Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Laptop lentisima..windows vista, modelo HP tablet PC tx2000

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Laptop lentisima..windows vista, modelo HP tablet PC tx2000

Unread postby banchy00 » October 4th, 2009, 2:38 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:29:30 p.m., on 10/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lock Folder XP\LFService.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LFService] C:\Program Files\Lock Folder XP\LFService.exe -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Users\Banchy\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Banchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/do ... ysinfo.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\system32\WacomTouchService.exe

--
End of file - 10896 bytes
banchy00
Active Member
 
Posts: 3
Joined: October 4th, 2009, 2:33 pm
Advertisement
Register to Remove

Re: Laptop lentisima..windows vista, modelo HP tablet PC tx2000

Unread postby MWR 3 day Mod » October 8th, 2009, 2:47 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Laptop lentisima..windows vista, modelo HP tablet PC tx2000

Unread postby peku006 » October 10th, 2009, 2:21 am

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

1 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

2 - Status Check
Please reply with

the logs from RSIT (log.txt ,info.txt)

description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

the logs from RSIT (log.txt ,info.txt)

Unread postby banchy00 » October 10th, 2009, 2:56 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by Banchy at 2009-10-10 13:44:54
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 74 GB (32%) free of 229 GB
Total RAM: 2812 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:45:49 p.m., on 10/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lock Folder XP\LFService.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Banchy\Downloads\Programs\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Banchy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\Windows\system32\msxml71.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LFService] C:\Program Files\Lock Folder XP\LFService.exe -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Users\Banchy\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Banchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/do ... ysinfo.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\system32\WacomTouchService.exe

--
End of file - 10980 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{6504C49E-CDB5-4B61-953C-4C92A406A7A9}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aplicación auxiliar de vínculos de Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
XML Class - C:\Windows\system32\msxml71.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-21 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Aplicación auxiliar de inicio de sesión de Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-05 1466368]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-13 4915200]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504]
"DpAgent"=C:\Program Files\DigitalPersona\Bin\dpagent.exe [2008-03-12 699456]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-04-01 468264]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 80896]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-11-19 488752]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-21 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"LFService"=C:\Program Files\Lock Folder XP\LFService.exe [2009-07-23 40960]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-10-19 286720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-26 2289664]
"ISUSPM"=C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-07-12 226904]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Banchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
IMVU.lnk - C:\Users\Banchy\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableStatusMessages"=0
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0af5ecae-25a2-11de-882e-00247e2c7ace}]
shell\AutoRun\command - F:\
shell\explore\command - F:\RECYCLER\autorun.exe -ExploreCurDir
shell\open\command - F:\RECYCLER\autorun.exe -OpenCurDir

