC4755C}" = ACID Pro 7.0
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{937C423A-27B0-408C-878B-2A2677AFEEA4}" = Roxio Dell install Util
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}" = Nero 8
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A12CF335-1B84-4781-9735-44E39C6D3DD0}" = Roxio Creator 2011
"{A409B55C-DD9B-4157-86D7-FD6F4F0F2C1A}" = Angry Birds Rio
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9024A22-FB0E-4DDC-AB93-44D686F7F491}" = Roxio CinePlayer
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF094932-91E6-4EF8-8AB8-1C7226DFEECB}" = HCW85 Driver Installer
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C339CAC7-65FF-40F3-9D56-317BF20C8CFF}" = FaxTools eXPert
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F68DF664-1C34-48B2-BE8D-AF26F6CFFE90}" = Holiday Art Collection
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.0
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows Vista x64 Signed Files
"{FDC4C499-7B67-4A58-A30B-E1276C26BFEF}" = Angry Birds Seasons
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
"[email protected] KillDisk FREE Suite" = [email protected] KillDisk FREE Suite
"Afterburner" = MSI Afterburner 2.1.0
"ChoiceMail 4.2" = ChoiceMail 4.2
"CleanUp!" = CleanUp!
"EPSON Scanner" = EPSON Scan
"Fraps" = Fraps
"HijackThis" = HijackThis 2.0.2
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{3081E111-C2BC-40DE-ABB8-7B4B30C2F140}" = Splashtop Remote Client
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Lock my Folder" = Lock my Folder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"NIS" = Norton Internet Security
"Print Artist 2003" = Print Artist 2003
"Rage_is1" = Rage
"Roxio PhotoShow" = Roxio PhotoShow
"SpywareBlaster_is1" = SpywareBlaster 4.4
"STANDARDR" = Microsoft Office Standard 2007
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.7
"WinAVI All in One Converter" = WinAVI All in One Converter
"WinISO" = WinISO
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/23/2012 7:08:01 PM | Computer Name = Luis | Source = WinMgmt | ID = 10
Description =

Error - 2/23/2012 7:14:50 PM | Computer Name = Luis | Source = WinMgmt | ID = 10
Description =

Error - 2/24/2012 2:21:09 AM | Computer Name = Luis | Source = Application Error | ID = 1000
Description = Faulting application name: TrueImage.exe, version: 14.0.0.6868, time
stamp: 0x4e090454 Faulting module name: ti_managers.dll, version: 14.0.0.6868, time
stamp: 0x4e0902f5 Exception code: 0xc0000005 Fault offset: 0x0051500e Faulting process
id: 0xa30 Faulting application start time: 0x01ccf2b9bca7e691 Faulting application
path: C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe Faulting module
path: C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll Report
Id: bcfa3a1e-5eaf-11e1-8f2f-782bcba7829a

Error - 2/24/2012 6:02:14 AM | Computer Name = Luis | Source = Application Error | ID = 1000
Description = Faulting application name: TrueImage.exe, version: 14.0.0.6868, time
stamp: 0x4e090454 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x6e726574 Faulting process id: 0x1280 Faulting application
start time: 0x01ccf2d62c0f4570 Faulting application path: C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
Faulting
module path: unknown Report Id: 9fc97beb-5ece-11e1-8f2f-782bcba7829a

Error - 2/24/2012 5:45:27 PM | Computer Name = Luis | Source = WinMgmt | ID = 10
Description =

Error - 2/25/2012 8:53:05 AM | Computer Name = Luis | Source = WinMgmt | ID = 10
Description =

Error - 2/25/2012 9:49:41 PM | Computer Name = Luis | Source = WinMgmt | ID = 10
Description =

Error - 2/26/2012 5:23:45 PM | Computer Name = Luis | Source = WinMgmt | ID = 10
Description =

Error - 2/27/2012 9:10:31 AM | Computer Name = Luis | Source = WinMgmt | ID = 10
Description =

Error - 2/27/2012 5:10:25 PM | Computer Name = Luis | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/4/2012 7:50:39 PM | Computer Name = Luis | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Amazon
Unbox Video Service service to connect.

Error - 5/4/2012 7:51:24 PM | Computer Name = Luis | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 5/4/2012 7:51:26 PM | Computer Name = Luis | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 5/4/2012 7:51:27 PM | Computer Name = Luis | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 5/4/2012 7:51:28 PM | Computer Name = Luis | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 5/4/2012 8:01:19 PM | Computer Name = Luis | Source = DCOM | ID = 10010
Description =

Error - 5/4/2012 8:02:43 PM | Computer Name = Luis | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 5/4/2012 8:02:44 PM | Computer Name = Luis | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 5/4/2012 8:02:45 PM | Computer Name = Luis | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 5/4/2012 8:02:46 PM | Computer Name = Luis | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >




Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/05/2012 8:40:51 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/05/2012 12:25:04 AM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: [email protected]

Log: 'System' Date/Time: 05/05/2012 12:25:02 AM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: [email protected]

Log: 'System' Date/Time: 05/05/2012 12:25:01 AM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: [email protected]

Log: 'System' Date/Time: 05/05/2012 12:25:00 AM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: [email protected]

Log: 'System' Date/Time: 05/05/2012 12:23:46 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/05/2012 12:24:42 AM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Choice Mail service. The Service Control Manager launched process 2680 and process 2700 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.





Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/05/2012 8:41:44 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/05/2012 12:26:18 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,786 posts
  • MVP
Only thing left that I can see is

MsConfig:64bit - StartUpReg: dplaysvr - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: eacdaabcbddct - hkey= - key= - File not found

You have turned them off in msconfig so it's harder to remove them. Normally Combofix would have removed them even in msconfig but perhaps because it's a 64 bit system it can't get to them. If you go back into msconfig and turn them on and reboot then run OTL quickscan we can probably see where they are and remove them. They are not active so you can just leave them if you want.

Is Norton still complaining?
  • 0

#6
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
hi again ron. yes, i definitely want to remove them. i rechecked them via msconfig and rebooted. then i ran otl as you requested. heres the log. as far as norton, ive had it off all this time because i cant use otl when norton is on. it removes it, so i have to leave norton off while we do this work. ill wait to hear back from you, thank you.

OTL logfile created on: 5/4/2012 9:51:50 PM - Run 3
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Luis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.98 Gb Total Physical Memory | 10.25 Gb Available Physical Memory | 85.57% Memory free
41.28 Gb Paging File | 39.35 Gb Available in Paging File | 95.34% Paging File free
Paging file location(s): c:\pagefile.sys 30000 40000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1835.67 Gb Total Space | 1398.86 Gb Free Space | 76.20% Space Free | Partition Type: NTFS
Drive F: | 2794.39 Gb Total Space | 590.69 Gb Free Space | 21.14% Space Free | Partition Type: NTFS

Computer Name: LUIS | User Name: Luis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/04 19:28:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/02 04:32:02 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/06/17 11:02:10 | 001,000,896 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2011/02/15 07:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2010/03/03 20:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
PRC - [2010/03/03 20:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
PRC - [2007/10/02 12:23:26 | 002,482,176 | ---- | M] (DigiPortal Software, Inc.) -- C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe
PRC - [2007/10/02 12:23:06 | 005,230,592 | ---- | M] (DigiPortal Software, Inc.) -- C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMail.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/15 07:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011/02/15 07:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011/02/15 07:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011/02/15 07:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011/02/15 07:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011/02/15 07:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2010/07/27 00:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/19 18:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/03 21:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/04 16:24:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/02 04:32:02 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/11/10 11:51:28 | 000,520,040 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/11/10 02:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011/06/28 03:25:12 | 001,113,792 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/06/17 11:02:10 | 001,000,896 | ---- | M] (Cyber Power Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/07/16 07:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2010/07/16 07:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2010/07/14 05:00:00 | 000,032,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010/02/12 08:09:18 | 002,227,216 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe -- (GenericMount Helper Service)
SRV - [2009/09/21 21:19:22 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2007/10/02 12:23:26 | 002,482,176 | ---- | M] (DigiPortal Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe -- (svcChoiceMail)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/12/15 05:01:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/05 12:14:35 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/12/02 04:32:08 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/12/02 04:32:00 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011/12/02 04:31:58 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/12/02 04:31:48 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/11/30 15:23:16 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53)
DRV:64bit: - [2011/11/30 15:01:30 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2011/11/20 04:25:04 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/11/19 22:09:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/11/17 22:11:48 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/11/17 22:08:52 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/09/21 20:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2011/09/21 20:35:58 | 000,120,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symfw.sys -- (SYMFW)
DRV:64bit: - [2011/09/21 20:35:58 | 000,056,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2011/07/07 19:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/04/19 18:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/19 17:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 04:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 18:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/30 15:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 15:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/13 19:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/07/26 22:41:28 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/07/20 00:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 00:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/13 17:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/08 06:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/06/03 12:35:02 | 000,033,792 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/12 08:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2010/01/26 18:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AGERESoftModem)
DRV:64bit: - [2010/01/20 17:14:19 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/01/20 17:14:19 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/01/20 17:14:18 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/01/20 17:14:18 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2010/01/20 17:14:18 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/10/01 23:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2009/09/21 21:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009/09/21 21:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009/09/11 17:19:08 | 001,705,600 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 22:24:50 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 02:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2009/06/02 02:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2009/06/02 02:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/09/17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2008/01/19 20:45:40 | 000,045,104 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\v2imount.sys -- (v2imount)
DRV - [2012/04/27 20:18:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120504.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/03/31 10:44:42 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120504.019\EX64.SYS -- (NAVEX15)
DRV - [2012/03/31 10:44:42 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120504.019\ENG64.SYS -- (NAVENG)
DRV - [2012/02/03 05:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/03 05:00:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/26 20:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {1FDA5997-9F20-430E-A84D-ACFB9D00A316}
IE - HKCU\..\SearchScopes\{1FDA5997-9F20-430E-A84D-ACFB9D00A316}: "URL" = http://search.yahoo....rtPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/11/17 22:13:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/05/04 19:49:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [2K Games] rundll32.exe "C:\Users\Luis\AppData\Local\Apps\2K Games\lxexf.dll",DllRegisterServer File not found
O4 - HKCU..\Run: [ChoiceMail] C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMail.exe (DigiPortal Software, Inc.)
O4 - HKCU..\Run: [dplaysvr] C:\Users\Luis\AppData\Local\dplaysvr.exe File not found
O4 - HKCU..\Run: [eacdaabcbddct] "C:\ProgramData\eacdaabcbddct.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBF958F2-8A6A-4D16-856E-78A57CD80E54}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/04 20:06:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/04 20:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/04 20:02:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/04 19:54:58 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Luis\Desktop\tdsskiller.exe
[2012/05/04 19:44:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/04 19:44:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/04 19:44:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/04 19:43:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/04 19:43:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/05/04 19:43:23 | 004,484,016 | R--- | C] (Swearware) -- C:\Users\Luis\Desktop\ComboFix.exe
[2012/05/04 19:35:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Luis\Desktop\aswMBR.exe
[2012/05/04 19:29:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/04 19:28:05 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
[2012/05/02 17:17:50 | 000,000,000 | ---D | C] -- C:\Users\Luis\Desktop\05-02-12 hibachi grill my fam and jess and j
[2012/04/29 03:48:33 | 000,000,000 | ---D | C] -- C:\Users\Luis\Desktop\j's 1st bday
[2012/04/29 01:02:20 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\dvdcss
[2012/04/28 07:54:47 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\Publish Providers
[2012/04/28 07:54:47 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\NetMedia Providers
[2012/04/28 07:54:46 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\Sony
[2012/04/28 07:54:46 | 000,000,000 | ---D | C] -- C:\Users\Luis\Documents\ACID Pro 7.0 Projects
[2012/04/28 07:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012/04/28 07:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vstplugins
[2012/04/28 07:43:44 | 000,000,000 | ---D | C] -- C:\Users\Luis\Documents\Sony
[2012/04/28 07:21:08 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Local\Sony
[2012/04/28 07:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Setup
[2012/04/23 20:41:52 | 000,000,000 | ---D | C] -- C:\Users\Luis\Desktop\nelsitos home
[2012/04/17 18:51:34 | 000,000,000 | ---D | C] -- C:\Users\Luis\Desktop\pix
[2012/04/05 08:39:35 | 000,000,000 | ---D | C] -- C:\Users\Luis\AppData\Local\2K Games
[2011/11/19 22:09:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Luis\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/04 21:48:28 | 1059,934,206 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/04 21:47:55 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2012/05/04 21:29:10 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/05/04 21:26:35 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 21:26:35 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 21:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/04 20:39:33 | 000,061,440 | ---- | M] ( ) -- C:\Users\Luis\Desktop\VEW.exe
[2012/05/04 19:55:01 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Luis\Desktop\tdsskiller.exe
[2012/05/04 19:49:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/04 19:43:28 | 004,484,016 | R--- | M] (Swearware) -- C:\Users\Luis\Desktop\ComboFix.exe
[2012/05/04 19:42:07 | 000,000,512 | ---- | M] () -- C:\Users\Luis\Desktop\MBR.dat
[2012/05/04 19:35:19 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Luis\Desktop\aswMBR.exe
[2012/05/04 19:28:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
[2012/05/04 19:07:33 | 000,000,429 | ---- | M] () -- C:\Users\Luis\Desktop\trojans tracur, sefnit, maljava AND ghistler software dplayersvr all k - Geeks to Go Forums.url
[2012/05/04 17:43:23 | 000,000,335 | ---- | M] () -- C:\Users\Luis\Desktop\ron.url
[2012/05/04 10:20:19 | 366,770,176 | ---- | M] () -- C:\Users\Luis\Desktop\Disappeared.S04E26.Hard.Life.in.the.Big.Easy.HDTV.XviD-tNe.avi
[2012/05/04 09:37:10 | 000,014,442 | ---- | M] () -- C:\Users\Luis\Desktop\d2.torrent
[2012/05/04 09:36:49 | 000,014,450 | ---- | M] () -- C:\Users\Luis\Desktop\d1.torrent
[2012/05/03 18:44:30 | 000,000,258 | ---- | M] () -- C:\Users\Luis\Desktop\shut book share.url
[2012/05/03 18:42:12 | 000,000,208 | ---- | M] () -- C:\Users\Luis\Desktop\Yahoo!.url
[2012/05/03 16:48:04 | 000,000,869 | ---- | M] () -- C:\Windows\ULead32.ini
[2012/05/01 22:36:50 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Luis - Full System Scan.job
[2012/04/30 22:37:24 | 002,956,477 | ---- | M] () -- C:\Users\Luis\Desktop\jonathan walking 4-30-12.MOV
[2012/04/29 18:53:48 | 002,949,558 | ---- | M] () -- C:\Users\Luis\Desktop\photo.JPG
[2012/04/29 17:42:54 | 000,088,336 | ---- | M] () -- C:\Users\Luis\Desktop\jonathan and me.jpg
[2012/04/29 12:03:35 | 000,000,273 | ---- | M] () -- C:\Users\Luis\Desktop\youtube j bday url.url
[2012/04/28 07:52:41 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/28 07:52:41 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/28 07:52:41 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/26 13:32:20 | 000,000,584 | ---- | M] () -- C:\Users\Luis\Desktop\locked up.url
[2012/04/24 22:34:54 | 000,039,004 | ---- | M] () -- C:\Users\Luis\Desktop\mom pop nelsito.jpg
[2012/04/24 22:30:47 | 000,048,163 | ---- | M] () -- C:\Users\Luis\Desktop\luis nelsito.jpg
[2012/04/06 10:35:43 | 000,000,978 | ---- | M] () -- C:\Users\Luis\Desktop\locked up (2).url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/04 20:39:33 | 000,061,440 | ---- | C] ( ) -- C:\Users\Luis\Desktop\VEW.exe
[2012/05/04 19:44:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/04 19:44:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/04 19:44:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/04 19:44:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/04 19:44:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/04 19:42:07 | 000,000,512 | ---- | C] () -- C:\Users\Luis\Desktop\MBR.dat
[2012/05/04 19:07:33 | 000,000,429 | ---- | C] () -- C:\Users\Luis\Desktop\trojans tracur, sefnit, maljava AND ghistler software dplayersvr all k - Geeks to Go Forums.url
[2012/05/04 17:40:57 | 000,000,335 | ---- | C] () -- C:\Users\Luis\Desktop\ron.url
[2012/05/04 09:39:07 | 366,770,176 | ---- | C] () -- C:\Users\Luis\Desktop\Disappeared.S04E26.Hard.Life.in.the.Big.Easy.HDTV.XviD-tNe.avi
[2012/05/04 09:37:10 | 000,014,442 | ---- | C] () -- C:\Users\Luis\Desktop\d2.torrent
[2012/05/04 09:36:48 | 000,014,450 | ---- | C] () -- C:\Users\Luis\Desktop\d1.torrent
[2012/05/03 18:42:12 | 000,000,208 | ---- | C] () -- C:\Users\Luis\Desktop\Yahoo!.url
[2012/04/30 22:37:24 | 002,956,477 | ---- | C] () -- C:\Users\Luis\Desktop\jonathan walking 4-30-12.MOV
[2012/04/29 18:51:05 | 002,949,558 | ---- | C] () -- C:\Users\Luis\Desktop\photo.JPG
[2012/04/29 18:18:27 | 000,088,336 | ---- | C] () -- C:\Users\Luis\Desktop\jonathan and me.jpg
[2012/04/29 07:09:04 | 000,000,273 | ---- | C] () -- C:\Users\Luis\Desktop\youtube j bday url.url
[2012/04/26 13:32:20 | 000,000,584 | ---- | C] () -- C:\Users\Luis\Desktop\locked up.url
[2012/04/24 22:34:54 | 000,039,004 | ---- | C] () -- C:\Users\Luis\Desktop\mom pop nelsito.jpg
[2012/04/24 22:30:47 | 000,048,163 | ---- | C] () -- C:\Users\Luis\Desktop\luis nelsito.jpg
[2012/04/12 07:17:05 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/06 10:35:43 | 000,000,978 | ---- | C] () -- C:\Users\Luis\Desktop\locked up (2).url
[2012/02/22 06:29:10 | 000,003,584 | ---- | C] () -- C:\Users\Luis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/18 23:26:32 | 000,002,115 | ---- | C] () -- C:\Users\Luis\AppData\Roaming\SAS7_000.DAT
[2011/12/05 09:50:15 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/28 12:01:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/22 00:18:54 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/11/21 21:06:09 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/11/20 00:34:55 | 000,000,150 | ---- | C] () -- C:\Windows\Sierra.ini
[2011/11/19 22:09:58 | 000,007,859 | ---- | C] () -- C:\Users\Luis\AppData\Roaming\pcouffin.cat
[2011/11/19 22:09:58 | 000,001,167 | ---- | C] () -- C:\Users\Luis\AppData\Roaming\pcouffin.inf
[2011/11/19 20:53:18 | 000,000,869 | ---- | C] () -- C:\Windows\ULead32.ini
[2011/11/19 09:55:43 | 000,002,740 | ---- | C] () -- C:\Windows\DesktopOK.ini
[2011/11/18 19:40:22 | 000,005,560 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/11/18 11:38:34 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2011/11/18 09:29:04 | 000,005,005 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011/11/18 00:14:07 | 000,007,603 | ---- | C] () -- C:\Users\Luis\AppData\Local\Resmon.ResmonCfg
[2011/11/17 17:41:28 | 003,256,320 | ---- | C] () -- C:\Windows\SysWow64\camuhcat.exe
[2011/11/17 17:41:28 | 000,860,160 | ---- | C] () -- C:\Windows\SysWow64\capimvoc.dll
[2011/11/17 17:41:28 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ntefipx.dll
[2011/11/17 17:41:28 | 000,124,530 | ---- | C] () -- C:\Windows\SysWow64\setipreg32.dll
[2011/11/03 13:55:08 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/11/03 11:11:59 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2011/10/25 22:21:54 | 000,066,560 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo64.dll
[2011/10/25 22:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/25 22:21:40 | 000,066,560 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder64.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/25 21:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/10/25 21:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== LOP Check ==========

[2012/02/24 02:08:47 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Acronis
[2012/01/10 14:19:48 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Catalina Marketing Corp
[2012/04/28 13:35:50 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\DAEMON Tools Lite
[2011/12/07 03:39:47 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\DAEMON Tools Pro
[2011/11/26 20:14:04 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\EPSON
[2011/11/23 06:03:09 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\GetRightToGo
[2012/02/22 17:32:17 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Leadertech
[2012/04/28 07:54:47 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\NetMedia Providers
[2012/01/18 23:02:54 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Nuance
[2012/04/28 07:54:47 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Publish Providers
[2012/03/22 20:09:39 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Rovio
[2011/11/30 15:27:03 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Seagate
[2011/11/20 00:38:01 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Sierra
[2011/12/07 17:08:04 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Simple Star
[2012/01/07 19:04:27 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\SoftGrid Client
[2012/04/28 07:54:46 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Sony
[2011/12/04 19:14:29 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Splashtop Remote Client
[2011/12/05 09:51:02 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\TP
[2012/05/04 10:53:58 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\uTorrent
[2012/04/30 14:09:12 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Vso
[2011/11/20 03:24:06 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\WinAVI
[2012/01/07 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\WinISO Computing
[2012/04/18 00:10:31 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:02A62A91

< End of report >
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,786 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
O4 - HKCU..\Run: [2K Games] rundll32.exe "C:\Users\Luis\AppData\Local\Apps\2K Games\lxexf.dll",DllRegisterServer File not found
O4 - HKCU..\Run: [dplaysvr] C:\Users\Luis\AppData\Local\dplaysvr.exe File not found
O4 - HKCU..\Run: [eacdaabcbddct] "C:\ProgramData\eacdaabcbddct.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
     
:Commands
[EMPTYTEMP]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
  • 0

#8
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
ok, i did what you asked and heres the otl log. ill wait for your reply, thank you.


All processes killed
Error: Unable to interpret < > in the current context!
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\2K Games deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eacdaabcbddct deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Luis
->Temp folder emptied: 11935261 bytes
->Temporary Internet Files folder emptied: 26090428 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4015 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 10627510 bytes

Total Files Cleaned = 47.00 mb


OTL by OldTimer - Version 3.2.42.2 log created on 05042012_221418

Files\Folders moved on Reboot...
C:\Users\Luis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\Amazon Digital Video\Servicelog.adv scheduled to be moved on reboot.
File\Folder C:\Windows\temp\JET6BBC.tmp not found!
File\Folder C:\Windows\temp\JET733B.tmp not found!

Registry entries deleted on Reboot...
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,786 posts
  • MVP
I think it's cleanup time unless you have a problem.

We need to cleanup System Restore:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#10
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
ron, i did all the cleanup except for the system restore part because i dont use system restore and have it turned off. i find it unreliable and instead i use a double backup system of norton ghost and acronis on a 2nd drive that i have strictly for backing up. i find that this way works much better for me and its served me well over the years.

everything looks good and i really appreciate your kind effort in helping me resolve this.

please reply with your paypal email as i would like to send you a small thank you. thanks again ron, youre the best!
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,786 posts
  • MVP
Thanks,

http://www.kwiaht.org/donate.htm

Ron
  • 0

#12
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
thanks again ron. i made a $10 donation and wrote the donation is being made in the name of ron kinner for his kind help. i attached a copy of my paypal receipt as a jpg to this message (i blacked out my last name on the receipt since this is a public forum). thanks again ron, your kindness and help is sincerely appreciated.

Attached Thumbnails

  • donation.JPG

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,786 posts
  • MVP
Thanks again.

Ron
  • 0

#14
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
hi again ron. there is one more weird thing that is happening and im not sure what is causing it and not sure if its an infection or something else. its been happening for about the last week or so. on random internet pages i cannot highlight anything on the page with my mouse to copy/paste. all i see happening is at the bottom of the screen is it keeps flashing "waiting for http://static.ak.fbc..._proxy.php...". again this doesnt happen on all pages, just random ones, but it seems alot of these pages have videos on them. i tried researcing static.ak.fbcdn and found some references to facebook, including this link http://en.kioskea.ne...c-ak-fbcdn-net.

one online soloution i found was to add static.ak.fbcdn.net as an internet restricted site. i tried this and it seemed to work, but unfortunately then facebook didnt work. so i had to remove it from the restricted sites so my facebook would work again. but of course the problem is back. so it does appear to be somehow facebook related?

any help you can give me would be appreciated. thanks.

ps - for some examples, heres 2 pages where its happening.

http://sports.yahoo....-134227521.html

http://news.yahoo.co...topstories.html

Edited by louuu, 07 May 2012 - 01:45 PM.

  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,786 posts
  • MVP
Which browser do you get this in?

In Firefox, Click on the Firefox at the top left and then hover over the Help until it opens up and shows you some options. Choose Restart with Add-ons Disabled.

Let it restart and tell it to Continue when you see the option menu. Try it now and if you don't have the problem then it's one of your add-ons. You can just enable a few at a time until you find the culprit.

IE: START | RUN and typing: iexplore.exe -extoff to start without add-ons.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP