TechSpot

Have a rootkit, bootkit CANNOT remove :(

Inactive-A
By Patryk
Jul 30, 2013
  1. I need some help with removing a rootkit its trufosalt from gmer log but however when I do a bootsector scan in avira it gives me BSOD when I do scan with aswMBR it crashes, I need help is anyone willing to help me remove this nasty?!
     
  2. Patryk

    Patryk TS Rookie Topic Starter

    Code:
    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-07-30 17:02:22
    Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000038 Intel___ rev.1.0. 476.90GB
    Running: gmer.exe; Driver: C:\Users\ALPINO\AppData\Local\Temp\pxldrpog.sys
     
     
    ---- User code sections - GMER 2.1 ----
     
    .text  C:\WINDOWS\system32\wininit.exe[592] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\wininit.exe[592] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\wininit.exe[592] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\wininit.exe[592] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											  00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											  00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											  00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											  00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\WINDOWS\system32\svchost.exe[812] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[812] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[812] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[812] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\WINDOWS\system32\dwm.exe[912] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506																  00007fff5cd016aa 4 bytes [D0, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\dwm.exe[912] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514																  00007fff5cd016b2 4 bytes [D0, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\dwm.exe[912] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118																	00007fff5cd0181a 4 bytes [D0, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\dwm.exe[912] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142																	00007fff5cd01832 4 bytes [D0, 5C, FF, 7F]
    .text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[968] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506									00007fff5cd016aa 4 bytes [D0, 5C, FF, 7F]
    .text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[968] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514									00007fff5cd016b2 4 bytes [D0, 5C, FF, 7F]
    .text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[968] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118										00007fff5cd0181a 4 bytes [D0, 5C, FF, 7F]
    .text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[968] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142										00007fff5cd01832 4 bytes [D0, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\nvvsvc.exe[976] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506															  00007fff5cd016aa 4 bytes [D0, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\nvvsvc.exe[976] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514															  00007fff5cd016b2 4 bytes [D0, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\nvvsvc.exe[976] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118																  00007fff5cd0181a 4 bytes [D0, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\nvvsvc.exe[976] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142																  00007fff5cd01832 4 bytes [D0, 5C, FF, 7F]
    .text  C:\WINDOWS\System32\svchost.exe[516] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\System32\svchost.exe[516] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\System32\svchost.exe[516] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\System32\svchost.exe[516] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\WINDOWS\system32\svchost.exe[584] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[584] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[584] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[584] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\WINDOWS\system32\svchost.exe[900] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[900] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[900] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[900] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\WINDOWS\System32\svchost.exe[1064] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\System32\svchost.exe[1064] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\System32\svchost.exe[1064] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\System32\svchost.exe[1064] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\WINDOWS\System32\spoolsv.exe[1420] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\System32\spoolsv.exe[1420] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\System32\spoolsv.exe[1420] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\System32\spoolsv.exe[1420] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\WINDOWS\System32\spoolsv.exe[1420] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506															00007fff5cd016aa 4 bytes [D0, 5C, FF, 7F]
    .text  C:\WINDOWS\System32\spoolsv.exe[1420] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514															00007fff5cd016b2 4 bytes [D0, 5C, FF, 7F]
    .text  C:\WINDOWS\System32\spoolsv.exe[1420] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118																00007fff5cd0181a 4 bytes [D0, 5C, FF, 7F]
    .text  C:\WINDOWS\System32\spoolsv.exe[1420] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142																00007fff5cd01832 4 bytes [D0, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[1448] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[1448] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[1448] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[1448] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1776] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698			00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1776] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706			00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1776] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270			00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1776] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294			00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\Program Files\Windows Defender\MsMpEng.exe[700] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506												00007fff5cd016aa 4 bytes [D0, 5C, FF, 7F]
    .text  C:\Program Files\Windows Defender\MsMpEng.exe[700] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514												00007fff5cd016b2 4 bytes [D0, 5C, FF, 7F]
    .text  C:\Program Files\Windows Defender\MsMpEng.exe[700] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118												  00007fff5cd0181a 4 bytes [D0, 5C, FF, 7F]
    .text  C:\Program Files\Windows Defender\MsMpEng.exe[700] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142												  00007fff5cd01832 4 bytes [D0, 5C, FF, 7F]
    .text  C:\Program Files\Windows Defender\MsMpEng.exe[700] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698							  00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files\Windows Defender\MsMpEng.exe[700] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706							  00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files\Windows Defender\MsMpEng.exe[700] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270							  00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files\Windows Defender\MsMpEng.exe[700] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294							  00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2148] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698  00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2148] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706  00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2148] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270  00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2148] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294  00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2688] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698			00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2688] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706			00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2688] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270			00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2688] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294			00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\WINDOWS\Explorer.EXE[2880] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506																	00007fff5cd016aa 4 bytes [D0, 5C, FF, 7F]
    .text  C:\WINDOWS\Explorer.EXE[2880] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514																	00007fff5cd016b2 4 bytes [D0, 5C, FF, 7F]
    .text  C:\WINDOWS\Explorer.EXE[2880] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118																		00007fff5cd0181a 4 bytes [D0, 5C, FF, 7F]
    .text  C:\WINDOWS\Explorer.EXE[2880] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142																		00007fff5cd01832 4 bytes [D0, 5C, FF, 7F]
    .text  C:\WINDOWS\Explorer.EXE[2880] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698													00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\Explorer.EXE[2880] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706													00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\Explorer.EXE[2880] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270													00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\Explorer.EXE[2880] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294													00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\WINDOWS\system32\svchost.exe[3100] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[3100] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[3100] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\svchost.exe[3100] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3356] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698					00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3356] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706					00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3356] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270					00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3356] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294					00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\WINDOWS\system32\SearchIndexer.exe[3380] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698									  00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\SearchIndexer.exe[3380] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706									  00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\SearchIndexer.exe[3380] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270									  00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\SearchIndexer.exe[3380] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294									  00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 202												  00007fff47dc3cfa 4 bytes [DC, 47, FF, 7F]
    .text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 226												  00007fff47dc3d12 4 bytes [DC, 47, FF, 7F]
    .text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506											00007fff5cd016aa 4 bytes [D0, 5C, FF, 7F]
    .text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514											00007fff5cd016b2 4 bytes [D0, 5C, FF, 7F]
    .text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118											  00007fff5cd0181a 4 bytes [D0, 5C, FF, 7F]
    .text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142											  00007fff5cd01832 4 bytes [D0, 5C, FF, 7F]
    .text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698						  00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706						  00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270						  00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294						  00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698									  00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706									  00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270									  00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294									  00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
    .text  C:\WINDOWS\system32\wbem\wmiprvse.exe[992] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698									  00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\wbem\wmiprvse.exe[992] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706									  00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\wbem\wmiprvse.exe[992] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270									  00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
    .text  C:\WINDOWS\system32\wbem\wmiprvse.exe[992] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294									  00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
     
    ---- Threads - GMER 2.1 ----
     
    Thread  C:\WINDOWS\system32\csrss.exe [600:2076]																												fffff96000966d40
    Thread  C:\WINDOWS\system32\csrss.exe [600:4200]																												fffff96000966d40
     
    ---- Registry - GMER 2.1 ----
     
    Reg	HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed																		1301831310
    Reg	HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw																									  0x64 0x62 0x03 0x00 ...
    Reg	HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask																								  0x64 0x62 0x03 0x00 ...
    Reg	HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw																									  0x64 0x62 0x03 0x00 ...
    Reg	HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask																								  0x64 0x62 0x03 0x00 ...
    Reg	HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw																									  0x64 0x62 0x03 0x00 ...
    Reg	HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask																								  0x64 0x62 0x03 0x00 ...
    Reg	HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@Rw																									  0x64 0x62 0x03 0x00 ...
    Reg	HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@RwMask																								  0x64 0x62 0x03 0x00 ...
    Reg	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown																		  1
    Reg	HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Logo100																			  %USERPROFILE%\AppData\Local\Microsoft\Windows\Explorer\TileCacheLogo-4451000_100.dat
    Reg	HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Tickle80																			  %USERPROFILE%\AppData\Local\Microsoft\Windows\Explorer\TileCacheTickle-4450890_80.dat
    Reg	HKCU\Software\Microsoft\Windows\CurrentVersion\Store\RefreshBannedAppList@BannedAppsLastModified														0x00 0x72 0xDD 0x46 ...
     
    ---- EOF - GMER 2.1 ----
    
     
  3. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. Patryk

    Patryk TS Rookie Topic Starter

    Here is the HIjackthis log since dds tells me cannot run in compatibility mode I am running windows 8.1 BTW,

    [HJT log removed by Broni]
     
  5. Patryk

    Patryk TS Rookie Topic Starter

    Also I was able to use Winpatrol on windows 8.1 avast + a whole lot of anti virus programs are not compatible yet but most software works and windows 8.1 is just about same as far as kernel and all that goes I have a 64 bit version here is the log from winpatrol

    I know you do not read attachments but this one is very helpful in my case its winpatrol log and it exceeds posting limit
     

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    HJT is a very outdated tool and it's not used anymore.

    Did you run Malwarebytes?

    Did you try to run DDS normally?
     
  7. Patryk

    Patryk TS Rookie Topic Starter

    Yes it won't start at all I ran malwarebytes and shows clean but tdsskill showed 4 malicious services I delted them now it only shows one every reboot with diff #
     
  8. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Please re-read my rules, especially:
    If you don't stick to my rules I may close this topic.

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  9. Patryk

    Patryk TS Rookie Topic Starter

    I wanna paste the logs for both of .txt files however they are larger than the form field allows me to, what do you suggest ? I'm trying to go by your rules since Im desperate for proffesional help such as yours.
     
  10. Patryk

    Patryk TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
    Ran by ALPINO (administrator) on 31-07-2013 00:32:37
    Running from C:\Users\ALPINO\Desktop
    Windows 8.1 Preview (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal
    ==================== Processes (Whitelisted) =================
    (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (ASUSTek Computer Inc.) C:\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    (ASUS) C:\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe
    () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    () C:\WINDOWS\SysWOW64\PnkBstrA.exe
    (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
    (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
    (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    (ASUSTek Computer Inc.) C:\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (ASUSTek Computer Inc.) C:\ASUS\ATK Package\ATK Hotkey\SynptSync64.exe
    (ASUSTek Computer Inc.) C:\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTek Computer Inc.) C:\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-26] (Synaptics Incorporated)
    HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-04-08] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
    HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
    HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
    HKCU\...\Run: [Google Update] - C:\Users\ALPINO\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-27] (Google Inc.)
    HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [436800 2013-07-15] (BillP Studios)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
    AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
    SearchScopes: HKLM - DefaultScope value is missing.
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{1390ECB8-7172-4FF6-B6FD-EC9C2E02CA4D}: [NameServer]192.168.2.1
    Tcpip\..\Interfaces\{404684B1-3872-4AF7-B1E0-39C409862041}: [NameServer]192.168.2.1
    FireFox:
    ========
    FF ProfilePath: C:\Users\ALPINO\AppData\Roaming\Mozilla\Firefox\Profiles\snpnfi7z.default
    FF Homepage: https://www.google.com
    FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
    FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\ALPINO\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\ALPINO\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF Extension: No Name - C:\Users\ALPINO\AppData\Roaming\Mozilla\Firefox\Profiles\snpnfi7z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    FF Extension: No Name - C:\Users\ALPINO\AppData\Roaming\Mozilla\Firefox\Profiles\snpnfi7z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    Chrome:
    =======
    CHR RestoreOnStartup: "https://www.google.com/"
    CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    CHR Extension: (Google Drive) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
    CHR Extension: (Web Developer) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.3_0
    CHR Extension: (YouTube) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Google Search) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (Lamborghini Sesto Elemento Theme) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\dappigdjllcnkkoacaoolciaolaaiemb\1.0_0
    CHR Extension: (AdBlock) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0
    CHR Extension: (Pixlr Editor) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0
    CHR Extension: (StumbleUpon) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\5.7.11.1_0
    CHR Extension: (Google Voice (by Google)) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.1_0
    CHR Extension: (ShiftEdit) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij\1.39_0
    CHR Extension: (Grooveshark Downloader) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp\2.9.9_0
    CHR Extension: (Gmail) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
    CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
    CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    ==================== Services (Whitelisted) =================
    S3 AppReadiness; C:\Windows\system32\AppReadiness.dll [546304 2013-06-15] (Microsoft Corporation)
    S3 AppXSvc; C:\Windows\system32\appxdeploymentserver.dll [1249280 2013-06-15] (Microsoft Corporation)
    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe [917120 2010-10-28] ()
    R2 ASLDRService; C:\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [106880 2012-09-11] (ASUSTek Computer Inc.)
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
    R2 ATKGFNEXSrv; C:\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
    S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114176 2013-06-15] (Microsoft Corporation)
    S3 lfsvc; C:\Windows\System32\GeofenceMonitorService.dll [431104 2013-06-15] (Microsoft Corporation)
    R3 NcbService; C:\Windows\System32\ncbservice.dll [150016 2013-06-15] (Microsoft Corporation)
    S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
    R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-07-22] ()
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [129024 2013-06-15] (Microsoft Corporation)
    S3 smphost; C:\Windows\System32\smphost.dll [13312 2013-06-15] (Microsoft Corporation)
    S3 vmicguestinterface; C:\Windows\System32\ICSvc.dll [516096 2013-06-15] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [345336 2013-06-15] (Microsoft Corporation)
    S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [24576 2013-06-15] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-06-15] (Microsoft Corporation)
    S4 WiTopiaService; C:\Program Files\WiTopia\WiTopiaService.exe [63064 2013-05-02] (SparkLabs)
    R3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1292288 2013-06-15] (Microsoft Corporation)
    ==================== Drivers (Whitelisted) ====================
    S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [788240 2013-06-15] (PMC-Sierra)
    R1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [77312 2013-06-15] (Microsoft Corporation)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
    R2 ASMMAP64; C:\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
    R2 ASMMAP64; C:\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
    R1 ATKWMIACPIIO; C:\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
    R1 ATKWMIACPIIO; C:\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
    S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7323720 2012-12-19] (Broadcom Corporation)
    R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-07-21] (Disc Soft Ltd)
    S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [650736 2013-06-05] (Intel Corporation)
    S0 intelpep; C:\Windows\System32\drivers\intelpep.sys [37640 2013-06-15] (Microsoft Corporation)
    S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81672 2013-06-15] (LSI Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
    R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-06-15] (Microsoft Corporation)
    S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [88064 2013-06-15] (Microsoft Corporation)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
    S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [934152 2013-06-15] (Microsoft Corporation)
    S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [138752 2013-06-15] (Microsoft Corporation)
    S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [56584 2013-06-15] (Microsoft Corporation)
    S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [27912 2013-06-15] (Microsoft Corporation)
    S3 visctap0901; C:\Windows\system32\DRIVERS\visctap0901.sys [38344 2013-05-02] (The OpenVPN Project)
    R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [126216 2013-06-15] (Microsoft Corporation)
    S3 aswMBR; \??\C:\Users\ALPINO\AppData\Local\Temp\aswMBR.sys [x]
    U0 avc3;
    ==================== NetSvcs (Whitelisted) ===================
    ==================== One Month Created Files and Folders ========
    2013-07-31 00:26 - 2013-07-31 00:26 - 00000000 ____D C:\FRST
    2013-07-31 00:25 - 2013-07-31 00:25 - 01781589 _____ (Farbar) C:\Users\ALPINO\Desktop\FRST64.exe
    2013-07-31 00:00 - 2013-07-31 00:31 - 00003022 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
    2013-07-30 21:19 - 2013-07-30 21:29 - 00051474 _____ C:\WINDOWS\WindowsUpdate.log
    2013-07-30 21:03 - 2013-07-30 21:03 - 00000000 ____D C:\Users\ALPINO\Desktop\RealBench_v1.1
    2013-07-30 20:44 - 2013-07-30 20:44 - 00000000 ____D C:\Stinger_Quarantine
    2013-07-30 20:43 - 2013-07-30 21:12 - 00000000 ____D C:\Program Files\stinger
    2013-07-30 17:08 - 2013-07-30 17:08 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\WinPatrol
    2013-07-30 17:07 - 2013-07-30 17:07 - 00000000 ____D C:\ProgramData\InstallMate
    2013-07-30 17:07 - 2013-07-30 17:07 - 00000000 ____D C:\Program Files (x86)\BillP Studios
    2013-07-30 15:57 - 2013-07-30 16:06 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-07-30 13:42 - 2013-07-30 13:42 - 00000000 ____D C:\NvidiaLogging
    2013-07-30 13:42 - 2013-05-14 15:28 - 00039712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
    2013-07-30 13:42 - 2013-05-14 15:27 - 00029984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
    2013-07-30 13:42 - 2013-05-14 15:27 - 00028448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
    2013-07-30 11:58 - 2013-07-30 11:58 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
    2013-07-30 11:58 - 2013-07-30 11:58 - 00000000 ___HD C:\ProgramData\CanonBJ
    2013-07-30 11:58 - 2013-07-30 11:58 - 00000000 ___HD C:\Program Files\CanonBJ
    2013-07-30 11:58 - 2007-10-22 14:00 - 00269824 _____ (CANON INC.) C:\WINDOWS\system32\CNMLM97.DLL
    2013-07-30 05:29 - 2013-07-30 05:29 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Immunity Debugger
    2013-07-30 05:28 - 2013-07-30 05:28 - 00000000 ____D C:\Program Files (x86)\Immunity Inc
    2013-07-30 03:29 - 2013-07-30 03:29 - 00000000 ____D C:\Users\ALPINO\.ssh
    2013-07-30 03:24 - 2013-07-30 03:42 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\GitHub
    2013-07-30 03:24 - 2013-07-30 03:42 - 00000000 ____D C:\Users\ALPINO\AppData\Local\GitHub
    2013-07-30 03:24 - 2013-07-30 03:30 - 00000000 ____D C:\Users\ALPINO\Documents\GitHub
    2013-07-30 03:24 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
    2013-07-30 03:24 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Deployment
    2013-07-30 03:24 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Apps\2.0
    2013-07-30 02:25 - 2013-07-30 02:28 - 00000000 ____D C:\Users\ALPINO\Documents\Security
    2013-07-30 01:30 - 2013-07-30 21:15 - 00000000 ____D C:\WINDOWS\Minidump
    2013-07-29 05:52 - 2013-07-29 05:52 - 00000000 _____ C:\Users\ALPINO\Desktop\New Text Document.txt
    2013-07-29 04:58 - 1999-07-01 20:36 - 00162816 _____ C:\WINDOWS\wget.exe
    2013-07-29 04:52 - 2013-07-29 05:23 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Wireshark
    2013-07-29 04:50 - 2013-07-29 04:50 - 00000000 ____D C:\Program Files\Wireshark
    2013-07-29 04:50 - 2013-07-29 04:50 - 00000000 ____D C:\Program Files (x86)\WinPcap
    2013-07-29 04:22 - 2013-07-29 04:22 - 00000546 _____ C:\WINDOWS\SysWOW64\bufferpool.txt
    2013-07-29 04:07 - 2013-07-29 04:07 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
    2013-07-28 21:41 - 2013-07-28 21:41 - 00006966 _____ C:\Users\ALPINO\AppData\Local\recently-used.xbel
    2013-07-28 21:17 - 2013-07-28 21:38 - 00000000 ____D C:\Users\ALPINO\Downloads\Windows 7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA
    2013-07-27 18:00 - 2013-07-28 21:21 - 00000000 ____D C:\Users\ALPINO\Downloads\Red.Gate.Reflector.v7.5.2.1.Incl.Keygen-Lz0
    2013-07-27 17:35 - 2013-07-30 23:40 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001UA.job
    2013-07-27 17:35 - 2013-07-27 17:40 - 00000876 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001Core.job
    2013-07-27 17:35 - 2013-07-27 17:35 - 00003876 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001UA
    2013-07-27 17:35 - 2013-07-27 17:35 - 00003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001Core
    2013-07-27 17:35 - 2013-07-27 17:35 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
    2013-07-27 16:43 - 2013-07-27 17:46 - 00000000 ____D C:\Users\ALPINO\Downloads\Oblivion 2013 720p BRrip ac3 DiVERSiTY (MOTW)
    2013-07-27 16:28 - 2013-07-27 16:46 - 00000000 ____D C:\Users\ALPINO\Downloads\The Evil Dead (1981) [1080p]
    2013-07-27 15:26 - 2013-07-27 15:36 - 00000000 ____D C:\Users\ALPINO\Downloads\Evil.Dead.2013.1080p.BluRay.DTS.x264-PublicHD
    2013-07-26 01:51 - 2013-07-26 01:51 - 00000000 ____D C:\Users\ALPINO\Documents\Virtual Machines
    2013-07-26 01:48 - 2013-07-30 01:03 - 00000000 ____D C:\Users\ALPINO\AppData\Local\VMware
    2013-07-26 01:46 - 2013-07-30 01:06 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\VMware
    2013-07-25 22:49 - 2013-07-25 22:49 - 00000000 ____D C:\tools
    2013-07-25 22:48 - 2013-07-25 22:48 - 00000000 ____D C:\KFU
    2013-07-25 21:40 - 2013-07-28 21:21 - 00000000 ____D C:\WINDOWS\LastGood
    2013-07-25 21:38 - 2013-07-25 21:41 - 00000000 ____D C:\Users\ALPINO\.android
    2013-07-25 16:25 - 2013-07-25 17:15 - 1562378240 _____ C:\Users\ALPINO\Downloads\zorin-os-7-core-32.iso
    2013-07-25 16:23 - 2013-07-25 16:23 - 00000000 ____D C:\Program Files\Common Files\VMware
    2013-07-25 16:23 - 2013-02-26 02:29 - 00933968 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
    2013-07-25 16:23 - 2013-02-26 02:28 - 00436304 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
    2013-07-25 16:23 - 2013-02-26 02:28 - 00357456 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
    2013-07-25 16:23 - 2013-02-26 02:28 - 00067664 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
    2013-07-25 16:23 - 2013-02-26 02:28 - 00030800 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
    2013-07-25 16:23 - 2013-02-26 02:27 - 00033360 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\VMkbd.sys
    2013-07-25 16:23 - 2012-10-24 14:17 - 00070296 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
    2013-07-25 16:23 - 2012-10-24 14:17 - 00067224 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
    2013-07-25 16:23 - 2012-10-24 14:17 - 00063128 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll
    2013-07-25 16:23 - 2012-10-11 16:15 - 00052376 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
    2013-07-25 16:22 - 2013-07-30 21:13 - 00000000 ____D C:\ProgramData\VMware
    2013-07-25 16:22 - 2013-07-25 16:22 - 00000000 ____D C:\Program Files (x86)\VMware
    2013-07-25 16:19 - 2013-07-25 16:19 - 00000815 _____ C:\Users\Public\Desktop\WiTopia.lnk
    2013-07-25 16:19 - 2013-07-25 16:19 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\WiTopia
    2013-07-25 16:19 - 2013-07-25 16:19 - 00000000 ____D C:\Program Files\WiTopia
    2013-07-25 01:42 - 2013-07-25 01:45 - 00000000 ____D C:\Users\ALPINO\Downloads\Grown Ups 2 2013 READNFO TS XViD AC3-FREE
    2013-07-24 19:40 - 2013-07-24 19:40 - 00000000 ____D C:\Users\ALPINO\Desktop\GAMES
    2013-07-24 19:22 - 2013-07-29 01:03 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\NVIDIA
    2013-07-24 19:22 - 2013-07-24 19:22 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Logitech
    2013-07-24 19:22 - 2013-07-24 19:22 - 00000000 ____D C:\Program Files\Logitech Gaming Software
    2013-07-24 18:51 - 2013-07-24 18:51 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
    2013-07-24 18:49 - 2013-07-24 18:49 - 00000000 ____D C:\Users\ALPINO\Desktop\MSIAfterburnerSetup300Beta11
    2013-07-24 18:48 - 2013-07-24 18:48 - 15851608 _____ C:\Users\ALPINO\Desktop\MSIAfterburnerSetup300Beta11.zip
    2013-07-24 18:35 - 2013-07-24 18:35 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
    2013-07-24 18:34 - 2013-07-30 13:42 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2013-07-24 18:34 - 2013-07-25 16:29 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
    2013-07-24 18:34 - 2013-07-24 18:34 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2013-07-24 18:34 - 2013-07-13 21:17 - 00061216 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
    2013-07-24 18:34 - 2013-07-13 21:17 - 00053024 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 29335328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 25256224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 22100256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 13621504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 12880928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 11244320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
    2013-07-24 18:33 - 2013-07-13 21:17 - 09248072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 07694808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 07648000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 06329552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 02968352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 02789152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 02630304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 02007328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 02007328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 01882912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6432619.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6432619.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 00632096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 00603424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 00517408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 00515360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 00458528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
    2013-07-24 18:33 - 2013-07-13 21:17 - 00388384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
    2013-07-24 18:33 - 2013-06-16 08:38 - 00196384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
    2013-07-24 18:33 - 2013-06-16 08:38 - 00031520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
    2013-07-24 18:32 - 2013-07-30 19:19 - 00000000 ____D C:\ProgramData\NVIDIA
    2013-07-24 18:32 - 2013-07-30 13:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2013-07-24 18:32 - 2013-07-13 15:49 - 06598432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2013-07-24 18:32 - 2013-07-13 15:49 - 03447072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2013-07-24 18:32 - 2013-07-13 15:48 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2013-07-24 18:32 - 2013-07-13 15:48 - 00911136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    2013-07-24 18:32 - 2013-07-13 15:48 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2013-07-24 18:32 - 2013-07-13 15:48 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2013-07-24 18:17 - 2013-07-24 18:22 - 235150888 _____ (NVIDIA Corporation) C:\Users\ALPINO\Desktop\326.19-notebook-win8-win7-64bit-international-beta.exe
    2013-07-23 17:02 - 2013-07-12 00:46 - 22564864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2013-07-23 17:02 - 2013-07-11 23:37 - 16983552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2013-07-23 17:02 - 2013-07-11 22:34 - 04208128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
    2013-07-23 17:02 - 2013-07-11 22:23 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2013-07-23 17:02 - 2013-07-11 22:15 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2013-07-23 17:02 - 2013-07-09 00:10 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeXmlParser.dll
    2013-07-22 21:33 - 2013-07-22 21:33 - 00000000 ____D C:\.Trash-0
    2013-07-22 16:17 - 2013-07-22 16:29 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\ImgBurn
    2013-07-22 05:31 - 2013-07-30 21:09 - 00000000 ____D C:\Users\ALPINO\Desktop\DEVELOPMENT
    2013-07-22 05:12 - 2013-07-22 05:13 - 00000455 _____ C:\Users\ALPINO\Desktop\KALI LINUX NOTES.txt
    2013-07-22 02:55 - 2013-07-23 15:40 - 00000000 ___DC C:\WINDOWS\Panther
    2013-07-22 02:55 - 2013-07-22 02:55 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
    2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files\Synaptics
    2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files\Reference Assemblies
    2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files\MSBuild
    2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2013-07-22 02:51 - 2013-05-28 21:35 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2013-07-22 02:51 - 2013-05-28 21:35 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2013-07-22 02:51 - 2013-05-28 21:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2013-07-22 02:51 - 2013-05-28 21:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2013-07-22 02:51 - 2013-05-28 21:35 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2013-07-22 02:51 - 2013-05-28 21:35 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2013-07-22 02:50 - 2013-07-23 18:18 - 00000000 ____D C:\Recovery
    2013-07-22 02:50 - 2013-07-22 02:50 - 02208256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2013-07-22 02:50 - 2013-07-22 02:50 - 01788416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2013-07-22 02:50 - 2013-07-22 02:50 - 01538304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2013-07-22 02:50 - 2013-07-22 02:50 - 00395520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2013-07-22 01:22 - 2013-07-22 01:22 - 00177416 _____ C:\ProgramData\1374470482.bdinstall.bin
    2013-07-22 00:57 - 2013-07-22 01:05 - 00000000 ____D C:\Users\ALPINO\Documents\Battlefield 2
    2013-07-22 00:08 - 2013-07-22 01:35 - 00000000 ____D C:\Program Files (x86)\EA GAMES
    2013-07-21 23:37 - 2013-07-03 02:47 - 13506048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2013-07-21 23:37 - 2013-07-03 02:23 - 17929216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2013-07-21 23:37 - 2013-06-29 00:03 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
    2013-07-21 23:37 - 2013-06-28 23:09 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
    2013-07-21 23:37 - 2013-06-27 22:50 - 05636096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2013-07-21 23:37 - 2013-06-27 22:40 - 04246528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2013-07-21 23:37 - 2013-06-27 22:35 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2013-07-21 23:37 - 2013-06-27 22:27 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2013-07-21 23:37 - 2013-06-27 22:11 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2013-07-21 23:37 - 2013-06-27 21:55 - 00617472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2013-07-21 23:37 - 2013-06-27 21:54 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2013-07-21 23:37 - 2013-06-27 00:40 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
    2013-07-21 23:37 - 2013-06-27 00:16 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
    2013-07-21 23:37 - 2013-06-25 00:13 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2013-07-21 23:37 - 2013-06-24 23:50 - 11087872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2013-07-21 23:37 - 2013-06-21 05:57 - 00986440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2013-07-21 23:37 - 2013-06-21 05:57 - 00817504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2013-07-21 23:37 - 2013-06-21 05:57 - 00778264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2013-07-21 23:37 - 2013-06-21 05:57 - 00705936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2013-07-21 23:37 - 2013-06-21 03:27 - 00784408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2013-07-21 23:37 - 2013-06-21 03:27 - 00638256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2013-07-21 23:37 - 2013-06-21 03:27 - 00597992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2013-07-21 23:37 - 2013-06-21 03:27 - 00553056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2013-07-21 23:37 - 2013-06-20 02:59 - 12849152 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2013-07-21 23:37 - 2013-06-20 01:15 - 11428352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2013-07-21 23:37 - 2013-06-20 00:20 - 05914624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2013-07-21 23:37 - 2013-06-20 00:17 - 04016128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
    2013-07-21 23:35 - 2013-07-21 23:35 - 00078752 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
    2013-07-21 23:34 - 2013-07-21 23:34 - 00283064 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
    2013-07-21 23:29 - 2013-07-21 23:29 - 00421952 _____ C:\ProgramData\1374463289.bdinstall.bin
    2013-07-21 23:21 - 2013-07-22 01:22 - 00000000 ____D C:\Program Files\Bitdefender
    2013-07-21 23:09 - 2013-07-21 23:09 - 00001453 _____ C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2013-07-21 23:09 - 2013-07-21 23:09 - 00000020 ___SH C:\Users\ALPINO\ntuser.ini
    2013-07-21 23:06 - 2013-07-21 23:06 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
    2013-07-21 23:03 - 2013-07-30 21:17 - 00869556 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2013-07-21 23:01 - 2013-07-30 04:17 - 00000000 ____D C:\Users\ALPINO
     
  11. Patryk

    Patryk TS Rookie Topic Starter

    2013-07-21 23:01 - 2013-07-21 23:01 - 00000000 ___RD C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2013-07-21 23:01 - 2013-07-21 23:01 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ___RD C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ___RD C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2013-07-21 22:57 - 2013-07-21 23:06 - 00020958 _____ C:\WINDOWS\diagwrn.xml
    2013-07-21 22:57 - 2013-07-21 23:06 - 00020958 _____ C:\WINDOWS\diagerr.xml
    2013-07-21 22:56 - 2013-07-30 13:42 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2013-07-21 22:56 - 2013-07-21 22:56 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
    2013-07-21 22:56 - 2013-07-21 22:56 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
    2013-07-21 22:56 - 2013-07-21 22:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
    2013-07-21 22:56 - 2013-07-21 22:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
    2013-07-21 22:56 - 2013-07-21 22:56 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2013-07-21 22:56 - 2013-07-21 22:56 - 00000000 ____D C:\Program Files\Realtek
    2013-07-21 21:16 - 2013-07-21 21:41 - 2056960000 _____ C:\Users\ALPINO\Downloads\Battlefield 2.iso
    2013-07-21 21:08 - 2013-07-23 15:40 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\DAEMON Tools Lite
    2013-07-21 21:08 - 2013-07-21 23:34 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
    2013-07-21 21:08 - 2013-07-21 21:08 - 00564824 _____ (Duplex Secure Ltd.) C:\WINDOWS\system32\Drivers\sptd.sys
    2013-07-21 21:03 - 2013-07-21 23:34 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
    2013-07-21 19:54 - 2013-07-21 20:04 - 00000000 ____D C:\Users\ALPINO\AppData\Local\gtk-2.0
    2013-07-21 19:54 - 2013-07-21 19:54 - 00000000 ____D C:\Users\ALPINO\.thumbnails
    2013-07-21 19:53 - 2013-07-22 15:49 - 00000000 ____D C:\Users\ALPINO\.gimp-2.8
    2013-07-21 19:53 - 2013-07-21 19:53 - 00000000 ____D C:\Users\ALPINO\AppData\Local\gegl-0.2
    2013-07-21 19:52 - 2013-07-21 19:53 - 00000000 ____D C:\Program Files\GIMP 2
    2013-07-20 03:43 - 2013-07-20 03:43 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Wargaming.net
    2013-07-16 12:33 - 2013-07-16 12:40 - 00000041 _____ C:\Users\ALPINO\Desktop\FIOS.txt
    2013-07-15 01:16 - 2013-02-27 15:37 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
    2013-07-14 21:18 - 2013-07-14 21:18 - 00000000 ____D C:\Users\ALPINO\Documents\Arduino
    2013-07-14 21:18 - 2013-07-14 21:18 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Arduino
    2013-07-14 21:16 - 2013-07-14 21:16 - 00000000 ____D C:\Program Files (x86)\Arduino
    2013-07-13 15:24 - 2013-07-13 15:24 - 00571168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
    2013-07-12 03:56 - 2013-07-21 16:27 - 00089088 _____ C:\WINDOWS\system32\umstartup.etl
    2013-07-11 15:14 - 2013-07-28 21:06 - 00000000 ____D C:\Program Files\Common Files\WiTopia
    2013-07-11 15:13 - 2013-05-02 03:40 - 00038344 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\visctap0901.sys
    2013-07-11 14:43 - 2013-07-11 14:43 - 00001024 _____ C:\.rnd
    2013-07-10 02:55 - 2013-07-10 02:55 - 00000000 ____D C:\Python27
    2013-07-10 02:41 - 2013-07-10 02:41 - 00000000 ____D C:\dd
    2013-07-10 02:18 - 2013-07-10 02:18 - 00000000 ____D C:\Users\ALPINO\.idlerc
    2013-07-10 01:51 - 2013-07-10 11:40 - 00000000 ____D C:\MP3
    2013-07-10 01:51 - 2013-07-10 02:04 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Groovedown
    2013-07-10 01:51 - 2013-07-10 01:51 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Groovedown_Uninstall
    2013-07-09 20:44 - 2013-07-09 20:44 - 00000000 ____D C:\WINDOWS\system32\MRT
    2013-07-09 18:31 - 2013-02-27 11:17 - 06293504 ____N C:\G75VX.BIN
    2013-07-09 17:24 - 2013-01-29 04:35 - 01510176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
    2013-07-09 17:23 - 2013-07-13 21:17 - 15890648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
    2013-07-09 17:23 - 2013-07-13 21:17 - 15631064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
    2013-07-09 17:23 - 2013-07-13 21:17 - 02985648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
    2013-07-09 17:23 - 2013-07-13 21:17 - 00022581 _____ C:\WINDOWS\system32\nvinfo.pb
    2013-07-09 17:23 - 2013-06-21 08:06 - 01832224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6432049.dll
    2013-07-09 17:23 - 2013-06-21 08:06 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6432049.dll
    2013-07-09 17:17 - 2013-07-29 05:17 - 00000000 ____D C:\Program Files (x86)\Notepad++
    2013-07-09 17:17 - 2013-07-09 17:18 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Notepad++
    2013-07-09 17:17 - 2013-07-09 17:17 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
    2013-07-09 01:36 - 2013-07-09 01:36 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\ICSharpCode
    2013-07-09 01:33 - 2013-07-09 01:33 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Telerik
    2013-07-09 01:33 - 2013-07-09 01:33 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Telerik_AD
    2013-07-09 01:33 - 2013-07-09 01:33 - 00000000 ____D C:\Users\ALPINO\AppData\Local\IsolatedStorage
    2013-07-09 01:23 - 2013-07-09 01:23 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\JetBrains
    2013-07-09 01:23 - 2013-07-09 01:23 - 00000000 ____D C:\Users\ALPINO\AppData\Local\SymbolSourceSymbols
    2013-07-09 01:23 - 2013-07-09 01:23 - 00000000 ____D C:\Users\ALPINO\AppData\Local\RefSrcSymbols
    2013-07-09 01:23 - 2013-07-09 01:23 - 00000000 ____D C:\Users\ALPINO\AppData\Local\JetBrains
    2013-07-09 01:22 - 2013-07-09 01:22 - 00000000 ____D C:\Program Files (x86)\JetBrains
    2013-07-09 00:43 - 2013-07-30 16:49 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\vlc
    2013-07-09 00:43 - 2013-07-09 00:43 - 00001267 _____ C:\Users\ALPINO\Desktop\vlc.lnk
    2013-07-09 00:39 - 2013-06-11 10:21 - 00000000 ____D C:\Program Files\VLC
    2013-07-08 06:11 - 2013-07-30 19:42 - 00000000 ____D C:\ProgramData\Package Cache
    2013-07-08 06:11 - 2013-07-08 06:11 - 00000248 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    2013-07-08 06:11 - 2013-07-08 06:11 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
    2013-07-08 06:11 - 2013-07-08 06:11 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
    2013-07-08 06:11 - 2013-07-08 06:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
    2013-07-08 06:11 - 2013-07-08 06:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2013-07-08 06:11 - 2013-03-20 15:45 - 00016344 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelMEFWVer.dll
    2013-07-08 06:08 - 2013-07-30 19:42 - 00000000 ____D C:\Program Files (x86)\Intel
    2013-07-08 06:08 - 2013-07-08 06:11 - 00000000 ____D C:\uninstall
    2013-07-08 06:08 - 2013-07-08 06:08 - 00000000 ____D C:\Intel
    2013-07-08 05:09 - 2013-07-22 02:54 - 00015648 _____ C:\WINDOWS\system32\Drivers\nvflash.sys
    2013-07-08 04:14 - 2013-07-08 04:14 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Realmware
    2013-07-08 03:42 - 2013-07-08 03:42 - 00002774 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2013-07-08 03:42 - 2013-07-08 03:42 - 00000000 ____D C:\Program Files\CCleaner
    2013-07-08 02:50 - 2013-07-08 02:50 - 00000000 ____D C:\Program Files\CPUID
    2013-07-07 22:10 - 2013-07-07 22:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-07-02 23:10 - 2013-07-02 23:10 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
    2013-07-02 23:10 - 2013-07-02 23:10 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll
    2013-07-02 23:10 - 2013-07-02 23:10 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
    2013-07-02 23:10 - 2013-07-02 23:10 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
    2013-07-02 23:10 - 2013-07-02 23:10 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
    2013-07-02 23:10 - 2013-07-02 23:10 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2013-07-02 23:10 - 2013-07-02 23:10 - 00000000 ____D C:\ProgramData\Sun
    2013-07-02 23:10 - 2013-07-02 23:10 - 00000000 ____D C:\Program Files (x86)\Java
    2013-07-02 22:58 - 2013-07-31 00:31 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
    2013-07-02 22:58 - 2013-07-20 02:55 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
    2013-07-02 22:51 - 2013-07-07 20:51 - 00000000 ____D C:\Users\ALPINO\Heaven
    2013-07-02 22:50 - 2013-07-22 03:44 - 01065984 _____ C:\Users\ALPINO\AppData\Local\file__0.localstorage
    2013-07-02 22:49 - 2013-07-02 22:49 - 00000000 ____D C:\Program Files (x86)\Unigine
    ==================== One Month Modified Files and Folders =======
    2013-07-31 00:31 - 2013-07-31 00:00 - 00003022 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
    2013-07-31 00:31 - 2013-07-02 22:58 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
    2013-07-31 00:26 - 2013-07-31 00:26 - 00000000 ____D C:\FRST
    2013-07-31 00:25 - 2013-07-31 00:25 - 01781589 _____ (Farbar) C:\Users\ALPINO\Desktop\FRST64.exe
    2013-07-31 00:19 - 2013-06-02 14:04 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2013-07-31 00:00 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\system32\sru
    2013-07-30 23:58 - 2013-06-10 10:24 - 00290184 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
    2013-07-30 23:58 - 2013-06-10 09:22 - 00290184 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
    2013-07-30 23:58 - 2013-06-10 09:22 - 00280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
    2013-07-30 23:43 - 2013-06-07 12:03 - 00000000 ____D C:\Program Files (x86)\Origin
    2013-07-30 23:40 - 2013-07-27 17:35 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001UA.job
    2013-07-30 21:29 - 2013-07-30 21:19 - 00051474 _____ C:\WINDOWS\WindowsUpdate.log
    2013-07-30 21:29 - 2013-06-03 00:51 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1926566171-1257342452-1398987820-1001
    2013-07-30 21:19 - 2013-06-02 14:04 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2013-07-30 21:19 - 2013-06-02 14:04 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2013-07-30 21:17 - 2013-07-21 23:03 - 00869556 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2013-07-30 21:15 - 2013-07-30 01:30 - 00000000 ____D C:\WINDOWS\Minidump
    2013-07-30 21:13 - 2013-07-25 16:22 - 00000000 ____D C:\ProgramData\VMware
    2013-07-30 21:13 - 2013-06-16 00:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2013-07-30 21:12 - 2013-07-30 20:43 - 00000000 ____D C:\Program Files\stinger
    2013-07-30 21:12 - 2013-06-15 23:17 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2013-07-30 21:12 - 2013-06-03 01:05 - 00000000 ___RD C:\Users\ALPINO\Desktop\PROGS
    2013-07-30 21:09 - 2013-07-22 05:31 - 00000000 ____D C:\Users\ALPINO\Desktop\DEVELOPMENT
    2013-07-30 21:03 - 2013-07-30 21:03 - 00000000 ____D C:\Users\ALPINO\Desktop\RealBench_v1.1
    2013-07-30 20:44 - 2013-07-30 20:44 - 00000000 ____D C:\Stinger_Quarantine
    2013-07-30 19:42 - 2013-07-08 06:11 - 00000000 ____D C:\ProgramData\Package Cache
    2013-07-30 19:42 - 2013-07-08 06:08 - 00000000 ____D C:\Program Files (x86)\Intel
    2013-07-30 19:19 - 2013-07-24 18:32 - 00000000 ____D C:\ProgramData\NVIDIA
    2013-07-30 17:08 - 2013-07-30 17:08 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\WinPatrol
    2013-07-30 17:07 - 2013-07-30 17:07 - 00000000 ____D C:\ProgramData\InstallMate
    2013-07-30 17:07 - 2013-07-30 17:07 - 00000000 ____D C:\Program Files (x86)\BillP Studios
    2013-07-30 16:49 - 2013-07-09 00:43 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\vlc
    2013-07-30 16:06 - 2013-07-30 15:57 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-07-30 13:42 - 2013-07-30 13:42 - 00000000 ____D C:\NvidiaLogging
    2013-07-30 13:42 - 2013-07-24 18:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2013-07-30 13:42 - 2013-07-21 22:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2013-07-30 13:42 - 2013-06-10 08:51 - 00000000 ____D C:\Users\ALPINO\AppData\Local\NVIDIA
    2013-07-30 13:41 - 2013-07-24 18:32 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2013-07-30 12:31 - 2013-06-02 19:19 - 00000000 ____D C:\Users\ALPINO\AppData\Local\VirtualStore
    2013-07-30 11:58 - 2013-07-30 11:58 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
    2013-07-30 11:58 - 2013-07-30 11:58 - 00000000 ___HD C:\ProgramData\CanonBJ
    2013-07-30 11:58 - 2013-07-30 11:58 - 00000000 ___HD C:\Program Files\CanonBJ
    2013-07-30 05:29 - 2013-07-30 05:29 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Immunity Debugger
    2013-07-30 05:28 - 2013-07-30 05:28 - 00000000 ____D C:\Program Files (x86)\Immunity Inc
    2013-07-30 04:17 - 2013-07-21 23:01 - 00000000 ____D C:\Users\ALPINO
    2013-07-30 03:42 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\GitHub
    2013-07-30 03:42 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\AppData\Local\GitHub
    2013-07-30 03:30 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\Documents\GitHub
    2013-07-30 03:29 - 2013-07-30 03:29 - 00000000 ____D C:\Users\ALPINO\.ssh
    2013-07-30 03:24 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
    2013-07-30 03:24 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Deployment
    2013-07-30 03:24 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Apps\2.0
    2013-07-30 02:28 - 2013-07-30 02:25 - 00000000 ____D C:\Users\ALPINO\Documents\Security
    2013-07-30 01:06 - 2013-07-26 01:46 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\VMware
    2013-07-30 01:03 - 2013-07-26 01:48 - 00000000 ____D C:\Users\ALPINO\AppData\Local\VMware
    2013-07-29 05:52 - 2013-07-29 05:52 - 00000000 _____ C:\Users\ALPINO\Desktop\New Text Document.txt
    2013-07-29 05:33 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\system32\NDF
    2013-07-29 05:23 - 2013-07-29 04:52 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Wireshark
    2013-07-29 05:17 - 2013-07-09 17:17 - 00000000 ____D C:\Program Files (x86)\Notepad++
    2013-07-29 04:50 - 2013-07-29 04:50 - 00000000 ____D C:\Program Files\Wireshark
    2013-07-29 04:50 - 2013-07-29 04:50 - 00000000 ____D C:\Program Files (x86)\WinPcap
    2013-07-29 04:22 - 2013-07-29 04:22 - 00000546 _____ C:\WINDOWS\SysWOW64\bufferpool.txt
    2013-07-29 04:07 - 2013-07-29 04:07 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
    2013-07-29 04:07 - 2013-06-03 01:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-07-29 01:03 - 2013-07-24 19:22 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\NVIDIA
    2013-07-29 00:04 - 2013-06-10 08:29 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\foobar2000
    2013-07-28 21:41 - 2013-07-28 21:41 - 00006966 _____ C:\Users\ALPINO\AppData\Local\recently-used.xbel
    2013-07-28 21:41 - 2013-06-10 05:38 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\deluge
    2013-07-28 21:38 - 2013-07-28 21:17 - 00000000 ____D C:\Users\ALPINO\Downloads\Windows 7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA
    2013-07-28 21:21 - 2013-07-27 18:00 - 00000000 ____D C:\Users\ALPINO\Downloads\Red.Gate.Reflector.v7.5.2.1.Incl.Keygen-Lz0
    2013-07-28 21:21 - 2013-07-25 21:40 - 00000000 ____D C:\WINDOWS\LastGood
    2013-07-28 21:06 - 2013-07-11 15:14 - 00000000 ____D C:\Program Files\Common Files\WiTopia
    2013-07-27 17:46 - 2013-07-27 16:43 - 00000000 ____D C:\Users\ALPINO\Downloads\Oblivion 2013 720p BRrip ac3 DiVERSiTY (MOTW)
    2013-07-27 17:40 - 2013-07-27 17:35 - 00000876 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001Core.job
    2013-07-27 17:35 - 2013-07-27 17:35 - 00003876 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001UA
    2013-07-27 17:35 - 2013-07-27 17:35 - 00003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001Core
    2013-07-27 17:35 - 2013-07-27 17:35 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
    2013-07-27 17:35 - 2013-06-02 14:04 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Google
    2013-07-27 17:30 - 2013-06-03 01:06 - 00000000 ____D C:\PICTUREZ
    2013-07-27 16:46 - 2013-07-27 16:28 - 00000000 ____D C:\Users\ALPINO\Downloads\The Evil Dead (1981) [1080p]
    2013-07-27 15:36 - 2013-07-27 15:26 - 00000000 ____D C:\Users\ALPINO\Downloads\Evil.Dead.2013.1080p.BluRay.DTS.x264-PublicHD
    2013-07-26 01:51 - 2013-07-26 01:51 - 00000000 ____D C:\Users\ALPINO\Documents\Virtual Machines
    2013-07-25 22:49 - 2013-07-25 22:49 - 00000000 ____D C:\tools
    2013-07-25 22:48 - 2013-07-25 22:48 - 00000000 ____D C:\KFU
    2013-07-25 21:41 - 2013-07-25 21:38 - 00000000 ____D C:\Users\ALPINO\.android
    2013-07-25 17:15 - 2013-07-25 16:25 - 1562378240 _____ C:\Users\ALPINO\Downloads\zorin-os-7-core-32.iso
    2013-07-25 16:29 - 2013-07-24 18:34 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
    2013-07-25 16:29 - 2013-06-02 15:00 - 00000000 ____D C:\Users\ALPINO\Desktop\ANTI MALWARE
    2013-07-25 16:23 - 2013-07-25 16:23 - 00000000 ____D C:\Program Files\Common Files\VMware
    2013-07-25 16:23 - 2013-06-03 01:53 - 00883630 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
    2013-07-25 16:22 - 2013-07-25 16:22 - 00000000 ____D C:\Program Files (x86)\VMware
    2013-07-25 16:19 - 2013-07-25 16:19 - 00000815 _____ C:\Users\Public\Desktop\WiTopia.lnk
    2013-07-25 16:19 - 2013-07-25 16:19 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\WiTopia
    2013-07-25 16:19 - 2013-07-25 16:19 - 00000000 ____D C:\Program Files\WiTopia
    2013-07-25 01:45 - 2013-07-25 01:42 - 00000000 ____D C:\Users\ALPINO\Downloads\Grown Ups 2 2013 READNFO TS XViD AC3-FREE
    2013-07-24 19:40 - 2013-07-24 19:40 - 00000000 ____D C:\Users\ALPINO\Desktop\GAMES
    2013-07-24 19:22 - 2013-07-24 19:22 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Logitech
    2013-07-24 19:22 - 2013-07-24 19:22 - 00000000 ____D C:\Program Files\Logitech Gaming Software
    2013-07-24 19:22 - 2013-06-12 15:38 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Logishrd
    2013-07-24 18:51 - 2013-07-24 18:51 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
    2013-07-24 18:49 - 2013-07-24 18:49 - 00000000 ____D C:\Users\ALPINO\Desktop\MSIAfterburnerSetup300Beta11
    2013-07-24 18:48 - 2013-07-24 18:48 - 15851608 _____ C:\Users\ALPINO\Desktop\MSIAfterburnerSetup300Beta11.zip
    2013-07-24 18:35 - 2013-07-24 18:35 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
    2013-07-24 18:34 - 2013-07-24 18:34 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2013-07-24 18:32 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\Help
    2013-07-24 18:22 - 2013-07-24 18:17 - 235150888 _____ (NVIDIA Corporation) C:\Users\ALPINO\Desktop\326.19-notebook-win8-win7-64bit-international-beta.exe
    2013-07-24 17:39 - 2013-06-04 03:09 - 00000000 ____D C:\Program Files (x86)\EVGA Precision X
    2013-07-24 17:38 - 2013-06-04 03:10 - 00003022 _____ C:\WINDOWS\System32\Tasks\EVGAPrecision
    2013-07-24 17:31 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\AppReadiness
    2013-07-24 17:25 - 2013-06-30 02:34 - 00000000 ____D C:\Program Files (x86)\ASUS
    2013-07-24 15:24 - 2013-06-02 19:19 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Packages
    2013-07-24 06:12 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\rescache
    2013-07-23 22:05 - 2012-07-26 01:37 - 00000000 ____D C:\Users\Default.migrated
    2013-07-23 18:18 - 2013-07-22 02:50 - 00000000 ____D C:\Recovery
    2013-07-23 15:40 - 2013-07-22 02:55 - 00000000 ___DC C:\WINDOWS\Panther
    2013-07-23 15:40 - 2013-07-21 21:08 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\DAEMON Tools Lite
    2013-07-22 21:33 - 2013-07-22 21:33 - 00000000 ____D C:\.Trash-0
    2013-07-22 16:29 - 2013-07-22 16:17 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\ImgBurn
    2013-07-22 16:12 - 2013-06-02 19:19 - 00000000 ___RD C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2013-07-22 15:49 - 2013-07-21 19:53 - 00000000 ____D C:\Users\ALPINO\.gimp-2.8
    2013-07-22 05:13 - 2013-07-22 05:12 - 00000455 _____ C:\Users\ALPINO\Desktop\KALI LINUX NOTES.txt
    2013-07-22 03:50 - 2013-06-02 19:19 - 00000000 ____D C:\ProgramData\PRICache
    2013-07-22 03:44 - 2013-07-02 22:50 - 01065984 _____ C:\Users\ALPINO\AppData\Local\file__0.localstorage
    2013-07-22 02:55 - 2013-07-22 02:55 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
    2013-07-22 02:55 - 2013-06-16 01:37 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
    2013-07-22 02:54 - 2013-07-08 05:09 - 00015648 _____ C:\WINDOWS\system32\Drivers\nvflash.sys
    2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files\Synaptics
    2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files\Reference Assemblies
    2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files\MSBuild
    2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2013-07-22 02:50 - 2013-07-22 02:50 - 02208256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2013-07-22 02:50 - 2013-07-22 02:50 - 01788416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2013-07-22 02:50 - 2013-07-22 02:50 - 01538304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2013-07-22 02:50 - 2013-07-22 02:50 - 00395520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2013-07-22 02:12 - 2013-06-10 09:22 - 00076888 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
    2013-07-22 01:35 - 2013-07-22 00:08 - 00000000 ____D C:\Program Files (x86)\EA GAMES
    2013-07-22 01:22 - 2013-07-22 01:22 - 00177416 _____ C:\ProgramData\1374470482.bdinstall.bin
    2013-07-22 01:22 - 2013-07-21 23:21 - 00000000 ____D C:\Program Files\Bitdefender
    2013-07-22 01:22 - 2013-06-03 00:59 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2013-07-22 01:22 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
    2013-07-22 01:13 - 2013-06-08 09:07 - 00000000 ____D C:\Users\ALPINO\Desktop\Pat
    2013-07-22 01:05 - 2013-07-22 00:57 - 00000000 ____D C:\Users\ALPINO\Documents\Battlefield 2
    2013-07-22 01:05 - 2013-06-10 10:24 - 00000000 ____D C:\Users\ALPINO\AppData\Local\PunkBuster
    2013-07-22 00:16 - 2013-06-15 23:17 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
    2013-07-22 00:13 - 2013-06-07 12:10 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Origin
    2013-07-22 00:13 - 2013-06-07 12:10 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Origin
    2013-07-22 00:11 - 2013-06-16 01:37 - 00000000 ___RD C:\WINDOWS\ToastData
    2013-07-21 23:53 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\WinStore
    2013-07-21 23:35 - 2013-07-21 23:35 - 00078752 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
    2013-07-21 23:34 - 2013-07-21 23:34 - 00283064 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
    2013-07-21 23:34 - 2013-07-21 21:08 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
    2013-07-21 23:34 - 2013-07-21 21:03 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
    2013-07-21 23:29 - 2013-07-21 23:29 - 00421952 _____ C:\ProgramData\1374463289.bdinstall.bin
    2013-07-21 23:09 - 2013-07-21 23:09 - 00001453 _____ C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2013-07-21 23:09 - 2013-07-21 23:09 - 00000020 ___SH C:\Users\ALPINO\ntuser.ini
    2013-07-21 23:09 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\system32\restore
    2013-07-21 23:09 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\FileManager
    2013-07-21 23:09 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\Camera
    2013-07-21 23:09 - 2013-06-02 19:19 - 00000000 ___RD C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2013-07-21 23:07 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\Registration
    2013-07-21 23:06 - 2013-07-21 23:06 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
    2013-07-21 23:06 - 2013-07-21 22:57 - 00020958 _____ C:\WINDOWS\diagwrn.xml
    2013-07-21 23:06 - 2013-07-21 22:57 - 00020958 _____ C:\WINDOWS\diagerr.xml
    2013-07-21 23:06 - 2013-06-16 01:37 - 00000000 __RSD C:\WINDOWS\Media
    2013-07-21 23:06 - 2013-06-16 01:37 - 00000000 __RHD C:\Users\Public\Libraries
    2013-07-21 23:02 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\tracing
    2013-07-21 23:01 - 2013-07-21 23:01 - 00000000 ___RD C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2013-07-21 23:01 - 2013-07-21 23:01 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2013-07-21 23:01 - 2013-06-16 04:31 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
    2013-07-21 23:01 - 2013-06-16 04:31 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
    2013-07-21 23:01 - 2013-06-16 04:31 - 00000000 ____D C:\WINDOWS\system32\WCN
    2013-07-21 23:01 - 2013-06-16 01:40 - 00000000 ____D C:\WINDOWS\DigitalLocker
    2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 __SHD C:\Program Files\Windows Sidebar
    2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
    2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
    2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
    2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
    2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\system32\spool
    2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\system32\Recovery
    2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\system32\MUI
    2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\system32\IME
    2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2013-07-21 23:01 - 2013-06-15 23:28 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
    2013-07-21 23:01 - 2013-06-10 08:48 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfraRecorder
    2013-07-21 23:01 - 2013-06-06 01:50 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Newsbin6
    2013-07-21 22:57 - 2013-06-15 23:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2013-07-21 22:56 - 2013-07-21 22:56 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
    2013-07-21 22:56 - 2013-07-21 22:56 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
    2013-07-21 22:56 - 2013-07-21 22:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
    2013-07-21 22:56 - 2013-07-21 22:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
    2013-07-21 22:56 - 2013-07-21 22:56 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2013-07-21 22:56 - 2013-07-21 22:56 - 00000000 ____D C:\Program Files\Realtek
    2013-07-21 22:56 - 2013-06-15 23:28 - 00000000 __RHD C:\Users\Default
    2013-07-21 21:41 - 2013-07-21 21:16 - 2056960000 _____ C:\Users\ALPINO\Downloads\Battlefield 2.iso
    2013-07-21 21:08 - 2013-07-21 21:08 - 00564824 _____ (Duplex Secure Ltd.) C:\WINDOWS\system32\Drivers\sptd.sys
    2013-07-21 20:04 - 2013-07-21 19:54 - 00000000 ____D C:\Users\ALPINO\AppData\Local\gtk-2.0
    2013-07-21 19:54 - 2013-07-21 19:54 - 00000000 ____D C:\Users\ALPINO\.thumbnails
    2013-07-21 19:53 - 2013-07-21 19:53 - 00000000 ____D C:\Users\ALPINO\AppData\Local\gegl-0.2
    2013-07-21 19:53 - 2013-07-21 19:52 - 00000000 ____D C:\Program Files\GIMP 2
    2013-07-21 16:27 - 2013-07-12 03:56 - 00089088 _____ C:\WINDOWS\system32\umstartup.etl
    2013-07-20 03:43 - 2013-07-20 03:43 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Wargaming.net
    2013-07-20 02:55 - 2013-07-02 22:58 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
    2013-07-20 02:55 - 2013-06-03 03:20 - 00000000 ____D C:\Games
    2013-07-16 12:40 - 2013-07-16 12:33 - 00000041 _____ C:\Users\ALPINO\Desktop\FIOS.txt
    2013-07-14 21:18 - 2013-07-14 21:18 - 00000000 ____D C:\Users\ALPINO\Documents\Arduino
    2013-07-14 21:18 - 2013-07-14 21:18 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Arduino
    2013-07-14 21:16 - 2013-07-14 21:16 - 00000000 ____D C:\Program Files (x86)\Arduino
    2013-07-14 21:14 - 2013-06-02 14:04 - 00003886 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2013-07-14 21:14 - 2013-06-02 14:04 - 00003650 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2013-07-13 21:17 - 2013-07-24 18:34 - 00061216 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
    2013-07-13 21:17 - 2013-07-24 18:34 - 00053024 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 29335328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 25256224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 22100256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 13621504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 12880928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 11244320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
    2013-07-13 21:17 - 2013-07-24 18:33 - 09248072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 07694808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 07648000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 06329552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 02968352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 02789152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 02630304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 02007328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 02007328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 01882912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6432619.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6432619.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 00632096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 00603424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 00517408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 00515360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 00458528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
    2013-07-13 21:17 - 2013-07-24 18:33 - 00388384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
    2013-07-13 21:17 - 2013-07-09 17:23 - 15890648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
    2013-07-13 21:17 - 2013-07-09 17:23 - 15631064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
    2013-07-13 21:17 - 2013-07-09 17:23 - 02985648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
    2013-07-13 21:17 - 2013-07-09 17:23 - 00022581 _____ C:\WINDOWS\system32\nvinfo.pb
    2013-07-13 15:49 - 2013-07-24 18:32 - 06598432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2013-07-13 15:49 - 2013-07-24 18:32 - 03447072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2013-07-13 15:48 - 2013-07-24 18:32 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2013-07-13 15:48 - 2013-07-24 18:32 - 00911136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    2013-07-13 15:48 - 2013-07-24 18:32 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2013-07-13 15:48 - 2013-07-24 18:32 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2013-07-13 15:24 - 2013-07-13 15:24 - 00571168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
    2013-07-12 00:46 - 2013-07-23 17:02 - 22564864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2013-07-11 23:37 - 2013-07-23 17:02 - 16983552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2013-07-11 22:34 - 2013-07-23 17:02 - 04208128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
    2013-07-11 22:23 - 2013-07-23 17:02 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2013-07-11 22:15 - 2013-07-23 17:02 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2013-07-11 14:43 - 2013-07-11 14:43 - 00001024 _____ C:\.rnd
    2013-07-10 11:40 - 2013-07-10 01:51 - 00000000 ____D C:\MP3
    2013-07-10 02:55 - 2013-07-10 02:55 - 00000000 ____D C:\Python27
    2013-07-10 02:41 - 2013-07-10 02:41 - 00000000 ____D C:\dd
    2013-07-10 02:18 - 2013-07-10 02:18 - 00000000 ____D C:\Users\ALPINO\.idlerc
    2013-07-10 02:04 - 2013-07-10 01:51 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Groovedown
    2013-07-10 01:51 - 2013-07-10 01:51 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Groovedown_Uninstall
    2013-07-09 20:44 - 2013-07-09 20:44 - 00000000 ____D C:\WINDOWS\system32\MRT
    2013-07-09 18:36 - 2013-06-04 02:55 - 00000000 ____D C:\ASUS
    2013-07-09 17:18 - 2013-07-09 17:17 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Notepad++
    2013-07-09 17:17 - 2013-07-09 17:17 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
    2013-07-09 01:36 - 2013-07-09 01:36 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\ICSharpCode
    2013-07-09 01:33 - 2013-07-09 01:33 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Telerik
    2013-07-09 01:33 - 2013-07-09 01:33 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Telerik_AD
    2013-07-09 01:33 - 2013-07-09 01:33 - 00000000 ____D C:\Users\ALPINO\AppData\Local\IsolatedStorage
    2013-07-09 01:23 - 2013-07-09 01:23 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\JetBrains
    2013-07-09 01:23 - 2013-07-09 01:23 - 00000000 ____D C:\Users\ALPINO\AppData\Local\SymbolSourceSymbols
    2013-07-09 01:23 - 2013-07-09 01:23 - 00000000 ____D C:\Users\ALPINO\AppData\Local\RefSrcSymbols
    2013-07-09 01:23 - 2013-07-09 01:23 - 00000000 ____D C:\Users\ALPINO\AppData\Local\JetBrains
    2013-07-09 01:22 - 2013-07-09 01:22 - 00000000 ____D C:\Program Files (x86)\JetBrains
    2013-07-09 00:50 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
    2013-07-09 00:43 - 2013-07-09 00:43 - 00001267 _____ C:\Users\ALPINO\Desktop\vlc.lnk
    2013-07-09 00:10 - 2013-07-23 17:02 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeXmlParser.dll
    2013-07-08 06:11 - 2013-07-08 06:11 - 00000248 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    2013-07-08 06:11 - 2013-07-08 06:11 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
    2013-07-08 06:11 - 2013-07-08 06:11 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
    2013-07-08 06:11 - 2013-07-08 06:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
    2013-07-08 06:11 - 2013-07-08 06:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2013-07-08 06:11 - 2013-07-08 06:08 - 00000000 ____D C:\uninstall
    2013-07-08 06:11 - 2013-06-03 01:53 - 00000000 ____D C:\ProgramData\Intel
    2013-07-08 06:08 - 2013-07-08 06:08 - 00000000 ____D C:\Intel
    2013-07-08 04:14 - 2013-07-08 04:14 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Realmware
    2013-07-08 03:42 - 2013-07-08 03:42 - 00002774 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2013-07-08 03:42 - 2013-07-08 03:42 - 00000000 ____D C:\Program Files\CCleaner
    2013-07-08 02:50 - 2013-07-08 02:50 - 00000000 ____D C:\Program Files\CPUID
    2013-07-08 01:11 - 2013-06-03 01:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-07-07 22:10 - 2013-07-07 22:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-07-07 20:51 - 2013-07-02 22:51 - 00000000 ____D C:\Users\ALPINO\Heaven
    2013-07-03 02:47 - 2013-07-21 23:37 - 13506048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2013-07-03 02:23 - 2013-07-21 23:37 - 17929216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2013-07-02 23:10 - 2013-07-02 23:10 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
    2013-07-02 23:10 - 2013-07-02 23:10 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll
    2013-07-02 23:10 - 2013-07-02 23:10 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
    2013-07-02 23:10 - 2013-07-02 23:10 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
    2013-07-02 23:10 - 2013-07-02 23:10 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
    2013-07-02 23:10 - 2013-07-02 23:10 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2013-07-02 23:10 - 2013-07-02 23:10 - 00000000 ____D C:\ProgramData\Sun
    2013-07-02 23:10 - 2013-07-02 23:10 - 00000000 ____D C:\Program Files (x86)\Java
    2013-07-02 22:53 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2013-07-02 22:49 - 2013-07-02 22:49 - 00000000 ____D C:\Program Files (x86)\Unigine
    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe
    [2013-06-15 18:48] - [2013-06-15 18:48] - 0558080 ____A (Microsoft Corporation) DEB887EA2EBEDF01644A200B4BDB181B
    C:\Windows\System32\wininit.exe
    [2013-06-15 18:52] - [2013-06-15 18:52] - 0145408 ____A (Microsoft Corporation) CACA6578AF9C48C29D7BF6AEFAF00599
    C:\Windows\explorer.exe
    [2013-06-15 18:01] - [2013-06-15 22:25] - 2254384 ____A (Microsoft Corporation) 2CF1204E913AEA5A492D89C153F3345E
    C:\Windows\SysWOW64\explorer.exe
    [2013-06-15 17:33] - [2013-06-15 21:33] - 2009104 ____A (Microsoft Corporation) 253252BBC9E61728986CB54261F8AECD
    C:\Windows\System32\svchost.exe
    [2013-06-15 18:48] - [2013-06-15 22:30] - 0037768 ____A (Microsoft Corporation) F7191317F1CD10F35DC74E24C1B71E06
    C:\Windows\SysWOW64\svchost.exe
    [2013-06-15 18:07] - [2013-06-15 21:38] - 0031552 ____A (Microsoft Corporation) D9F8FA4911FBF85919BA17FFE5B34430
    C:\Windows\System32\services.exe
    [2013-06-15 23:17] - [2013-06-15 23:17] - 0403408 ____A (Microsoft Corporation) 258527780FC8FFCF0A29F7455073C529
    C:\Windows\System32\User32.dll
    [2013-06-15 18:50] - [2013-06-15 22:25] - 1513264 ____A (Microsoft Corporation) 42F67E93E2C853A915E73F3A4645E3C9
    C:\Windows\SysWOW64\User32.dll
    [2013-06-15 18:10] - [2013-06-15 18:10] - 1359360 ____A (Microsoft Corporation) FCDCDEFD5A8BA26FDCD950607162339C
    C:\Windows\System32\userinit.exe
    [2013-06-15 18:56] - [2013-06-15 18:56] - 0025088 ____A (Microsoft Corporation) 166CB1E28BED6196B5030E91AD932998
    C:\Windows\SysWOW64\userinit.exe
    [2013-06-15 18:13] - [2013-06-15 18:13] - 0021504 ____A (Microsoft Corporation) 7AFC7764F71DBB1BC5A60EE67FE94C70
    C:\Windows\System32\Drivers\volsnap.sys
    [2013-06-15 20:36] - [2013-06-15 22:26] - 0312072 ___AC (Microsoft Corporation) 9365B092503F8B0B6C724D1A8E4433D4
    LastRegBack: 2013-07-21 22:56
    ==================== End Of Log ============================
     
     
  12. Patryk

    Patryk TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
    Ran by ALPINO at 2013-07-31 00:33:00
    Running from C:\Users\ALPINO\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Installed Programs =======================


    7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
    Arduino (x32 Version: 1.0.5)
    ATK Package (x32 Version: 1.0.0023)
    Battlefield 2(TM) (x32)
    Battlefield 3™ (x32 Version: 1.6.0.0)
    Canon iP2600 series
    CPUID ROG CPU-Z 1.61.3 (Version: 1.61.3)
    DAEMON Tools Lite (x32 Version: 4.47.1.0335)
    Deluge 1.3.6 (x32)
    eaner (Version: 4.03)
    eReg (x32 Version: 1.20.138.34)
    ESN Sonar (x32 Version: 0.70.4)
    foobar2000 v1.2.6 (x32 Version: 1.2.6)
    GIMP 2.8.6 (Version: 2.8.6)
    GitHub (HKCU Version: 1.0.52.0)
    Google Chrome (x32 Version: 28.0.1500.72)
    Google Update Helper (x32 Version: 1.3.21.153)
    HashTab 5.1.0.23 (Version: 5.1.0.23)
    Heaven Benchmark version 4.0 (x32 Version: 4.0)
    InfraRecorder 0.53 (x64 edition) (Version: 0.53.00.00)
    Intel(R) Management Engine Components (x32 Version: 9.5.0.1393)
    Intel(R) Rapid Storage Technology (Version: 12.5.0.1066)
    Java 7 Update 25 (x32 Version: 7.0.250)
    Java Auto Updater (x32 Version: 2.1.9.5)
    JetBrains dotPeek 1.0 (x32 Version: 1.0.0)
    Logitech Gaming Software (Version: 8.45.88)
    Logitech Gaming Software 8.46 (Version: 8.46.27)
    Logitech SetPoint 6.52 (Version: 6.52.74)
    Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
    Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
    Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
    Mozilla Maintenance Service (x32 Version: 22.0)
    MSI Afterburner 3.0.0 Beta 11 (x32 Version: 3.0.0 Beta 11)
    Music Manager (HKCU)
    Newsbin Pro (Version: 6.42)
    Notepad++ (x32 Version: 6.4.2)
    NVIDIA 3D Vision Driver 326.19 (Version: 326.19)
    NVIDIA Control Panel 326.19 (Version: 326.19)
    NVIDIA GeForce Experience 1.6 (Version: 1.6)
    NVIDIA Graphics Driver 326.19 (Version: 326.19)
    NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
    NVIDIA Install Application (Version: 2.1002.132.865)
    NVIDIA PhysX (x32 Version: 9.13.0604)
    NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604)
    NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2619)
    NVIDIA Update 7.2.17 (Version: 7.2.17)
    NVIDIA Update Components (Version: 7.2.17)
    NVIDIA Virtual Audio 1.2.1 (Version: 1.2.1)
    Origin (x32 Version: 9.2.1.4399)
    PunkBuster Services (x32 Version: 0.991)
    Python 2.7.5 (x32 Version: 2.7.5150)
    Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.17)
    Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
    SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0)
    SHIELD Streaming (Version: 1.05.19)
    SimCity™ (x32 Version: 1.0.0.0)
    Synaptics Pointing Device Driver (Version: 16.3.15.1)
    tools-windows (x32 Version: 9.2.3.1031769)
    VMware Player (Version: 5.0.2)
    VMware Player (x32 Version: 5.0.2)
    WinPatrol (Version: 28.5.2013.0)
    WinPcap 4.1.3 (x32 Version: 4.1.0.2980)
    Wireshark 1.10.1 (64-bit) (x32 Version: 1.10.1)
    WiTopia (Version: 2.1.1.0148)
    World of Tanks (x32)

    ==================== Restore Points =========================

    29-07-2013 08:07:46 Installed Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ether+e>
    30-07-2013 23:40:53 Intel Extreme Tuning Utility

    ==================== Hosts content: ==========================

    2013-06-15 23:17 - 2013-07-30 19:33 - 00000822 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {0394935B-5DBE-4826-9827-334B3886A3AD} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
    Task: {04950C4A-AAD2-4C2B-B40D-474AE7F62201} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
    Task: {04AA5D62-19A1-43B3-AB30-9540A5CC9741} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-06-15] (Microsoft Corporation)
    Task: {073FDA5A-800B-4E98-8425-B9B3D615313D} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
    Task: {07F6065F-F1B1-49CE-99F0-8ED089C93A22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
    Task: {08FE8991-7AC6-4095-9B19-95D1C29513DC} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-06-15] (Microsoft Corporation)
    Task: {0DB37CC8-500D-4B79-9B32-628AEE447A0A} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
    Task: {1102840F-2F0C-4014-A796-1BF59FE7E183} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1926566171-1257342452-1398987820-1001
    Task: {13097136-48B2-4B8E-884C-7B93C69E59A6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001Core => C:\Users\ALPINO\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-27] (Google Inc.)
    Task: {17C5AEF1-DB6E-43CF-9A6F-F925BDB9663B} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2013-06-15] (Microsoft Corporation)
    Task: {18E0D946-0CCB-4828-90F8-887725F96EF0} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
    Task: {1B2DE521-838A-4EFE-BA0F-BA9D7F8D9184} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2013-06-15] (Microsoft Corporation)
    Task: {1B72052E-3B8E-4CF5-BD31-55B1F1305A6F} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
    Task: {1EE4A503-EE28-4FE6-AA54-2E1172E6A479} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
    Task: {20D957C4-243C-4C5A-853C-266B6FD22992} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-02] (Google Inc.)
    Task: {2905FCF5-09F4-4A5F-9AB4-2B340202B54E} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2013-07-15] ()
    Task: {29194692-B244-4E2B-AA03-2336DF8C57BD} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
    Task: {2B1BC8B2-20B5-4149-B8CE-9ABE5BE6908C} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
    Task: {2BA0A72E-7E9C-4228-84E8-F9CD234F65A6} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
    Task: {2BB942FB-9EEC-4B09-96C6-A6750A67CBBE} - System32\Tasks\Microsoft\Windows\WS\WSTask
    Task: {2C249E3B-3524-4079-8FB8-364946A90F05} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
    Task: {2FC98F63-CE89-4528-9DC1-4ECD3FE8D693} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
    Task: {3047B310-66E4-4680-BE7D-CA89BF8F3446} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
    Task: {3335687C-14A4-4039-B734-BEFE9B59E27C} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-15] (Microsoft Corporation)
    Task: {3AD92515-9126-4AD6-AAB8-8DA8A3DF4D97} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
    Task: {3DF8EE62-E164-4398-BD73-65AA7DF1CDC6} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
    Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe No File
    Task: {41458A76-CA8F-40EE-A24E-4E1C65934B1F} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2013-06-15] (Microsoft Corporation)
    Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
    Task: {4D113265-418B-45EF-A8AA-9D5590E69053} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
    Task: {533B55E2-5676-4162-8943-E1F0B1A1EC54} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
    Task: {58135C79-42C7-448D-8BE1-A4E7C1068EF8} - System32\Tasks\Microsoft\Windows\AppReadiness\TriggerTask
    Task: {6309A99F-3DFA-4297-8C95-A1AD7D712FDD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-06-15] (Microsoft Corporation)
    Task: {6333B11A-D2DA-40EF-8B8C-F96D8C049FA3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
    Task: {70DD051C-5FE1-4364-B2D0-C63C90B9B550} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2013-06-15] (Microsoft Corporation)
    Task: {72FFFA2E-C2DB-4E38-B85D-7E4B8FE18649} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
    Task: {73AE7550-FE70-4A2D-9FAC-E887225204C7} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
    Task: {77F32B49-9D7F-40F7-A8C7-27ACC491FBBD} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
    Task: {78AF792E-16E1-404F-8B62-9C347A39E4AD} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-02-26] (Synaptics Incorporated)
    Task: {7DD38FB8-B4EA-475F-AD7D-91F92F43975C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2013-06-15] (Microsoft Corporation)
    Task: {7EE9CFF0-8992-4B4E-B315-A05907C1FD56} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
    Task: {81E853F7-6BE3-4F83-ADB6-6341CA65657E} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
    Task: {86DB582D-59EB-448C-B819-4A8A60D87252} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2013-06-15] (Microsoft Corporation)
    Task: {872B7413-91E4-495A-A143-AB9C6C7A7627} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
    Task: {89BAF0B4-4897-4A62-97C2-1FE51EAECCF4} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
    Task: {8B700344-4A5E-47F6-8AE4-FD2A75744BF5} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
    Task: {910703EE-4DE6-4733-AB53-D5BD7AC596B0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001UA => C:\Users\ALPINO\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-27] (Google Inc.)
    Task: {932C9519-5ED3-4461-8E70-13C5D39F2CAD} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
    Task: {9958ABF2-4E33-47F8-8E43-DD3554FEC04B} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
    Task: {9EF5DF04-7A3F-4931-933A-44A80D834D19} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
    Task: {A5B60A69-3373-45E3-A87E-E811971B5F4C} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
    Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
    Task: {A9715841-AB9B-4B3A-9692-87890E56B895} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
    Task: {AE420812-EF96-402E-AF6D-0C8D79949860} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
    Task: {AE46FB24-E30C-4775-B8FC-904E39ED4D48} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2013-06-15] (Microsoft Corporation)
    Task: {B097EA9E-911C-4309-8C3D-1B4997E3655A} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe No File
    Task: {C2C5A71F-A5EC-4D1A-B92A-7FB2A626F00E} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
    Task: {C55B2043-5578-4C54-A92F-5D1D2B3F0BED} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
    Task: {C9EBD69A-2EFB-4017-8264-6D32CE4AEFB9} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
    Task: {D15C4743-048B-470F-84D4-214A2F3A0EA6} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
    Task: {D1CB60A8-47DE-4FED-B1BA-AF59505B6A7F} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
    Task: {D601F79C-272D-49F1-A503-04ADEAC9B76A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2013-06-15] (Microsoft Corporation)
    Task: {D6AD20F6-AFFD-47F9-A19C-F6DB42070E79} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
    Task: {D8D82993-5802-4A9A-B99A-9CBFC560A4FA} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
    Task: {E01F8BF5-1956-49BF-B770-F8AB63CB02AA} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
    Task: {E0BC623D-2C36-4F2E-8BF9-A6210F1116D9} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
    Task: {E1183EB1-6E12-427A-BF88-6B79378F1CAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-02] (Google Inc.)
    Task: {E72D32F3-032B-4725-973F-2E9DCE43E7C5} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
    Task: {E974CA30-7DB4-4907-8C2B-A311572BA839} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
    Task: {EBF933C6-ECC6-424D-8E54-F8D56438F4F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-06-15] (Microsoft Corporation)
    Task: {EF11BB0B-37E9-4AE8-9F24-84673786BD5E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-06-15] (Microsoft Corporation)
    Task: {F1DA6E19-D959-4B0E-8D46-EB585F5220FD} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
    Task: {F28968FE-579E-4128-9D20-69FA4CC8E719} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => C:\Windows\system32\rundll32.exe [2013-06-15] (Microsoft Corporation)
    Task: {F2B43BC6-1FCC-421C-9DD2-2F6217F7CA0F} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
    Task: {F750183B-FC93-4D03-B7B9-D60550478E37} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
    Task: {FC6AF5AD-A209-4ED5-B3A2-3C07D8EAC601} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
    Task: {FDA39514-5975-4AEB-9E34-9DF6406E633D} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2013-06-15] (Microsoft Corporation)
    Task: {FDC7FF18-CEF3-41D8-927C-6B8B8F0AE3C8} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2013-06-15] (Microsoft Corporation)
    Task: {FEAF06BF-C601-4665-A32B-CB10A58609CE} - System32\Tasks\Microsoft\Windows\WS\Badge Update
    Task: {FF7F247D-DB06-4999-9A70-CFBC798209EF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001Core.job => C:\Users\ALPINO\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001UA.job => C:\Users\ALPINO\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Faulty Device Manager Devices =============

    Name: Viscosity Virtual Adapter V9.1
    Description: Viscosity Virtual Adapter V9.1
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Sparklabs
    Service: visctap0901
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Viscosity Virtual Adapter V9.1
    Description: Viscosity Virtual Adapter V9.1
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Sparklabs
    Service: visctap0901
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: VMware Virtual Ethernet Adapter for VMnet1
    Description: VMware Virtual Ethernet Adapter for VMnet1
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: VMware, Inc.
    Service: VMnetAdapter
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: VMware Virtual Ethernet Adapter for VMnet8
    Description: VMware Virtual Ethernet Adapter for VMnet8
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: VMware, Inc.
    Service: VMnetAdapter
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Microsoft Kernel Debug Network Adapter
    Description: Microsoft Kernel Debug Network Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: kdnic
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Broadcom 802.11ac Network Adapter
    Description: Broadcom 802.11ac Network Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Broadcom
    Service: BCM43XX
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/30/2013 08:44:56 PM) (Source: Application Error) (User: )
    Description: Faulting application name: AsSysCtrlService.exe, version: 0.0.0.0, time stamp: 0x4cc00d4c
    Faulting module name: KERNELBASE.dll, version: 6.3.9431.0, time stamp: 0x51bcf867
    Exception code: 0x0eedfade
    Fault offset: 0x00013f29
    Faulting process id: 0x600
    Faulting application start time: 0xAsSysCtrlService.exe0
    Faulting application path: AsSysCtrlService.exe1
    Faulting module path: AsSysCtrlService.exe2
    Report Id: AsSysCtrlService.exe3
    Faulting package full name: AsSysCtrlService.exe4
    Faulting package-relative application ID: AsSysCtrlService.exe5

    Error: (07/30/2013 08:42:30 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9431.0_none_4c5a88cade1c4961.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9431.0_none_4c5a88cade1c4961.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9431.0_none_4c5a88cade1c4961.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9431.0_none_4c5a88cade1c4961.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9431.0_none_9407bfa1f2987267.manifest.

    Error: (07/30/2013 07:39:53 PM) (Source: Application Error) (User: )
    Description: Faulting application name: WinPatrolEx.exe, version: 28.5.2013.0, time stamp: 0x51e44da0
    Faulting module name: WinPatrolEx.exe, version: 28.5.2013.0, time stamp: 0x51e44da0
    Exception code: 0xc0000005
    Fault offset: 0x0004cd70
    Faulting process id: 0x688
    Faulting application start time: 0xWinPatrolEx.exe0
    Faulting application path: WinPatrolEx.exe1
    Faulting module path: WinPatrolEx.exe2
    Report Id: WinPatrolEx.exe3
    Faulting package full name: WinPatrolEx.exe4
    Faulting package-relative application ID: WinPatrolEx.exe5

    Error: (07/30/2013 07:39:31 PM) (Source: System Restore) (User: )
    Description: Failed to create restore point (Process = C:\ProgramData\Package Cache\{ab3c86f5-8479-4252-a09b-4ee9ac4d5808}\xtu-setup-exe.exe Cache\{ab3c86f5-8479-4252-a09b-4ee9ac4d5808}\xtu-setup-exe.exe" /modify; Description = Intel Extreme Tuning Utility; Error = 0x8007043c).

    Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
    Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected.

    Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
    Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root namespace does not exist. The query will be ignored.

    Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
    Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root namespace does not exist. The query will be ignored.

    Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
    Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root namespace does not exist. The query will be ignored.

    Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
    Description: Event provider $Core attempted to register query "select * from __ClassOperationEvent" whose target class "__ClassOperationEvent" in //./root namespace does not exist. The query will be ignored.

    Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
    Description: Event provider $Core attempted to register query "select * from __InstanceOperationEvent" whose target class "__InstanceOperationEvent" in //./root namespace does not exist. The query will be ignored.


    System errors:
    =============
    Error: (07/30/2013 11:25:49 PM) (Source: DCOM) (User: ASTOPSO)
    Description: {AB807329-7324-431B-8B36-DBD581F56E0B}

    Error: (07/30/2013 11:25:19 PM) (Source: DCOM) (User: ASTOPSO)
    Description: {AB807329-7324-431B-8B36-DBD581F56E0B}

    Error: (07/30/2013 09:30:47 PM) (Source: DCOM) (User: ASTOPSO)
    Description: {AB807329-7324-431B-8B36-DBD581F56E0B}

    Error: (07/30/2013 09:30:16 PM) (Source: DCOM) (User: ASTOPSO)
    Description: {AB807329-7324-431B-8B36-DBD581F56E0B}

    Error: (07/30/2013 08:44:57 PM) (Source: Service Control Manager) (User: )
    Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

    Error: (07/30/2013 08:44:56 PM) (Source: Service Control Manager) (User: )
    Description: The ASUS System Control Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (07/30/2013 08:44:56 PM) (Source: Service Control Manager) (User: )
    Description: The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

    Error: (07/30/2013 08:44:56 PM) (Source: Service Control Manager) (User: )
    Description: The ASUS Com Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (07/30/2013 08:44:56 PM) (Source: Service Control Manager) (User: )
    Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (07/30/2013 07:40:07 PM) (Source: DCOM) (User: ASTOPSO)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}


    Microsoft Office Sessions:
    =========================
    Error: (07/30/2013 08:44:56 PM) (Source: Application Error)(User: )
    Description: AsSysCtrlService.exe0.0.0.04cc00d4cKERNELBASE.dll6.3.9431.051bcf8670eedfade00013f2960001ce8d7e83d07ed3C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll6b75abc0-f97a-11e2-becf-08606e0e934e

    Error: (07/30/2013 08:42:30 PM) (Source: SideBySide)(User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9431.0_none_4c5a88cade1c4961.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9431.0_none_9407bfa1f2987267.manifestC:\Users\ALPINO\Desktop\SoftonicDownloader_for_mcafee-stinger.exe

    Error: (07/30/2013 07:39:53 PM) (Source: Application Error)(User: )
    Description: WinPatrolEx.exe28.5.2013.051e44da0WinPatrolEx.exe28.5.2013.051e44da0c00000050004cd7068801ce8d7bdbb6c1b9C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrolEx.exeC:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrolEx.exe549ee6b0-f971-11e2-becd-f7f3472e8c43

    Error: (07/30/2013 07:39:31 PM) (Source: System Restore)(User: )
    Description: C:\ProgramData\Package Cache\{ab3c86f5-8479-4252-a09b-4ee9ac4d5808}\xtu-setup-exe.exe Cache\{ab3c86f5-8479-4252-a09b-4ee9ac4d5808}\xtu-setup-exe.exe" /modifyIntel Extreme Tuning Utility0x8007043c

    Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
    Description: //./rootselect * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'0x80041033

    Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
    Description: $Coreselect * from __TimerEvent__TimerEvent//./root

    Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
    Description: $Coreselect * from __SystemEvent__SystemEvent//./root

    Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
    Description: $Coreselect * from __NamespaceOperationEvent__NamespaceOperationEvent//./root

    Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
    Description: $Coreselect * from __ClassOperationEvent__ClassOperationEvent//./root

    Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
    Description: $Coreselect * from __InstanceOperationEvent__InstanceOperationEvent//./root


    CodeIntegrity Errors:
    ===================================
    Date: 2013-07-30 14:33:23.410
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ALPINO\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-07-30 14:33:23.406
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ALPINO\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-07-30 14:32:04.638
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ALPINO\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-07-30 14:32:04.633
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ALPINO\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-07-30 14:31:11.353
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ALPINO\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-07-24 00:06:31.557
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-07-23 22:22:43.734
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-07-23 22:14:10.570
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-07-23 22:13:41.426
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-07-23 22:10:32.251
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Percentage of memory in use: 16%
    Total physical RAM: 8143.14 MB
    Available physical RAM: 6839.39 MB
    Total Pagefile: 16335.14 MB
    Available Pagefile: 14964.13 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.85 MB

    ==================== Drives ================================

    Drive c: (M4SSD-0) (Fixed) (Total:476.55 GB) (Free:356.04 GB) NTFS (Disk=0 Partition=2)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 477 GB) (Disk ID: 93114E71)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=477 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  13. Patryk

    Patryk TS Rookie Topic Starter

    Thanks again Im really trying to get this thing fixed and I appologize for skipping few of your rules :oops:
     
  14. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    [​IMG] Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    [​IMG] What do you use as your AV program?

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     

    Attached Files:

  15. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Still with me?
     
  16. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.