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75f7bcf4-4f0e-11de-ad4c-00238b73f587}]
shell\AutoRun\command - fooool.exe
shell\explore\command - fooool.exe
shell\open\command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75f7bcf9-4f0e-11de-ad4c-00238b73f587}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db82c5ad-33f2-11de-961c-00247e2c7ace}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - "C:\Windows\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2009-10-10 13:44:54 ----D---- C:\rsit
2009-10-09 16:21:42 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-10-04 13:03:00 ----D---- C:\!KillBox
2009-10-04 12:53:45 ----D---- C:\Program Files\Trend Micro
2009-10-04 03:50:35 ----SHD---- C:\$RECYCLE.BIN
2009-10-04 03:29:57 ----A---- C:\chesx.txt
2009-10-04 01:45:34 ----A---- C:\ches.txt
2009-10-03 13:42:54 ----D---- C:\WTablet
2009-10-02 22:04:16 ----D---- C:\ProgramData\Office Genuine Advantage
2009-10-01 19:06:42 ----A---- C:\Windows\system32\wups2.dll
2009-10-01 19:06:42 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-01 19:06:41 ----A---- C:\Windows\system32\wucltux.dll
2009-10-01 19:06:41 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-01 19:05:41 ----A---- C:\Windows\system32\wups.dll
2009-10-01 19:05:41 ----A---- C:\Windows\system32\wudriver.dll
2009-10-01 19:05:41 ----A---- C:\Windows\system32\wuapi.dll
2009-10-01 19:05:21 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-01 19:05:21 ----A---- C:\Windows\system32\wuapp.exe
2009-09-12 16:57:34 ----D---- C:\Program Files\PolderbitS
2009-09-09 18:04:35 ----A---- C:\Windows\system32\jscript.dll
2009-09-09 18:03:20 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 18:03:20 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 18:03:19 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 18:03:19 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 18:03:18 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 18:03:18 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 18:03:18 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 18:03:18 ----A---- C:\Windows\system32\finger.exe
2009-09-09 18:03:17 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 18:01:36 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 18:01:36 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 18:01:36 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 18:01:35 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 18:01:21 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 18:01:20 ----A---- C:\Windows\system32\mf.dll
2009-09-09 01:27:47 ----D---- C:\Users\Banchy\AppData\Roaming\vlc
2009-09-09 00:24:29 ----D---- C:\Users\Banchy\AppData\Roaming\MozillaControl
2009-09-09 00:24:20 ----D---- C:\Program Files\Mozilla ActiveX Control v1.7.12
2009-09-09 00:22:59 ----D---- C:\Program Files\VideoLAN
2009-09-09 00:19:42 ----D---- C:\Program Files\Graboid
2009-09-02 17:24:07 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-02 17:24:04 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-30 18:32:19 ----D---- C:\Users\Banchy\AppData\Roaming\Mozilla
2009-08-30 18:31:30 ----D---- C:\Users\Banchy\AppData\Roaming\IMVUClient
2009-08-27 06:07:44 ----D---- C:\Program Files\Common Files\EZB Systems
2009-08-27 06:07:38 ----D---- C:\Program Files\UltraISO
2009-08-27 05:58:24 ----D---- C:\Program Files\WinZip
2009-08-26 22:51:10 ----D---- C:\Program Files\QuickTime
2009-08-26 22:51:09 ----D---- C:\ProgramData\Apple Computer
2009-08-26 22:49:04 ----D---- C:\ProgramData\Apple
2009-08-26 22:49:04 ----D---- C:\Program Files\Apple Software Update
2009-08-26 03:04:41 ----A---- C:\Windows\system32\tzres.dll
2009-08-21 23:15:53 ----D---- C:\Program Files\Lock Folder XP
2009-08-21 23:15:52 ----D---- C:\Program Files\Common Files\Everstrike Software
2009-08-20 17:38:45 ----A---- C:\Windows\system32\kerberos.dll
2009-08-20 17:38:44 ----A---- C:\Windows\system32\wdigest.dll
2009-08-20 17:38:44 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-20 17:38:44 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-20 17:38:43 ----A---- C:\Windows\system32\schannel.dll
2009-08-20 17:38:39 ----A---- C:\Windows\system32\lsass.exe
2009-08-20 17:38:38 ----A---- C:\Windows\system32\secur32.dll
2009-08-19 00:50:21 ----D---- C:\ProgramData\LightScribe
2009-08-13 23:15:19 ----A---- C:\Windows\ALCFDRTM.EXE
2009-08-13 23:15:12 ----D---- C:\Windows\system32\Lang
2009-08-12 11:45:11 ----A---- C:\Windows\system32\atl.dll
2009-08-12 11:44:48 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-12 11:44:36 ----A---- C:\Windows\system32\mstscax.dll
2009-08-12 11:44:29 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 11:42:17 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 11:42:14 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 11:42:13 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 11:42:11 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-12 11:42:08 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-11 15:52:56 ----D---- C:\Program Files\Realtek AC97
2009-08-11 15:52:51 ----A---- C:\Windows\alcupd.exe
2009-08-11 15:52:50 ----A---- C:\Windows\alcrmv.exe
2009-08-08 16:08:08 ----A---- C:\Windows\system32\occache.dll
2009-08-08 16:08:08 ----A---- C:\Windows\system32\jsproxy.dll
2009-08-08 16:08:07 ----A---- C:\Windows\system32\iepeers.dll
2009-08-08 16:08:06 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-08-08 16:08:06 ----A---- C:\Windows\system32\msfeeds.dll
2009-08-08 16:08:06 ----A---- C:\Windows\system32\ieui.dll
2009-08-08 16:08:05 ----A---- C:\Windows\system32\wininet.dll
2009-08-08 16:08:05 ----A---- C:\Windows\system32\iesetup.dll
2009-08-08 16:08:05 ----A---- C:\Windows\system32\iernonce.dll
2009-08-08 16:08:03 ----A---- C:\Windows\system32\msfeedssync.exe
2009-08-08 16:08:03 ----A---- C:\Windows\system32\iertutil.dll
2009-08-08 16:08:03 ----A---- C:\Windows\system32\ie4uinit.exe
2009-08-08 16:08:02 ----A---- C:\Windows\system32\urlmon.dll
2009-08-08 16:08:02 ----A---- C:\Windows\system32\ieUnatt.exe
2009-08-08 16:08:02 ----A---- C:\Windows\system32\iesysprep.dll
2009-08-08 16:08:02 ----A---- C:\Windows\system32\iedkcs32.dll
2009-08-08 16:07:59 ----A---- C:\Windows\system32\ieframe.dll
2009-08-08 16:07:57 ----A---- C:\Windows\system32\mshtml.dll
2009-08-08 16:05:02 ----A---- C:\Windows\system32\mshtmled.dll
2009-08-08 16:05:01 ----A---- C:\Windows\system32\mshtmler.dll
2009-08-08 16:05:01 ----A---- C:\Windows\system32\icardie.dll
2009-08-08 16:05:01 ----A---- C:\Windows\system32\admparse.dll
2009-08-08 16:05:00 ----A---- C:\Windows\system32\msls31.dll
2009-08-08 16:05:00 ----A---- C:\Windows\system32\corpol.dll
2009-08-08 16:04:58 ----A---- C:\Windows\system32\ieakeng.dll
2009-08-08 16:04:57 ----A---- C:\Windows\system32\imgutil.dll
2009-08-08 16:04:57 ----A---- C:\Windows\system32\dxtrans.dll
2009-08-08 16:04:57 ----A---- C:\Windows\system32\dxtmsft.dll
2009-08-08 16:04:56 ----A---- C:\Windows\system32\licmgr10.dll
2009-08-08 16:04:55 ----A---- C:\Windows\system32\msrating.dll
2009-08-08 16:04:55 ----A---- C:\Windows\system32\inseng.dll
2009-08-08 16:04:55 ----A---- C:\Windows\system32\ieaksie.dll
2009-08-08 16:04:54 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-08-08 16:04:54 ----A---- C:\Windows\system32\wextract.exe
2009-08-08 16:04:54 ----A---- C:\Windows\system32\webcheck.dll
2009-08-08 16:04:54 ----A---- C:\Windows\system32\ieakui.dll
2009-08-08 16:04:53 ----A---- C:\Windows\system32\mstime.dll
2009-08-08 16:04:53 ----A---- C:\Windows\system32\advpack.dll
2009-08-08 16:04:52 ----A---- C:\Windows\system32\pngfilt.dll
2009-08-08 16:04:52 ----A---- C:\Windows\system32\ieapfltr.dll
2009-08-08 16:04:51 ----A---- C:\Windows\system32\vbscript.dll
2009-08-08 16:04:50 ----A---- C:\Windows\system32\url.dll
2009-08-08 16:04:47 ----A---- C:\Windows\system32\mshta.exe
2009-08-08 16:04:47 ----A---- C:\Windows\system32\iexpress.exe
2009-08-08 16:04:46 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-08-08 16:04:46 ----A---- C:\Windows\system32\SetDepNx.exe
2009-08-08 16:04:46 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-08-08 16:04:46 ----A---- C:\Windows\system32\PDMSetup.exe
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGAEXEC.exe
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGACheckControl.dll
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGAAddin.dll
2009-07-26 16:44:56 ----A---- C:\Windows\system32\sirenacm.dll
2009-07-25 16:08:18 ----D---- C:\Windows\system32\Adobe
2009-07-21 17:33:58 ----D---- C:\Users\Banchy\AppData\Roaming\Google
2009-07-21 17:33:12 ----D---- C:\Program Files\Google
2009-07-21 17:32:20 ----D---- C:\ProgramData\NOS
2009-07-21 17:32:20 ----D---- C:\Program Files\NOS
2009-07-14 16:09:24 ----A---- C:\Windows\system32\t2embed.dll
2009-07-14 16:09:23 ----A---- C:\Windows\system32\fontsub.dll
2009-07-14 16:09:23 ----A---- C:\Windows\system32\dciman32.dll
2009-07-14 16:09:23 ----A---- C:\Windows\system32\atmfd.dll
2009-07-11 20:45:57 ----D---- C:\Users\Banchy\AppData\Roaming\GTek
2009-07-11 17:26:56 ----D---- C:\ProgramData\WinZip
2009-07-11 17:20:55 ----D---- C:\Users\Banchy\AppData\Roaming\WinRAR
2009-07-11 17:20:04 ----D---- C:\Program Files\WinRAR

======List of files/folders modified in the last 3 months======

2009-10-10 13:45:32 ----D---- C:\Users\Banchy\AppData\Roaming\uTorrent
2009-10-10 13:45:08 ----D---- C:\Windows\Prefetch
2009-10-10 13:44:55 ----D---- C:\Windows\Temp
2009-10-10 13:37:34 ----RD---- C:\Program Files
2009-10-10 12:40:49 ----D---- C:\Windows\System32
2009-10-10 12:37:03 ----D---- C:\Users\Banchy\AppData\Roaming\WTablet
2009-10-10 03:12:03 ----SHD---- C:\System Volume Information
2009-10-09 16:24:47 ----D---- C:\Windows\Microsoft.NET
2009-10-09 16:23:24 ----RSD---- C:\Windows\assembly
2009-10-09 16:21:52 ----SHD---- C:\Windows\Installer
2009-10-09 16:21:43 ----D---- C:\Program Files\Common Files\System
2009-10-09 16:21:08 ----DC---- C:\Windows\system32\DRVSTORE
2009-10-09 16:21:05 ----D---- C:\Windows\system32\drivers
2009-10-09 16:20:38 ----D---- C:\Program Files\Windows Live
2009-10-09 16:19:13 ----D---- C:\Windows
2009-10-09 15:30:37 ----D---- C:\Windows\Tasks
2009-10-09 11:50:04 ----D---- C:\Windows\system32\Tasks
2009-10-07 22:03:02 ----D---- C:\Windows\inf
2009-10-07 22:03:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-06 18:15:52 ----D---- C:\Program Files\xxx
2009-10-03 09:54:21 ----D---- C:\Windows\rescache
2009-10-02 22:04:16 ----HD---- C:\ProgramData
2009-10-02 20:31:59 ----D---- C:\Windows\system32\zh-TW
2009-10-02 20:31:59 ----D---- C:\Windows\system32\zh-HK
2009-10-02 20:31:59 ----D---- C:\Windows\system32\tr-TR
2009-10-02 20:31:59 ----D---- C:\Windows\system32\sv-SE
2009-10-02 20:31:59 ----D---- C:\Windows\system32\pt-BR
2009-10-02 20:31:59 ----D---- C:\Windows\system32\nl-NL
2009-10-02 20:31:59 ----D---- C:\Windows\system32\nb-NO
2009-10-02 20:31:59 ----D---- C:\Windows\system32\ko-KR
2009-10-02 20:31:59 ----D---- C:\Windows\system32\it-IT
2009-10-02 20:31:59 ----D---- C:\Windows\system32\he-IL
2009-10-02 20:31:59 ----D---- C:\Windows\system32\fr-FR
2009-10-02 20:31:59 ----D---- C:\Windows\system32\fi-FI
2009-10-02 20:31:59 ----D---- C:\Windows\system32\es-ES
2009-10-02 20:31:59 ----D---- C:\Windows\system32\en-US
2009-10-02 20:31:59 ----D---- C:\Windows\system32\el-GR
2009-10-02 20:31:59 ----D---- C:\Windows\system32\de-DE
2009-10-02 20:31:59 ----D---- C:\Windows\system32\da-DK
2009-10-02 20:31:59 ----D---- C:\Windows\system32\ar-SA
2009-10-02 12:19:56 ----D---- C:\Windows\winsxs
2009-10-01 19:07:22 ----D---- C:\Windows\system32\catroot
2009-10-01 19:06:22 ----D---- C:\Windows\system32\catroot2
2009-09-23 03:02:56 ----D---- C:\ProgramData\Microsoft Help
2009-09-22 03:03:13 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-12 16:57:35 ----A---- C:\Windows\win.ini
2009-09-10 21:57:55 ----D---- C:\Program Files\Symantec
2009-09-10 03:16:00 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-10 03:02:49 ----D---- C:\Program Files\Windows Mail
2009-09-10 03:00:41 ----D---- C:\Windows\ehome
2009-09-07 02:30:03 ----SD---- C:\Users\Banchy\AppData\Roaming\Microsoft
2009-09-03 03:02:10 ----D---- C:\Windows\AppPatch
2009-08-28 15:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-27 06:07:44 ----D---- C:\Program Files\Common Files
2009-08-26 22:52:25 ----D---- C:\Program Files\Internet Explorer
2009-08-25 16:16:47 ----D---- C:\Program Files\Microsoft Works
2009-08-25 16:16:38 ----D---- C:\Program Files\Microsoft Office
2009-08-25 16:14:15 ----D---- C:\Windows\ShellNew
2009-08-13 03:22:33 ----D---- C:\Program Files\Windows Media Player
2009-08-11 15:52:44 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-09 12:07:47 ----SD---- C:\Windows\Downloaded Program Files
2009-08-09 12:07:08 ----D---- C:\Windows\Downloaded Installations
2009-08-08 16:33:08 ----D---- C:\Windows\system32\migration
2009-08-08 16:33:06 ----D---- C:\Windows\PolicyDefinitions
2009-08-08 16:14:19 ----D---- C:\Windows\system
2009-08-08 16:09:35 ----D---- C:\Program Files\Microsoft
2009-08-03 23:19:35 ----D---- C:\Users\Banchy\AppData\Roaming\Autodesk
2009-08-03 23:19:35 ----D---- C:\ProgramData\Autodesk
2009-08-03 23:11:16 ----HD---- C:\HP
2009-07-12 00:14:19 ----D---- C:\Users\Banchy\AppData\Roaming\CyberLink
2009-07-11 20:45:42 ----D---- C:\Program Files\HP
2009-07-11 20:44:38 ----D---- C:\Program Files\Hewlett-Packard
2009-07-11 20:41:09 ----D---- C:\SWSetup
2009-07-11 20:38:40 ----D---- C:\Users\Banchy\AppData\Roaming\Hewlett-Packard

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NAV\1007020.00B\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NAV\1007020.00B\ccHPx86.sys [2009-09-08 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-26 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090916.003\IDSvix86.sys [2009-09-10 342576]
R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NAV\1007020.00B\SRTSP.SYS [2009-08-22 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NAV\1007020.00B\SRTSPX.SYS [2009-08-22 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-08-22 25648]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NAV\1007020.00B\SYMTDI.SYS [2009-08-22 217136]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-28 3544064]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
R3 BCM43XX;Controlador del adaptador de red Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-12-05 1205240]
R3 BthEnum;Servicio enumerador de Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-20 19456]
R3 BthPan;Dispositivo Bluetooth (Red de área personal); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
R3 BTHUSB;Controlador USB de radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-28 29184]
R3 btwaudio;Dispositivo de audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2008-02-01 80424]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2008-02-01 80936]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-02-01 16168]
R3 CmBatt;Controlador de batería de método de control ACPI de Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-14 2061528]
R3 MODEMCSA;Dispositivo de filtro de transmisión Unimodem; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-20 18432]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091010.003\NAVENG.SYS [2009-08-25 84912]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091010.003\NAVEX15.SYS [2009-08-25 1323568]
R3 RFCOMM;Dispositivo Bluetooth (TDI protocolo RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-20 49664]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-05-05 1095808]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-09-10 124976]
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NAV\1007020.00B\SYMFW.SYS [2009-08-22 89904]
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NAV\1007020.00B\SYMNDISV.SYS [2009-08-22 48688]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;Dispositivo de vídeo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
R3 Wacomhidfilter;Wacom HID Filter; C:\Windows\system32\DRIVERS\wacomhidfilter.sys [2007-11-05 10536]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-10-06 12712]
R3 WacomVKHid;Virtual Keyboard Driver; C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
R3 WacomVTHid;Virtual Touch Driver; C:\Windows\system32\DRIVERS\WacomVTHid.sys [2007-02-22 11312]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S1 upxbbqmqmytvkwrv;upxbbqmqmytvkwrv; C:\Windows\system32\drivers\upxbbqmqmytvkwrv.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-12-05 1205240]
S3 BTHPORT;Controlador de puertos Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-28 220160]
S3 drmkaud;Descodificador de audio DRM del kernel de Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Controlador de la función Microsoft 1.1 UAA para el servicio High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-20 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 MSKSSRV;Proxy de servicio de transmisión por secuencias de Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Proxy del reloj de transmisión por secuencias de Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Proxy del administrador de calidad de transmisión por secuencias de Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Convertidor Tee/Sink-to-Sink de transmisión por secuencias de Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 RimUsb;Smartphone BlackBerry; C:\Windows\System32\Drivers\RimUsb.sys [2008-04-16 22784]
S3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NAV\1000000.07D\SYMDNS.SYS []
S3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NAV\1000000.07D\SYMREDRV.SYS []
S3 usbaudio;Controlador de audio USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-20 73088]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-20 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-28 667648]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 DpHost;Biometric Authentication Service; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2008-03-12 302144]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [2009-08-22 117640]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-04-01 292240]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-04-01 112008]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-03-26 341328]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 TabletServicePen;TabletServicePen; C:\Windows\system32\Pen_Tablet.exe [2008-04-10 1369384]
R2 WacomTouchService;Wacom Touch Service; C:\Windows\system32\WacomTouchService.exe [2007-10-16 95528]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-25 148832]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-06-16 85096]
S3 fsssvc;Servicio de Windows Live Protección infantil; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-21 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-10-10 13:45:55

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Bricks of Egypt\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Digby's Donuts\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Gem Shop\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Sudoku Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adaptador de red LAN inalámbrica Broadcom 802.11-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Español-->MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A81300000003}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ares 2.1.1-->"C:\Program Files\Ares\uninstall.exe"
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /X{7F362F06-A9A3-440F-8B19-6A01A72723C4}
AutoCAD 2008 - English-->C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Ayudante para el inicio de sesión de Windows Live ID-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Catalyst Control Center - Branding-->MsiExec.exe /I{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}
Compresor WinRAR-->C:\Program Files\WinRAR\uninstall.exe
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DigitalPersona Personal 3.0.1-->MsiExec.exe /I{AE72E414-0935-4AC8-B7D6-12E3039BEC13}
Galería fotográfica de Windows Live-->MsiExec.exe /X{25F6A201-C40C-4669-936D-473877CFEB4C}
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Graboid Video 1.65-->C:\Program Files\Graboid\uninst.exe
Herramienta de carga de Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4DBD482-FB11-4902-BEEF-C94B6602B3B0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F58C6763-8AB4-40C4-AE3A-FD8CE53B1654}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Quick Launch Buttons 6.40 D1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x000a uninst
HP QuickPlay 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Tablet support for Mobility Center-->MsiExec.exe /I{1E89314D-ABF3-4782-9F48-84C1F796A096}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0112-->MsiExec.exe /I{BBF7E7C4-C110-41CB-A0A8-A765B3D592E5}
HP Wireless Assistant-->MsiExec.exe /I{A5CE7175-080D-49AC-B5A3-E7E3502428F5}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
LightScribe System Software 1.12.33.2-->MsiExec.exe /X{582287DA-0806-4AC0-BF19-C15E3A466034}
Lock Folder XP-->"C:\Program Files\Lock Folder XP\Uninstall.exe" "C:\Program Files\Common Files\Everstrike Software\Lock Folder XP\install.log" -u
Microsoft .NET Framework 3.5 Language Pack SP1 - esn-->MsiExec.exe /I{92E4A65F-7007-3357-A69A-167F71A337BD}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0C0A-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (Spanish)-->MsiExec.exe /X{95120000-00AF-0C0A-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110C0A-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {9E73617F-2F38-4864-BD61-BB2DDFE43323}
Microsoft Office Project 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00B4-0409-0000-0000000FF1CE} /uninstall {27A9D316-D332-433B-8EB1-1D93EE49F26D}
Microsoft Office Project MUI (English) 2007-->MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007-->MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850C0A-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{38BB21D5-B0D1-41DA-A0B0-1EFB5EF4AAC2}
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co85.dll,SM56UnInstaller
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Norton AntiVirus-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\2454B0AB\16.7.2.11\InstStub.exe /X
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Paquete de compatibilidad para 2007 Office system-->MsiExec.exe /X{90120000-0020-0C0A-0000-0000000FF1CE}
Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\setup.exe
Pen Tablet-->C:\Program Files\Tablet\Pen\Remove.exe /u
PokerStars.net-->"C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
QuickPlay SlingPlayer 0.4.6-->"C:\Program Files\HP\QuickPlay\unins000.exe"
QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x000a -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0xa -removeonly
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
UltraISO Premium V9.33-->"C:\Program Files\UltraISO\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Project 2007 Help (KB963668)-->msiexec /package {90120000-00B4-0409-0000-0000000FF1CE} /uninstall {1DF07773-4289-4998-BC2C-83539AD85C50}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{38A0481D-544D-4C01-BB32-39332391D012}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}
Windows Live Mail-->MsiExec.exe /I{BEC001F9-0451-4396-92D7-E1A4E7854BF3}
Windows Live Messenger-->MsiExec.exe /X{F2FFEEAA-0B48-4342-9B67-12ABB0B58F24}
Windows Live Movie Maker-->MsiExec.exe /X{DB5EE5C0-DB00-4F22-8C40-C35AD3B5B981}
Windows Live Protección Infantil-->MsiExec.exe /X{22B915C5-FFB7-4401-93B5-C7EC61C81CBE}
Windows Live Sync-->MsiExec.exe /X{953D4586-9A16-495E-BA1F-EE5AA66604DB}
Windows Live Toolbar-->MsiExec.exe /X{3F6FF1E6-4364-402C-B915-FA1A40016DFA}
Windows Live Writer-->MsiExec.exe /X{B8583CB3-8ABE-407E-8BC6-F9A83EAC9133}
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Contreras
Event Code: 7036
Message: El servicio Disco virtual entró en estado "detenido".
Record Number: 517186
Source Name: Service Control Manager
Time Written: 20091010194353.000000-000
Event Type: Información
User:

Computer Name: Contreras
Event Code: 3
Message: Servicio iniciado.
Record Number: 517187
Source Name: Virtual Disk Service
Time Written: 20091010194454.000000-000
Event Type: Información
User:

Computer Name: Contreras
Event Code: 7036
Message: El servicio Disco virtual entró en estado "en ejecución".
Record Number: 517188
Source Name: Service Control Manager
Time Written: 20091010194454.000000-000
Event Type: Información
User:

Computer Name: Contreras
Event Code: 4
Message: Servicio detenido.
Record Number: 517189
Source Name: Virtual Disk Service
Time Written: 20091010194457.000000-000
Event Type: Información
User:

Computer Name: Contreras
Event Code: 7036
Message: El servicio Disco virtual entró en estado "detenido".
Record Number: 517190
Source Name: Service Control Manager
Time Written: 20091010194457.000000-000
Event Type: Información
User:

=====Application event log=====

Computer Name: Contreras
Event Code: 1001
Message: Depósito con errores 553112934, tipo 5
Nombre de evento: CbsPackageServicingFailure
Respuesta Ninguno
Id. de archivo CAB: 0

Firma del problema:
P1: 6.0.6002.18005
P2: Package_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27
P3: 800f081f
P4: Stage
P5: Resolved
P6: Installed
P7:
P8:
P9:
P10:

Archivos adjuntos:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report369e01d1\CBS.log
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report369e01d1\cbs.persist.log
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report369e01d1\poqexec.log
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report369e01d1\setupapi.dev.log
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report369e01d1\windowsupdate.log

Es posible que estos archivos estén disponibles aquí:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report1393fa36
Record Number: 13045
Source Name: Windows Error Reporting
Time Written: 20091010185205.000000-000
Event Type: Información
User:

Computer Name: Contreras
Event Code: 1001
Message: Depósito con errores 553112934, tipo 5
Nombre de evento: CbsPackageServicingFailure
Respuesta Ninguno
Id. de archivo CAB: 0

Firma del problema:
P1: 6.0.6002.18005
P2: Package_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27
P3: 800f081f
P4: Stage
P5: Resolved
P6: Installed
P7:
P8:
P9:
P10:

Archivos adjuntos:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report3e07b838\CBS.log
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report3e07b838\cbs.persist.log
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report3e07b838\poqexec.log
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report3e07b838\setupapi.dev.log
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report3e07b838\windowsupdate.log

Es posible que estos archivos estén disponibles aquí:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report13940435
Record Number: 13046
Source Name: Windows Error Reporting
Time Written: 20091010185208.000000-000
Event Type: Información
User:

Computer Name: Contreras
Event Code: 1001
Message: Depósito con errores 553112934, tipo 5
Nombre de evento: CbsPackageServicingFailure
Respuesta Ninguno
Id. de archivo CAB: 0

Firma del problema:
P1: 6.0.6002.18005
P2: Package_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27
P3: 800f081f
P4: Stage
P5: Resolved
P6: Installed
P7:
P8:
P9:
P10:

Archivos adjuntos:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report79392229\CBS.log
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report79392229\cbs.persist.log
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report79392229\poqexec.log
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report79392229\setupapi.dev.log
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report79392229\windowsupdate.log

Es posible que estos archivos estén disponibles aquí:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report13940be2
Record Number: 13047
Source Name: Windows Error Reporting
Time Written: 20091010185210.000000-000
Event Type: Información
User:

Computer Name: Contreras
Event Code: 1001
Message: Depósito con errores 738187537, tipo 5
Nombre de evento: WindowsUpdateFailure
Respuesta Ninguno
Id. de archivo CAB: 0

Firma del problema:
P1: 7.4.7600.226
P2: 8024200d
P3: 2755FE78-B713-49A3-8282-44088C76899D
P4: Install
P5: 101
P6: Unmanaged
P7:
P8:
P9:
P10:

Archivos adjuntos:

Es posible que estos archivos estén disponibles aquí:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report13943810
Record Number: 13048
Source Name: Windows Error Reporting
Time Written: 20091010185221.000000-000
Event Type: Información
User:

Computer Name: Contreras
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 13049
Source Name: LightScribeService
Time Written: 20091010194553.000000-000
Event Type: Información
User:

=====Security event log=====

Computer Name: Contreras
Event Code: 4624
Message: Se inició sesión correctamente en una cuenta.

Sujeto:
Id. de seguridad: S-1-5-18
Nombre de cuenta: CONTRERAS$
Dominio de cuenta: WORKGROUP
Id. de inicio de sesión: 0x3e7

Tipo de inicio de sesión: 5

Nuevo inicio de sesión:
Id. de seguridad: S-1-5-18
Nombre de cuenta: SYSTEM
Dominio de cuenta: NT AUTHORITY
Id. de inicio de sesión: 0x3e7
GUID de inicio de sesión: {00000000-0000-0000-0000-000000000000}

Información de proceso:
Id. de proceso: 0x2f0
Nombre de proceso: C:\Windows\System32\services.exe

Información de red:
Nombre de estación de trabajo:
Dirección de red de origen: -
Puerto de origen: -

Información de autenticación detallada:
Proceso de inicio de sesión: Advapi
Paquete de autenticación: Negotiate
Servicios transitados: -
Nombre de paquete (sólo NTLM): -
Longitud de clave: 0

Este evento se genera cuando se crea un inicio de sesión. Lo genera el equipo al que se tuvo acceso.

Los campos de sujeto indican la cuenta del sistema local que solicitó el inicio de sesión. Suele ser un servicio como el servicio de servidor o un proceso local como Winlogon.exe o Services.exe.

El campo Tipo de inicio de sesión indica la clase de inicio de sesión que se realizó. Los tipos más comunes son 2 (interactivo) y 3 (red).

Los campos Nuevo inicio de sesión indican la cuenta para la que se creó el nuevo inicio de sesión, es decir, aquella en la que se inició la sesión.

Los campos de red indican dónde se originó una solicitud de inicio de sesión remota. Nombre de estación de trabajo no está siempre disponible y se puede dejar en blanco en algunos casos.

Los campos de información de autenticación proporcionan información detallada sobre esta solicitud de inicio de sesión específica.
- GUID de inicio de sesión es un identificador único que se puede usar para correlacionar este evento con un evento KDC.
- Servicios transitados indica los servicios intermedios que participaron en esta solicitud de inicio de sesión.
- Nombre de paquete indica el subprotocolo que se usó entre los protocolos NTLM.
- Longitud de clave indica la longitud de la clave de sesión generada. Será 0 si no se solicitó una clave de sesión.
Record Number: 251256
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091010194701.939878-000
Event Type: Auditoría correcta
User:

Computer Name: Contreras
Event Code: 4672
Message: Se asignaron privilegios especiales a un nuevo inicio de sesión.

Sujeto:
Id. de seguridad: S-1-5-18
Nombre de cuenta: SYSTEM
Dominio de cuenta: NT AUTHORITY
Id. de inicio de sesión: 0x3e7

Privilegios: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 251257
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091010194701.939878-000
Event Type: Auditoría correcta
User:

Computer Name: Contreras
Event Code: 4648
Message: Se intentó iniciar sesión con credenciales explícitas.

Sujeto:
Id. de seguridad: S-1-5-18
Nombre de cuenta: CONTRERAS$
Dominio de cuenta: WORKGROUP
Id. de inicio de sesión: 0x3e7
GUID de inicio de sesión: {00000000-0000-0000-0000-000000000000}

Cuenta cuyas credenciales se usaron:
Nombre de cuenta: SYSTEM
Dominio de cuenta: NT AUTHORITY
GUID de inicio de sesión: {00000000-0000-0000-0000-000000000000}

Servidor de destino:
Nombre de servidor de destino: localhost
Información adicional: localhost

Información de proceso:
Id. de proceso: 0x2f0
Nombre de proceso: C:\Windows\System32\services.exe

Información de red:
Dirección de red: -
Puerto: -

Este evento se genera cuando un proceso intenta iniciar sesión en una cuenta especificando explícitamente las credenciales de la cuenta. Suele producirse en configuraciones de tipo de lote como tareas programadas, o cuando se usa el comando RUNAS.
Record Number: 251258
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091010194806.001878-000
Event Type: Auditoría correcta
User:

Computer Name: Contreras
Event Code: 4624
Message: Se inició sesión correctamente en una cuenta.

Sujeto:
Id. de seguridad: S-1-5-18
Nombre de cuenta: CONTRERAS$
Dominio de cuenta: WORKGROUP
Id. de inicio de sesión: 0x3e7

Tipo de inicio de sesión: 5

Nuevo inicio de sesión:
Id. de seguridad: S-1-5-18
Nombre de cuenta: SYSTEM
Dominio de cuenta: NT AUTHORITY
Id. de inicio de sesión: 0x3e7
GUID de inicio de sesión: {00000000-0000-0000-0000-000000000000}

Información de proceso:
Id. de proceso: 0x2f0
Nombre de proceso: C:\Windows\System32\services.exe

Información de red:
Nombre de estación de trabajo:
Dirección de red de origen: -
Puerto de origen: -

Información de autenticación detallada:
Proceso de inicio de sesión: Advapi
Paquete de autenticación: Negotiate
Servicios transitados: -
Nombre de paquete (sólo NTLM): -
Longitud de clave: 0

Este evento se genera cuando se crea un inicio de sesión. Lo genera el equipo al que se tuvo acceso.

Los campos de sujeto indican la cuenta del sistema local que solicitó el inicio de sesión. Suele ser un servicio como el servicio de servidor o un proceso local como Winlogon.exe o Services.exe.

El campo Tipo de inicio de sesión indica la clase de inicio de sesión que se realizó. Los tipos más comunes son 2 (interactivo) y 3 (red).

Los campos Nuevo inicio de sesión indican la cuenta para la que se creó el nuevo inicio de sesión, es decir, aquella en la que se inició la sesión.

Los campos de red indican dónde se originó una solicitud de inicio de sesión remota. Nombre de estación de trabajo no está siempre disponible y se puede dejar en blanco en algunos casos.

Los campos de información de autenticación proporcionan información detallada sobre esta solicitud de inicio de sesión específica.
- GUID de inicio de sesión es un identificador único que se puede usar para correlacionar este evento con un evento KDC.
- Servicios transitados indica los servicios intermedios que participaron en esta solicitud de inicio de sesión.
- Nombre de paquete indica el subprotocolo que se usó entre los protocolos NTLM.
- Longitud de clave indica la longitud de la clave de sesión generada. Será 0 si no se solicitó una clave de sesión.
Record Number: 251259
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091010194806.001878-000
Event Type: Auditoría correcta
User:

Computer Name: Contreras
Event Code: 4672
Message: Se asignaron privilegios especiales a un nuevo inicio de sesión.

Sujeto:
Id. de seguridad: S-1-5-18
Nombre de cuenta: SYSTEM
Dominio de cuenta: NT AUTHORITY
Id. de inicio de sesión: 0x3e7

Privilegios: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 251260
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091010194806.001878-000
Event Type: Auditoría correcta
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------
[b][b][/b][/b]
banchy00
Active Member
 
Posts: 3
Joined: October 4th, 2009, 2:33 pm

Re: Laptop lentisima..windows vista, modelo HP tablet PC tx2000

Unread postby peku006 » October 11th, 2009, 3:52 am

Hi banchy00

Use of P2P (Person to Person) file sharing programs

I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

uTorrent

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them. Please remove it before we can continue any further. Post back when you have done it so we can continue the cleaning process.

NOTE: Even if you are using a safe P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Make an uninstall list using HijackThis

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Laptop lentisima..windows vista, modelo HP tablet PC tx2000

Unread postby NonSuch » October 15th, 2009, 1:02 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware